Freelancers using Burp Suite
Freelancers using Burp Suite
Sign Up
Post a job
Sign Up
Log In
Filters
1
Projects
People
Dragos Moruz
Timișoara, Romania
Seasoned cybersecurity leader.
5.0
Rating
4
Followers
Follow
Message
Seasoned cybersecurity leader.
1
Free Vulnerability Scanning Demo - Instant Security Insight
1
26
2
Firewall Configuration & Rule Review
2
17
1
Security Testing for iOS and Android Mobile Applications
1
14
1
Automated Vulnerability Scanning and Security Assessment
1
9
Burp Suite
(7)
Follow
Message
Pradyumn Tiwari
Meerut, India
VAPT Specialist | Bug Bounty Hunter | Security Researcher
New to Contra
Follow
Message
VAPT Specialist | Bug Bounty Hunter | Security Researcher
0
Security Vulnerability Disclosure & Remediation Identified and responsibly disclosed a security vulnerability to the organization's security team. After review, the issue was validated and a fix was successfully implemented. Outcome: • Vulnerability confirmed by the security team • Remediation implemented • Responsible disclosure process followed • Reward approved and under processing Skills: Web Application Security Vulnerability Assessment Responsible Disclosure Bug Bounty Hunting Security Research
0
40
0
Private Bug Bounty Program – Security Research Identified and responsibly disclosed a valid security vulnerability through a private bug bounty program. The finding was reviewed and accepted by the organization's security team, resulting in a $250 bounty reward. Highlights: • Vulnerability successfully validated • Responsible disclosure process followed • Direct collaboration with the security team • $250 bug bounty reward received Skills: Web Security, Vulnerability Research, Ethical Hacking, Responsible Disclosure, Bug Bounty Hunting
0
41
0
Security Vulnerability Discovery & Responsible Disclosure Identified and responsibly disclosed a security vulnerability affecting user data privacy. Worked directly with the security team to validate the issue, provide technical details, and support remediation efforts. Result: • Vulnerability successfully validated • Security issue fixed by the organization • Received a £150 bug bounty reward • Followed responsible disclosure practices Skills: Web Security, Vulnerability Assessment, Responsible Disclosure, Bug Bounty Hunting, Security Research
0
37
0
Hall of Fame and Security Disclosure Achievements
0
16
Burp Suite
(4)
Follow
Message
MD MESBAUL ISLAM
Dhaka, Bangladesh
Certified Penetration Tester | Web, Mobile & API Sec. Expert
New to Contra
Follow
Message
Certified Penetration Tester | Web, Mobile & API Sec. Expert
0
Mobile Application Penetration Testing (VAPT) Conducted a comprehensive Mobile Application Penetration Test to assess the security of Android/iOS applications and their backend APIs. Identified and validated multiple Critical and High-risk vulnerabilities through manual and automated testing. Scope of Work: OWASP Mobile Top 10 testing Authentication & authorization testing API security assessment Insecure data storage analysis SSL/TLS & certificate pinning validation Session management and business logic testing Professional VAPT reporting with PoC and remediation guidance Outcome: Delivered a detailed VAPT report with verified findings, business impact analysis, proof of concept (PoC), and prioritized remediation recommendations to help improve the application's security and resilience against real-world attacks.
0
12
1
Web Application Vulnerability Assessment & Penetration Testing (VAPT) Performed a comprehensive Web Application VAPT to identify and validate security vulnerabilities through manual and automated testing. The assessment uncovered multiple Critical and High-risk vulnerabilities that could lead to unauthorized access, data exposure, and business impact. Scope of Work: OWASP Top 10 security testing Authentication & authorization testing API security assessment Session management analysis Business logic testing Manual exploitation and validation Professional VAPT reporting with risk ratings, PoC, and remediation guidance Outcome: Delivered an executive-level security report containing verified findings, proof of concept (PoC), business impact analysis, and actionable remediation recommendations, enabling the client to strengthen their overall security posture.
1
62
0
Account Takeover (ATO) via Token Vulnerability Identified a critical Account Takeover (ATO) vulnerability during web application and API penetration testing of a financial platform. By exploiting insecure token validation, I gained unauthorized access to user accounts without credentials. Key Findings: Weak token validation Missing session/device binding No token expiration or rotation Impact: Unauthorized account access, financial data exposure, and fraud risk. Outcome: Delivered a professional VAPT report with proof of concept (PoC), risk assessment, and remediation recommendations based on OWASP best practices.
0
21
0
Capture The Flag (CTF) Challenge Development & Competition Support Designed and developed hands-on Capture The Flag (CTF) challenges for cybersecurity competitions, covering multiple domains such as web exploitation, cryptography, reverse engineering, OSINT, forensics, and binary exploitation. Assisted in planning, testing, and hosting the competition to ensure a smooth participant experience. Responsibilities: Created original CTF challenges with varying difficulty levels Developed flags, hints, and challenge validation Tested challenges for stability and fairness Assisted with competition infrastructure and event support Prepared write-ups and solutions for post-event learning Outcome: Successfully contributed to a well-organized CTF event that provided participants with practical, real-world cybersecurity challenges and an engaging learning experience.
0
8
Burp Suite
(3)
Follow
Message
TRUSTLAYER LABS
Hyderabad, India
VAPT Specialist helping SaaS & FinTech companies secure Web
New to Contra
Follow
Message
VAPT Specialist helping SaaS & FinTech companies secure Web
0
Conducted security assessment for a SaaS platform to identify vulnerabilities across application, API, and cloud infrastructure. Focus was on securing early-stage products handling user authentication, data storage, and third-party integrations. Assessment covered: • Authentication and authorization security review • API security testing • Cloud configuration security checks • Data protection risk analysis • OWASP Top 10 vulnerability assessment • Business logic security review Approach included manual penetration testing and configuration analysis to identify risks commonly exploited in SaaS environments. Deliverables: • Startup-friendly security report • Risk prioritization based on business impact • Actionable remediation checklist • Recommendations for secure architecture improvements Tools used: Burp Suite Postman OWASP ZAP Nmap Outcome: Helped startup strengthen security foundation, improve user trust, and prepare for enterprise client security requirements.
0
24
0
Web Application Security Testing – OWASP Top 10 Description Performed comprehensive Web Application Security Testing to identify vulnerabilities that could expose sensitive data or compromise application integrity. Testing methodology followed OWASP Top 10 security standards focusing on the most critical risks in modern web applications. Scope included: • SQL Injection vulnerability testing • Cross-Site Scripting (XSS) detection • Authentication and session management testing • Security misconfiguration analysis • Sensitive data exposure risks • Cross-Site Request Forgery (CSRF) testing • Broken access control validation Manual penetration testing combined with automated scanning tools helped simulate real-world attack scenarios. Deliverables: • Detailed VAPT report with risk severity levels • Proof of Concept (PoC) for identified vulnerabilities • Step-by-step remediation guidance • Security best practice recommendations Tools used: Burp Suite OWASP ZAP Nikto Nmap Outcome: Improved application security posture and ensured readiness for client security audits and compliance requirements.
0
19
0
VAPT Security Testing – Project Description Conducted end-to-end Vulnerability Assessment & Penetration Testing (VAPT) to identify security weaknesses in web applications, APIs, and backend systems. Testing focused on OWASP Top 10 vulnerabilities and real-world attack scenarios that could impact confidentiality, integrity, and availability of sensitive data. Scope included: • Authentication and session management testing • Authorization and access control validation • Input validation and injection vulnerability testing • Security misconfiguration assessment • Sensitive data exposure analysis • API endpoint security testing • Business logic vulnerability testing Methodology involved a combination of automated scanning tools and manual penetration testing techniques to simulate attacker behavior. Key outcomes: • Identified critical, high, and medium risk vulnerabilities • Delivered detailed security assessment report • Provided Proof of Concept (PoC) for vulnerabilities • Shared clear remediation guidance for development teams • Improved overall application security posture Tools used: Burp Suite OWASP ZAP Nmap Nikto Postman Result: Strengthened application security, reduced risk of cyber attacks, and improved readiness for compliance and client security audits.
0
28
0
Performed comprehensive API Security Testing to identify vulnerabilities that could expose sensitive data or allow unauthorized access. Assessment focused on OWASP API Top 10 risks including: • Broken Object Level Authorization (BOLA) • Broken Authentication • Excessive Data Exposure • Security Misconfiguration • Injection vulnerabilities • Improper Rate Limiting Testing methodology included manual penetration testing and automated vulnerability scanning to simulate real-world attack scenarios. Key outcomes: • Identified critical and high-risk vulnerabilities • Provided detailed remediation guidance for developers • Improved API security posture and reduced risk of data breaches • Ensured compliance readiness for security audits Deliverables included: • Detailed VAPT report • Risk severity classification • Proof of concept (PoC) for vulnerabilities • Step-by-step mitigation recommendations Tools used: Burp Suite, Postman, OWASP ZAP, Nmap
0
27
Burp Suite
(4)
Follow
Message
Guilherme Farinassi
São Paulo, Brazil
Penetration Tester & Security Researcher | Web, Mobile & API
New to Contra
Follow
Message
Penetration Tester & Security Researcher | Web, Mobile & API
2
Bug Bounty Research - Web Vulnerability Discovery Conducted independent bug bounty research on public VDP and paid programs (Bugcrowd/HackerOne). Discovered and reported multiple valid vulnerabilities including IDOR exposing PII, stored XSS in user-controlled fields, SSRF via internal metadata endpoint, authentication bypass via JWT manipulation, and sensitive data exposure through misconfigured S3 buckets. Findings spanned government agencies, SaaS platforms, and financial services targets. Documented all findings with full reproduction steps, CVSS scoring, and business impact analysis following responsible disclosure guidelines.
2
52
2
API Security Assessment - REST and GraphQL Endpoints Performed a black-box API security assessment covering REST and GraphQL endpoints for a fintech platform. Identified BOLA/IDOR vulnerabilities allowing unauthorized access to other users financial data, mass assignment flaws exposing admin-only fields, broken function-level authorization on privileged endpoints, and GraphQL introspection exposing internal schema. Also found SSRF via webhook URL parameter and JWT algorithm confusion (RS256 to HS256). Delivered OWASP API Top 10 aligned report with curl-based PoC for each finding and remediation guidance.
2
43
2
Mobile Application Pentest - Android Banking App Conducted a full black-box mobile penetration test on an Android banking application following OWASP MASTG methodology. Identified 17 vulnerabilities including 5 critical findings: hardcoded AES encryption keys in SharedPreferences, SSL pinning bypass via Frida instrumentation, root detection bypass via LIEF binary patching, exported Activities without permission checks, and sensitive data exposed in Logcat. Delivered MASTG-aligned report with CVSS scoring and PoC code for all critical findings.
2
52
2
Web Application Pentest — Insurance Portal Conducted a full black-box web application penetration test on an insurance client portal. Identified 11 vulnerabilities including 3 critical findings: unauthenticated access to customer PII (CPF, phone, address), broken authentication allowing account takeover, and exposed debug endpoints with Facelets stack traces. Delivered a structured report with CVSS scoring, PoC for each finding, and prioritized remediation guidance. All critical findings were reproduced and confirmed in a retest cycle. Stack targeted: Java EE, REST APIs, JWT auth, LGPD-sensitive data.
2
61
Burp Suite
(4)
Follow
Message
Muhammad Mushlih
Indonesia
Certified Penetration Tester 🛡️
1x
Hired
5
Followers
Follow
Message
Certified Penetration Tester 🛡️
0
Burp Suite Certified Practitioner (BSCP)
0
18
0
Penetration Testing / Vulnerability Assessment
0
34
0
Penetration Testing / Vulnerability Assessment
0
66
0
Cloudflare bypass test for security testing or scraping
0
22
Burp Suite
(3)
Follow
Message
Olawale Olufemi
Lagos, Nigeria
Expert Cybersecurity Engineer & Penetration Tester
Follow
Message
Expert Cybersecurity Engineer & Penetration Tester
0
Detailed Vulnerability Assessment for a Financial Institution
0
26
0
Penetration Testing for a Global E-commerce Platform
0
19
1
Security Hardening for Healthcare Systems
1
25
View more →
Burp Suite
(3)
Follow
Message
Nitin Yadav
Gurugram, India
Top-Notch Cybersecurity & Penetration Testing
Follow
Message
Top-Notch Cybersecurity & Penetration Testing
0
Pen-Test for Real Estate Marketing Platform
0
2
0
Security Assessment of Satellite Comm GUI System
0
3
0
Comprehensive Web Application Penetration Testing
0
1
View more →
Burp Suite
(3)
Follow
Message
Explore people