Freelance Cybersecurity SpecialistsFreelance Cybersecurity Specialists
ProjectsPeople
Jason Smyth's avatar
Jason Smyth
pro
Copthorne, UK
Cyber expert specialising in Azure Security Services.
$10k+
Earned
4x
Hired
5.0
Rating
13
Followers
Cyber expert specialising in Azure Security Services.
Cover image for Extended Interview Process for CrowdStrike SIEM Specialist
Extended Interview Process for CrowdStrike SIEM Specialist
0
4
Cover image for Setting up and optimising Microsoft Sentinel
Setting up and optimising Microsoft Sentinel
0
33
Cover image for Configure SIEM Security Operation using Microsoft Sentinel
Configure SIEM Security Operation using Microsoft Sentinel
0
26
Cover image for Set up Microsoft Sentinel and Microsoft 365 Lighthouse
Set up Microsoft Sentinel and Microsoft 365 Lighthouse
0
22
Cybersecurity Specialist(6)
Gary Szaszik's avatar
Gary Szaszik
pro
London, UK
B2B Websites for Complex Industrial & Defense Companies
24
Followers
FRAMER_EXPERT

expert

B2B Websites for Complex Industrial & Defense Companies
Cover image for Cybersecurity website hero concept This concept was designed...
Cybersecurity website hero concept This concept was designed to address clarity issues in the existing site. The product and its proprietary technology weren’t coming through clearly, which made it hard for visitors to understand what the platform actually does or why it’s different. Another key challenge was visibility and conversion. Important information was missing, and there was no clear path for interested users to get in touch or take the next step. The goal of this hero was to clearly explain the product, introduce technical depth gradually, surface credibility early, and guide the right users toward action. It didn’t ship in this form as we chose a different visual direction, but it reflects how we approach complex cybersecurity products: clarity first, depth second.
18
167
Cover image for Cybersecurity website hero concept This concept was designed...
Cybersecurity website hero concept This concept was designed to address clarity issues in the existing site. The product and its proprietary technology weren’t coming through clearly, which made it hard for visitors to understand what the platform actually does or why it’s different. Another key challenge was visibility and conversion. Important information was missing, and there was no clear path for interested users to get in touch or take the next step. The goal of this hero was to clearly explain the product, introduce technical depth gradually, surface credibility early, and guide the right users toward action. It didn’t ship in this form as we chose a different visual direction, but it reflects how we approach complex cybersecurity products: clarity first, depth second.
2
30
238
Cover image for Cybersecurity website hero concept This concept was designed...
Cybersecurity website hero concept This concept was designed to address clarity issues in the existing site. The product and its proprietary technology weren’t coming through clearly, which made it hard for visitors to understand what the platform actually does or why it’s different. Another key challenge was visibility and conversion. Important information was missing, and there was no clear path for interested users to get in touch or take the next step. The goal of this hero was to clearly explain the product, introduce technical depth gradually, surface credibility early, and guide the right users toward action. It didn’t ship in this form as we chose a different visual direction, but it reflects how we approach complex cybersecurity products: clarity first, depth second.
22
194
Cover image for Cybersecurity website hero concept This concept was designed...
Cybersecurity website hero concept This concept was designed to address clarity issues in the existing site. The product and its proprietary technology weren’t coming through clearly, which made it hard for visitors to understand what the platform actually does or why it’s different. Another key challenge was visibility and conversion. Important information was missing, and there was no clear path for interested users to get in touch or take the next step. The goal of this hero was to clearly explain the product, introduce technical depth gradually, surface credibility early, and guide the right users toward action. It didn’t ship in this form as we chose a different visual direction, but it reflects how we approach complex cybersecurity products: clarity first, depth second.
2
16
125
Cybersecurity Specialist(4)
Ahmed Khan's avatar
Ahmed Khan
Lahore, Pakistan
Cybersecurity specialist with ability to identify flaws
New to Contra
Cybersecurity specialist with ability to identify flaws
Cover image for I discovered a stored cross-site
I discovered a stored cross-site scripting (XSS) vulnerability in a practice web application's comment section that allowed me to inject malicious JavaScript that would execute in any user's browser. By submitting a comment containing a script payload, I successfully stole session cookies from other users and could have hijacked their accounts, performed actions on their behalf, or defaced the website. This finding was documented in a comprehensive report including proof-of-concept screenshots showing cookie theft, CVSS risk scoring of 6.5 (Medium), and step-by-step remediation guidance including input sanitization and output encoding. This assessment demonstrates my ability to find client-side vulnerabilities that can compromise every user visiting the site.
0
3
Cover image for I discovered a SQL injection
I discovered a SQL injection vulnerability in a practice web application that allowed me to bypass the login system and access the entire user database without any credentials. By inserting a simple payload into the username field, I successfully logged in as the first user in the database and extracted sensitive information including usernames, password hashes, and user email addresses. This finding was documented in a detailed report with proof-of-concept screenshots, risk analysis showing potential data breach impact, and step-by-step remediation guidance including parameterized queries and input validation. This assessment demonstrates my ability to find critical database vulnerabilities that could expose thousands of customer records.
0
5
Cover image for During a security assessment of
During a security assessment of a practice web application, I discovered an exposed FTP directory with directory listing enabled, revealing multiple sensitive files including a password database, backup configurations, compiled source code, and error logs. After finding a clue in robots.txt, I navigated to the /ftp directory and documented over ten exposed files with their associated risks. My final report included an executive summary, detailed findings with screenshots, risk ratings for each exposed file, and step-by-step remediation guidance including disabling directory listing and removing sensitive data. This finding highlights how simple misconfigurations can lead to critical data exposure.
0
12
Cover image for I discovered an Insecure Direct
I discovered an Insecure Direct Object Reference (IDOR) vulnerability in a practice web application that allowed unauthorized users to access other people's private snippets simply by changing a number in the URL. Using whatweb and manual inspection, I identified parameter tampering points and successfully accessed private data for five different users without authentication. The finding was documented in a comprehensive report including executive summary, technical details with screenshots, CVSS risk scoring, and step-by-step remediation instructions. This assessment demonstrates my ability to find broken access controls that automated tools miss and deliver clear, actionable fixes.
0
14
Cybersecurity Specialist(4)
Chimdiebube Egereonu's avatar
Chimdiebube Egereonu
Owerri, Nigeria
Web Security Analyst & OSINT Specialist
New to Contra
Web Security Analyst & OSINT Specialist
Cover image for WordPress Security Hardening & Malware Prevention Security a...
WordPress Security Hardening & Malware Prevention Security audit for a business portfolio website running legacy infrastructure. Findings: Outdated Software: Identified CMS version 4 years out of date, exposing the site to known CVEs. Plugin Vulnerabilities: Detected vulnerable versions of Elementor susceptible to Stored XSS. Directory Traversal: Public access enabled on plugin directories. Solution: Provided a roadmap for updating the core CMS, patching plugins, and implementing .htaccess rules to block directory browsing.
1
20
Cover image for Critical Information Disclosure (Server Logs) Identified a C...
Critical Information Disclosure (Server Logs) Identified a Critical (P1) data leak in an educational management portal. The Finding: Exposed Laravel Debug Logs (laravel.log). Technical Details: The server was misconfigured to allow public "Directory Listing" on the storage folder. This exposed a 5MB log file containing: Full Database Schema. Backend Stack Traces. Hardcoded default user credentials. Remediation: Advised the internal team to disable directory indexing and restrict access to the /storage/ directory immediately.
1
20
Cover image for WAF Bypass & XSS Discovery for E-Commerce Platform Conducted...
WAF Bypass & XSS Discovery for E-Commerce Platform Conducted a black-box security assessment for a high-traffic e-commerce marketplace (10M+ users). The Finding: Reflected Cross-Site Scripting (XSS) in the search functionality. Technical Details: The application employed a Web Application Firewall (WAF) that stripped standard XSS vectors (parentheses). I successfully bypassed this filter using ES6 Template Literals (backticks) to execute JavaScript. Impact: Reported a P2 Vulnerability that could allow account takeover via session cookie theft. Status: Reported via Vulnerability Disclosure Program (VDP).
1
22
Cover image for Custom OSINT Automation Tool (Python) I developed a custom P...
Custom OSINT Automation Tool (Python) I developed a custom Python utility to automate the reconnaissance phase of security assessments. Problem: Manual Google Dorking and server status checking consumes valuable time during an audit. Solution: I wrote a Python script utilizing urllib and webbrowser modules to: Automate complex Google Dork queries for finding exposed environment files and admin panels. Batch-process server status checks (HTTP 200/403/404) to identify live targets instantly. Outcome: Reduced reconnaissance time by 90% for large-scope targets.
2
18
Cybersecurity Specialist(4)