The network for creativity
Join 1.25M professional creatives like you
Connect with clients, get discovered, and run your business 100% commission-free
Creatives on Contra have earned over $150M and we are just getting started
Back to feedPost
Performed comprehensive API Security Testing to identify vulnerabilities that could expose sensitive data or allow unauthorized access.
Assessment focused on OWASP API Top 10 risks including:
• Broken Object Level Authorization (BOLA)
• Broken Authentication
• Excessive Data Exposure
• Security Misconfiguration
• Injection vulnerabilities
• Improper Rate Limiting
Testing methodology included manual penetration testing and automated vulnerability scanning to simulate real-world attack scenarios.
Key outcomes:
• Identified critical and high-risk vulnerabilities
• Provided detailed remediation guidance for developers
• Improved API security posture and reduced risk of data breaches
• Ensured compliance readiness for security audits
Deliverables included:
• Detailed VAPT report
• Risk severity classification
• Proof of concept (PoC) for vulnerabilities
• Step-by-step mitigation recommendations
Tools used:
Burp Suite, Postman, OWASP ZAP, Nmap
The network for creativity
Join 1.25M professional creatives like you
Connect with clients, get discovered, and run your business 100% commission-free
Creatives on Contra have earned over $150M and we are just getting started
Related posts
Hello everyone. ☕️I’d also like to share that I train software testers and help them improve their professional skills through a program I partially present here. This will give you a clear understanding of the level of service we provide to our clients.🌷
- Performance Testing. Test Suite
Types of performance testing and how websites work.
Client-server architecture, HTTP requests, and responses.
Installing and configuring JMeter for performance testing.
Creating load scenarios, analyzing metrics, and reporting.
Installing Java and working with CMD/Terminal.
- Security Testing. API Testing. Collections
Cybersecurity basics and causes of web vulnerabilities.
QA strategies for building secure systems.
Checklist-based testing to prevent hacks and data leaks.
Working with Postman and Swagger: API requests and analysis.
MySQL databases and SQL for direct data validation.
- AI Application Testing
Differences between AI testing and traditional software testing.
Testing strategies for CV (vision), NLP (text), and generative systems.
Methods for testing LLMs without a ground truth.
Evaluating AI quality using metrics (e.g., F1 Score).
QA as an analyst and UX researcher in AI projects.
- Automated Testing: Selenium / Java / Git
Purpose and effectiveness of automated testing.
Working with Selenium WebDriver.
Java basics for writing reliable test scripts.
Creating, running, and analyzing automated tests.
Working with Git: commits and branch management.
- Agile
Understanding Agile: flexibility, iterations, and feedback.
Scrum methodology: User Stories, Backlog, and sprints.
Daily Scrum practice and task visualization on a Scrum board.
Sprint Retrospectives for improving processes and efficiency.
After 7 years in Consulting at Accenture I felt it was high time to work for myself, here's just one of the projects I've worked on for a major UK Government client, this client liked my work so much I went on to do another 2 projects for them 😍
Cybersecurity Project Manager for a UK Government client on behalf of Accenture.
My duties included the following:
▪ Led key projects aligned with the client's strategic goals, showcasing project leadership and strategic alignment capabilities.
▪ Successfully led and managed...
looks fantastic 👌
AegisGate is an asynchronous, high-performance MQTT proxy built in Rust, designed to protect downstream IoT brokers (like EMQX) from malicious actors and traffic surges.
Acting as a secure perimeter, it performs deep packet inspection, strict protocol validation, and per-IP rate limiting before allowing connections to pass through to the broker. This ensures that only authorized, well-formed machine data reaches the infrastructure, preventing DDoS attacks and resource exhaustion while maintaining zero-copy, high-concurrency I/O via the Tokio runtime.
Challenges
View all
Fuser Co-create
$5K6h 05m left345 participants
Morphic Workflows
$10K3d left271 participants
Zo Computer Challenge
$10K3d left561 participants
Anything Ship & Sell Remixathon
$10K10d left189 participants
Impossible UI with Rive
$10K10d left121 participants
Runway $100k Big Pitch Challenge
$100K10d left194 participants
Trending
Runway
AI video generation is exploding. What are you dreaming up in Runway?
Contra University
Learn from expert creatives how to earn more using next-gen AI tools.
creativeaiflow
Creative AI workflows are evolving. What tools do you use, and what are their strengths and weaknesses?
portfolioreview
The best portfolios tell a story, not just show a grid. Share yours for feedback.
freelancerlife
Freelancer life is wins, pivots, and everything in between. What’s yours right now?