Xss jobs

...React (nice to have), React Flow (nice to have) VS Code Environment Experience Working with databases Understanding securing web applications Practical use of AI tools for development (Copilot, GPT, Claude, etc.) Security Responsibilities (Important) Ability to: Identify vulnerabilities aligned with OWASP Top 10 Review authentication and authorization flows Ensure protection against: SQL Injection, XSS, CSRF Nice to Have Basic DevOps knowledge (deployments, CI/CD, version control workflows) Experience with testing (unit and integration tests) Structured code review practices Ability to create technical documentation Product-oriented mindset Candidate Profile Self-driven and proactive Strong sense of ownership Comfortable working in lean environments English proficiency suffi...

...a project-description field, and submits. • The project instantly appears for vendors inside a paginated list view ordered by newest first. • Any logged-in vendor can open a listing, read the details, and click “Respond” to start a private thread with the client. Essential features • Project description field with rich-text support and a 1 000-character limit. • Server-side validation and XSS protection. • Real-time notifications (email and in-dashboard alerts) to vendors when a new project is posted. • Simple admin screen to view, edit, archive, or delete posted projects. Nice-to-haves (design the code so they can be switched on later): file attachments, budget range input, alternate grid or detailed views. Acceptance criter...

...Backend: Node.js, Strapi (Headless CMS) Database: PostgreSQL Search/Security: Meilisearch, OpenSSL (TLS 1.2+), Non-Google MFA Infrastructure: Docker, AWS/DigitalOcean, GitHub Core Responsibilities: Architecture (WP2): Establish secure containerized environments (Dev/Test/Prod) and a relational database for complex dMRV metrics. Security (WP3): Implement strict data protection protocols, including SQLi/XSS hardening and audit logging. dMRV Logic: Build the engine for automated carbon reduction calculations and verification portals. Documentation (WP4): Maintain a comprehensive GitHub Wiki, , and technical manuals. Requirements: Experience: 5+ years in professional full-stack development Leadership: Proven experience leading at least two similar projects from needs assessment to ...

...bounce rates low Technology expectations Because a Custom-built solution has been chosen, the stack is flexible—Laravel, Node, Django or your preferred framework work for me provided they are scalable and easy to maintain. Please outline why you’d choose your stack, how you will structure the database for product variants and attributes, and what measures you’ll put in place for security (CSRF, XSS, payment data handling, etc.). Deliverables 1. Fully functional site deployed on my hosting environment 2. Source code in a private Git repository with commit history 3. Brief admin guide (adding products, running promotions, basic troubleshooting) 4. Post-launch support window for bug fixes What I need from you • Links to at least two custom...

...Swiper for front-end functionality. Experience with toastr for notification handling. Strong knowledge of RESTful APIs, MySQL, and subscription billing integrations (e.g., Stripe, Razorpay, Paddle). Familiarity with Cloudflare for CDN and security optimization. Ability to troubleshoot and optimize apps in resource-constrained shared hosting environments. Strong understanding of web security (e.g., XSS, CSRF prevention) and performance optimisation. Preferred Skills Experience with for Laravel-Vue integration(if applicable) Familiarity with Laravel Livewire or Filament for admin panel development. Knowledge of Laravel Echo, Redis, or Pusher for real-time features. Experience with testing frameworks (e.g., PHPUnit, Jest) for bug-free delivery. Familiarity with cloud platforms (e...

I am looking for an experienced developer to build a secure login system using PHP, MySQL, and JavaScript. The system should include: - User registration and login with encrypted passwords. - Session management to ensure secure access. - Protection against common security threats (SQL Injection, XSS, CSRF). - Clean and modular code structure for easy maintenance. - Responsive design for desktop and mobile devices. - Clear documentation for future updates. The goal is to create a reliable and professional authentication module that can be integrated into a larger web application.

...Swiper for front-end functionality. Experience with toastr for notification handling. Strong knowledge of RESTful APIs, MySQL, and subscription billing integrations (e.g., Stripe, Razorpay, Paddle). Familiarity with Cloudflare for CDN and security optimization. Ability to troubleshoot and optimize apps in resource-constrained shared hosting environments. Strong understanding of web security (e.g., XSS, CSRF prevention) and performance optimisation. Preferred Skills Experience with for Laravel-Vue integration(if applicable) Familiarity with Laravel Livewire or Filament for admin panel development. Knowledge of Laravel Echo, Redis, or Pusher for real-time features. Experience with testing frameworks (e.g., PHPUnit, Jest) for bug-free delivery. Familiarity with cloud platforms (e...

...(approximately 23 functions) - Storage: photos correct, buckets configured - Auth: email verification enforced - Views: public_profiles shows only active SECURITY AND EXPLOITS: - RLS: can't read/edit others' profiles/contacts/photos - Premium/TOP without payment impossible - listing_type not manipulable client-side - Photo limits server-side enforced - /admin/* blocked for non-admins - SQL injection + XSS via all text fields - Rate limit bypass, IDOR tests - is_adult bypass, verification without ownership - Direct API calls bypassing frontend RESPONSIVE: Mobile iOS+Android, tablet, desktop Chrome/Firefox/Safari/Edge. Images load. Navigation works. Forms usable on mobile. SEO: Unique title+meta per page, OG tags, canonical URLs, , JSON-LD on profiles. CODE REVIEW: Ed...

...Swiper for front-end functionality. Experience with toastr for notification handling. Strong knowledge of RESTful APIs, MySQL, and subscription billing integrations (e.g., Stripe, Razorpay, Paddle). Familiarity with Cloudflare for CDN and security optimization. Ability to troubleshoot and optimize apps in resource-constrained shared hosting environments. Strong understanding of web security (e.g., XSS, CSRF prevention) and performance optimisation. Preferred Skills Experience with for Laravel-Vue integration(if applicable) Familiarity with Laravel Livewire or Filament for admin panel development. Knowledge of Laravel Echo, Redis, or Pusher for real-time features. Experience with testing frameworks (e.g., PHPUnit, Jest) for bug-free delivery. Familiarity with cloud platforms (e...

What might have already done in the website right now • Frontend Website o Modern HTML + CSS interface created (, ) with navigation, forms, and hero section. o Responsive design tested across browsers with consistent layout and theme. • Server Integration o now successfully serves the static public/ directory. o Backend configured using Express, Helmet, CORS, xss-clean, and compression middleware for security and performance. o .env configuration added for local environment variables. • Database Connection o MongoDB connection established and tested using Mongoose (connection success message confirmed). • GitHub Repository o Full backend and frontend code committed and pushed to GitHub smsu-rideshare-backend. o Organized folder structure: controllers/, routes/

I’m ready to bring in a security specialist to run a thorough, manual penetration test on my live e-commerce application. Automated scanners aren’t enough for this engagement—I need human-driven testing that uncovers real-world attack paths. Here’s what I’m looking for: • A full manual assessment covering all SQL Injection, Cross-site Scripting (XSS) and Cross-site Request Forgery (CSRF),Web Application Penetration Testing , Network Penetration Testing Services External or Internal, Web Services Testing, API Testing • Exploitation-level proof of concept for every confirmed issue, with clear, reproducible steps. • A concise risk-ranked report that separates critical, high, medium and low findings, followed by practical remediation advi...

...interface into an existing website. Scope strictly includes: Full functional integration of supplied HTML into existing authentication system Elimination of duplicate, orphaned, or unauthorised account creation Cross-browser compatibility (standard and extended environments, desktop and mobile) Implementation of industry-standard security protocols (input validation, session security, CSRF/XSS protection, data sanitisation) 100% functionality testing on staging environment prior to written approval for production deployment No direct production access or deployment is permitted without staging sign-off. All code, designs, systems, and derivative works remain the exclusive intellectual property of the website owner. No rights are assigned or transferred. Only developers w...

...infrastructure. 2. Load Balancing & Traffic Engineering Application Load Balancer (ALB): Configuring Multi-AZ ALBs to distribute traffic across your backend fleet. Implementation of Internal ALBs specifically for the AI Chatbot layer to ensure it is never exposed to the internet. Perimeter Protection: Integration of AWS WAF with the ALB to enforce SQL injection (SQLi) and Cross-Site Scripting (XSS) protections and rate-limiting. Enforcing TLS 1.2+ at the ALB level for all encrypted transit. 3. Production Reliability & Monitoring Cost Optimization: Implementing a single NAT Gateway (cost-optimized) while maintaining high availability for the private subnets. 3. Observability: Setting up VPC Flow Logs and CloudWatch metrics to monitor the 100-200+ TPS bursts and ensure ...

...interface into an existing website. Scope strictly includes: Full functional integration of supplied HTML into existing authentication system Elimination of duplicate, orphaned, or unauthorised account creation Cross-browser compatibility (standard and extended environments, desktop and mobile) Implementation of industry-standard security protocols (input validation, session security, CSRF/XSS protection, data sanitisation) 100% functionality testing on staging environment prior to written approval for production deployment No direct production access or deployment is permitted without staging sign-off. All code, designs, systems, and derivative works remain the exclusive intellectual property of the website owner. No rights are assigned or transferred. Only developers w...

...technical lead direction, integrate external platforms via APIs and webhooks, and build security and reliability guardrails. This is a hands-on implementation role; we move fast and require proof of skill, not resumes. What You Will Build (Real Work) • Multi-tenant website config service + safe update pipeline • Public config endpoints resolved by Host header • Allowlisted updates only (no raw HTML), XSS-safe sanitization • Audit log + versioning + rollback-ready structure • Webhook integrations with HMAC signature verification • Unit and integration tests and clean PRs Must-Have Skills (Non-Negotiable) You must already be comfortable working daily with the following. Do not apply if you need to learn these on the job: • Strong experience in J...

I’m putting together an academic-grade project that demonstrates how supervised learning can spot common web attacks—specifically SQL Injection, Cross-Site Scripting (XSS), and Distributed Denial-of-Service (DDoS). I will supply a custom dataset; your task is to build, train, and test a Python solution that flags these threats in near-real time. Here’s the flow I have in mind: • Clean and prepare the dataset, outlining the feature-engineering decisions so the process can be repeated or extended later. • Train a supervised model (classical algorithms such as Random Forest, SVM, or a lightweight deep-learning variant if it boosts accuracy). Explain why the chosen approach suits multi-class attack detection. • Evaluate performance with accuracy, p...

...Payment received • New message • Dispute opened Email notifications required. ⸻ 18. Audit Log System (Legal Protection) Tracks every important action: Examples: • Payment created • Funds released • Dispute opened • Admin actions Used for legal protection. ⸻ 19. Security System Required protections: • Rate limiting • Session protection • CSRF protection • SQL injection protection • XSS protection • Login protection ⸻ 20. Withdrawal System Seller can withdraw earnings. Withdrawal methods: • Bank transfer • Stripe payout • Razorpay payout Withdrawal flow: Request → Admin approve → Send money ⸻ 21. Commission System Platform earns commission. Example: Listing price:...

...tiers (subscription-based) Monthly + yearly plans Usage limits per plan (workflows, runs, integrations) Stripe subscriptions (preferred) Customer billing portal (manage plan, invoices, cancel) 6) Security (Non-Negotiable) OWASP best practices Secure auth/session handling Input validation + rate limiting + anti-abuse protections Encrypted storage for tokens/secrets Secure headers, CSRF/XSS protections, dependency hardening Audit logs for important actions Basic security checklist + hardening report at delivery 7) SEO + Public Website Content SEO-friendly marketing site pages (landing, features, pricing, contact) Fast loading, sitemap, metadata, OpenGraph tags Written content for the marketing pages (clear, professional English) Extra Features Needed for Real SaaS ...

...CI/CD pipeline in place, so your familiarity there will keep everything humming. While many of my projects touch Laravel and CodeIgniter, I have no strong preference between the two—use whichever framework lets you move fastest when a micro-service or API endpoint is the better route than pure WordPress. Secure coding matters just as much as speed. Expect to harden every line you write against XSS, CSRF, and SQL-injection vectors. If you have prior exposure to AWS deployments (think EC2 for hosting, S3 for off-site assets, RDS for managed MySQL, and CloudWatch for logs) that will save us both headaches as traffic scales, but I’m happy to walk through my existing setup if you only have partial experience. Typical deliverables on my desk include: • A custom or ex...

...Real-Time Non-Blocking Inference → Alerting & Logging → Incremental Fine-Tuning ======================================== 1. CORE FUNCTIONAL REQUIREMENTS ======================================== A. Multi-Class Attack Detection The Transformer model must classify HTTP requests into: - BENIGN - SQL_INJECTION - XSS - COMMAND_INJECTION - PATH_TRAVERSAL - BRUTE_FORCE - MALWARE - DDOS_PATTERN - ANOMALY (for zero-day / unknown patterns) Output format: { "attack_type": "BENIGN | SQL_INJECTION | XSS | ...", "confidence": 0.0-1.0, "anomaly_score": float, "action": "ALLOW | WARN | BLOCK", "message": "Human-readable security explanation" } =====================================...

I’m ready to bring in a security specialist to run a thorough, manual penetration test on my live e-commerce application. Automated scanners aren’t enough for this engagement—I need human-driven testing that uncovers real-world attack paths. Here’s what I’m looking for: • A full manual assessment covering all SQL Injection, Cross-site Scripting (XSS) and Cross-site Request Forgery (CSRF),Web Application Penetration Testing , Network Penetration Testing Services External or Internal, Web Services Testing, API Testing • Exploitation-level proof of concept for every confirmed issue, with clear, reproducible steps. • A concise risk-ranked report that separates critical, high, medium and low findings, followed by practical remediation advi...

...Sixth: Security & Data: : Full compliance with the Personal Data Protection Law (PDPL) in Saudi Arabia and National Cybersecurity Authority (NCA) standards. : Encryption of all sensitive data (customer info, addresses, payments) using advanced protocols (e.g., AES-256) and securing connections via SSL/TLS. Security: Securing endpoints against attacks (SQL Injection, XSS) and using Two-Factor Authentication (JWT). Residency: Commitment to local data storage within Saudi Arabia as per regulatory requirements. Testing: Delivery of a report proving the system is free of security vulnerabilities, with Audit Logs for all sensitive operations. Support: Commitment to technical support and bug fixes for a period to be agreed upon. :

...encryption of a web application. Testing will focus on identifying potential security risks and providing recommendations for remediation. Scope of Work: • Audit the Authentication/Authorization flow (JWT/Laravel Sanctum). • Test for IDOR and Broken Access Control between user accounts. • Audit API security (integrations with AI and Property Data providers). • Check for OWASP Top 10 vulnerabilities (XSS, SQLi, CSRF). • Check for Insecure Webhooks and Hardcoded Secrets Requirements: • Proven experience with Laravel security. A sample report of a penetration test which you have conducted recently would be preferrable. • What are the certifications held by your company for penetration testing? • Ability to provide a detailed report with �...

I need a lightweight, web-based application that lets me assign tasks to each team member (one or more for a single task) and follow ... Hosting in cloud. 4. A short video or screenshare walk-through confirming every feature works. Acceptance criteria • I can add, edit, assign, and close tasks without page reload errors. • Login and logout flows are secure and session-based. • Dashboard updates reflect the latest status without manual refresh. • Code passes a quick vulnerability scan for common issues (SQL injection, XSS). If you already have a boilerplate you can adapt quickly, great—tell me. Otherwise, outline your proposed stack, timeline, and any questions you still have so we can get started. We are based in New Delhi. Local Developers pr...

...plugins or bloated builders Styling & Frontend Use SASS/SCSS for CSS development Deliver compiled and minified CSS & JavaScript Fully responsive and cross-browser compatible Performance Optimization Optimized page load speed Minified assets and optimized images Clean database queries Core Web Vitals–friendly setup Security WordPress security best practices Protection against common vulnerabilities (XSS, SQL injection, brute force) Secure configuration and file permissions SEO SEO-friendly HTML structure Clean URLs and proper heading hierarchy Schema-ready and performance-optimized for search engines Required Skills Strong experience with WordPress custom theme development Proven experience with ACF Experience with UnderStrap or Bootstrap-based themes PHP, HTML5...

...Sixth: Security & Data: : Full compliance with the Personal Data Protection Law (PDPL) in Saudi Arabia and National Cybersecurity Authority (NCA) standards. : Encryption of all sensitive data (customer info, addresses, payments) using advanced protocols (e.g., AES-256) and securing connections via SSL/TLS. Security: Securing endpoints against attacks (SQL Injection, XSS) and using Two-Factor Authentication (JWT). Residency: Commitment to local data storage within Saudi Arabia as per regulatory requirements. Testing: Delivery of a report proving the system is free of security vulnerabilities, with Audit Logs for all sensitive operations. Support: Commitment to technical support and bug fixes for a period to be agreed upon. :

...entry via virtual keyboard for at least two high-risk actions (password reset, resume download, account deletion). • Secure Logging and Audit – Log all critical actions (authentication, job posting changes, application status updates, admin moderation). – Logs must be tamper-evident using hash chaining or a private blockchain. • Defenses Against Attacks – Protection against SQL injection, XSS, CSRF, session fixation, and session hijacking. Data Storage Compliance – Passwords must be hashed and salted (bcrypt or Argon2). – Plaintext passwords must never be stored. – Sensitive documents must be encrypted with strict access control. • Scalability and Simultaneous Access – The system must support multiple concurrent...

...entry via virtual keyboard for at least two high-risk actions (password reset, resume download, account deletion). • Secure Logging and Audit – Log all critical actions (authentication, job posting changes, application status updates, admin moderation). – Logs must be tamper-evident using hash chaining or a private blockchain. • Defenses Against Attacks – Protection against SQL injection, XSS, CSRF, session fixation, and session hijacking. Data Storage Compliance – Passwords must be hashed and salted (bcrypt or Argon2). – Plaintext passwords must never be stored. – Sensitive documents must be encrypted with strict access control. • Scalability and Simultaneous Access – The system must support multiple concurrent...

...entry via virtual keyboard for at least two high-risk actions (password reset, resume download, account deletion). • Secure Logging and Audit – Log all critical actions (authentication, job posting changes, application status updates, admin moderation). – Logs must be tamper-evident using hash chaining or a private blockchain. • Defenses Against Attacks – Protection against SQL injection, XSS, CSRF, session fixation, and session hijacking. Data Storage Compliance – Passwords must be hashed and salted (bcrypt or Argon2). – Plaintext passwords must never be stored. – Sensitive documents must be encrypted with strict access control. • Scalability and Simultaneous Access – The system must support multiple concurrent...

...movie reviews and ratings • Admin can moderate or remove inappropriate reviews • Super Admin can manage admin accounts and enforce password rotation policies • Audit logs for all actions (logins, review submissions, deletions, role changes) • Notification system for suspicious login attempts Security Requirements (VERY IMPORTANT): • Protection against OWASP Top 10 vulnerabilities (SQL Injection, XSS, CSRF, SSRF, etc.) • Secure session management (HTTPOnly cookies, Secure flags, session timeout) • Password hashing using bcrypt/Argon2 with salting • TLS/SSL enforced for all communications • Input validation and output encoding on all forms • Encrypted data storage for sensitive information using AES • Tamper-evident logging a...

I need a security-minded developer to comb through the codebase of my web application, which mixes legacy PHP with a newer Python/Django API layer. A recent scan showed traces of hidden backdoors and the classic trio of injection issues—SQLi, XSS, and CSRF. Your first task is to locate and eradicate every backdoor, then patch the vulnerable entry points in both stacks without breaking existing features. Once the code is clean, I want the application redeployed to a fresh server image (Ubuntu-based) using best-practice hardening. After deployment, run functional and security regression tests so I can see proof that the patches hold under load and normal usage. Deliverables I must receive: • Sanitised source code with clear commit history • Brief report detailing e...

...and feature coding. First, I’d like you to perform a complete security audit: comb through every file, look for webshells or obfuscated code, review server logs, and check the configuration for common OWASP issues. Any backdoors you locate should be removed, and the vulnerable code that allowed them must be refactored. Next comes vulnerability patching. Parameterize raw SQL queries, neutralize XSS vectors, tighten CSRF protection, and update any outdated libraries—all while keeping everything framework-free and compatible with PHP 8.2 and MySQL 8. Once the codebase is clean, we’ll move on to secondary development. I have a short list of new modules and tweaks that build on existing functionality; you’ll receive detailed specs as soon as the system is de...

We are looking for an experienced Security Engineer / Penetration Tester to perform a pre-production security assessment of a web application. Tech stack Backend: Node.js (Express) Frontend: React Scope Black-box penetration testing against the live application Identification of OWASP Top 10 issues (XSS, SQLi, CSRF, IDOR, auth/session flaws) Authorization & RBAC testing (horizontal / vertical privilege escalation) Dependency security review based on provided files Review of security headers, cookies, and error handling Access Provided Application URL(s) Test user accounts (frontend & backend) Deliverables Security report with findings ranked by severity Clear remediation recommendations Re-test after fixes Requirements Proven experience securing Node.js and

...leaning toward Django because of its mature ecosystem and built-in security features, and I’d like the data persisted in a SQL database. Core features I must see working end-to-end: • Secure user registration, login, and role-based access • RESTful or GraphQL APIs that expose the app’s business logic • Thoughtful UI/UX that adapts smoothly to mobile and desktop • Solid security practices: CSRF, XSS, input validation, password hashing, HTTPS readiness • Performance-minded architecture that can scale without major rewrites Deliverables • React source with reusable components, hooks, and routing • Django project with modular apps, tests, and documented APIs • SQL schema migrations and seed data scripts • Deploy...

...similar—so future updates are painless. Acceptance criteria 1. User and driver apps install from the supplied APKs and pass through login, trip creation, tracking, and completion without crashes. 2. The admin dashboard reflects new and updated trips in real time. 3. All endpoints return the correct HTTP status codes, follow JSON standards, and are secured against common exploits (SQL injection, XSS, etc.). 4. Postman collection and a short read-me fully explain setup and usage. If you have solid experience juggling PHP, Kotlin, MySQL, and RESTful best practices, this should be a straightforward integration job with a quick turnaround....

...assigned tasks and modules Required Skills & Qualifications Strong proficiency in PHP with CodeIgniter (CI 3 / CI 4) Good knowledge of HTML, CSS, JavaScript, jQuery, AJAX Hands-on experience with MySQL / MariaDB Understanding of MVC architecture Experience with REST APIs (development & integration) Familiarity with Linux server environments Knowledge of basic security practices (SQL injection, XSS, CSRF) Experience with Git version control Ability to work independently in an onsite team environment Good to Have (Preferred Skills) Experience with Laravel (added advantage) Knowledge of React / Angular / Vue (basic understanding) Experience in eCommerce, ERP, CRM, or Government projects Exposure to AWS / Cloud hosting Understanding of performance optimization...

...assigned tasks and modules Required Skills & Qualifications Strong proficiency in PHP with CodeIgniter (CI 3 / CI 4) Good knowledge of HTML, CSS, JavaScript, jQuery, AJAX Hands-on experience with MySQL / MariaDB Understanding of MVC architecture Experience with REST APIs (development & integration) Familiarity with Linux server environments Knowledge of basic security practices (SQL injection, XSS, CSRF) Experience with Git version control Ability to work independently in an onsite team environment Good to Have (Preferred Skills) Experience with Laravel (added advantage) Knowledge of React / Angular / Vue (basic understanding) Experience in eCommerce, ERP, CRM, or Government projects Exposure to AWS / Cloud hosting Understanding of performance optimization...

...4s; CLS < 0.1; TTI < 5s; Page size < 1MB gzipped Optimization: Code-splitting by route, lazy loading, image optimization, tree-shaking, minification/compression, service worker caching, CDN 9. SECURITY REQUIREMENTS Auth: JWT Bearer, HttpOnly cookie storage, refresh, auto-logout on expiry Authorization: RBAC, permission checks, route guards, API interceptors Data Protection: HTTPS/TLS1.2+, CSRF, XSS prevention, input/output validation, CSP/secure headers Compliance: Audit logging, activity tracking, user action and auth-failure logs 10. DELIVERABLES BY PHASE Phase 1 (Weeks 1-3): Blazor setup (Web+MAUI), UI component library, layout/nav, auth pages, API service layer, state mgmt, responsive framework, CSS setup Phase 2 (Weeks 4-8): Dashboard, Requests (list/detail/create...

...Technical Specifications & Security • UI/UX: Modern, clean aesthetic using Tailwind CSS. Focus on fast load times and "glassmorphism" elements. • SEO & Speed: Implement Server-Side Rendering (SSR), schema markup for courses, and optimized image delivery. • Security: Enforce SSL throughout. All user data, especially wallet transactions and passwords, must be encrypted (Bcrypt/AES-256). Implement CSRF and XSS protection. 6. Admin Dashboard/User dashbord • Management panel to upload videos, track revenue, manage user wallets, and monitor referral payouts. 7. - Framework: 14+ (React-based) - Language: TypeScript - Styling: Tailwind CSS + shadcn/ui - State Management: Zustand or Redux Toolkit - Animations: Framer Motion - Charts/Analytics: Rechar...

I already run a marketplace powered by the PhpProBid script and now I want a dedicated front end that lets buyers manage auctions smoothly on every major platform. The core is auction management: browsing listings, tracking favourites, setting prox...short video walk-through showing the app connected to a staging server. Acceptance criteria • A buyer can register/login, browse categories, view an item, place a bid and receive confirmation—all without page refreshes. • When a higher offer is placed from another client, push notification appears on the test device within 5 seconds. • Code passes basic security review (no SQL injection or XSS vectors). If you have proven experience with PhpProBid integrations or live auction apps, let’s talk timelines...

My website needs a thorough security health-check. I want an ethical hacker to attempt real-world attacks, document every weakness, and explain how to close the gaps. Standard black-box and grey-box techniques are welcome, and I expect coverage of common web threats—SQL Injection, XSS, broken authentication, misconfigured headers, insecure direct object references, and anything else you uncover. Please probe the live production instance (no staging mirror is available), but keep service disruption to an absolute minimum and notify me immediately if you hit a critical point where downtime is possible. Burp Suite, OWASP ZAP, SQLMap, Nikto, Nmap, or your preferred toolset are all fine as long as your methodology aligns with OWASP Top 10 and produces reproducible results. Delive...

...to identify security vulnerabilities, assess potential attack vectors, and receive clear technical recommendations to improve the overall security posture of the platform. This is a legitimate, authorized security assessment. Written permission will be provided if required. Scope: Reconnaissance and information gathering Web application vulnerability testing (OWASP Top 10) SQL Injection, XSS, authentication and session issues Brute force and rate-limiting tests (non-destructive) Input validation and form sanitization Controlled exploitation (no service disruption) Social engineering, phishing, and physical access are out of scope unless agreed in advance. Deliverables: Clear pentest report List of vulnerabilities with risk levels Proof of concept (when applica...

I am building a feature-rich auction site on SQL Server with a clean MVC architecture and need a developer who can deliver a fast, secure, mobile-responsive exper...server, SQL Server for persistence, clean REST endpoints for future mobile apps, and responsive front-end templates that adapt flawlessly to phones, tablets, and desktops. Acceptance criteria 1. All three portals load under two seconds on 4G. 2. A fresh listing can pass from Seller → Buyer auction → Admin payout without any manual database tweaks. 3. Security tests show no SQL injection, XSS, or auth bypass vulnerabilities. 4. Codebase is handed over in a well-documented repo with build instructions. If you have delivered similar high-traffic auction or marketplace systems, let’s discuss your ap...

...backend with API-driven microservices architecture Integrate video streaming (Cloudflare Stream, Mux, or AWS IVS) Implement AI features: intelligent search, content recommendation, AI assistant, summarization Ensure multi-language support (Arabic & English) Create a flexible admin dashboard for content and user management Optimize performance and Core Web Vitals Maintain security best practices (XSS, CSRF, SQL Injection prevention) Optional / Bonus: Experience with Low-Code tools (FlutterFlow, ) for rapid feature testing is welcome, provided the platform remains custom, scalable, and AI-integrated. Requirements: Proven experience in + React for production platforms Strong backend development skills (Node.js / NestJS / Laravel) Experience integrating AI APIs / LLM...

...backend with API-driven microservices architecture Integrate video streaming (Cloudflare Stream, Mux, or AWS IVS) Implement AI features: intelligent search, content recommendation, AI assistant, summarization Ensure multi-language support (Arabic & English) Create a flexible admin dashboard for content and user management Optimize performance and Core Web Vitals Maintain security best practices (XSS, CSRF, SQL Injection prevention) Optional / Bonus: Experience with Low-Code tools (FlutterFlow, ) for rapid feature testing is welcome, provided the platform remains custom, scalable, and AI-integrated. Requirements: Proven experience in + React for production platforms Strong backend development skills (Node.js / NestJS / Laravel) Experience integrating AI APIs / LLM...

...can enable/disable subdomain per seller 10. UI/UX Requirements Instamart-style ultra-fast interface Minimal, clean, responsive UX Color option: White, Dark Green, Matte Black Highly optimized for speed & caching 11. Analytics & Reports Sales report (seller/category/HSN) Tax/GST report Delivery performance Seller acceptance metrics 12. Security & Compliance Secure payment integration XSS/CSRF protection Rate-limiting for APIs Indian data safety norms Encrypted PII handling New Advanced API Integrations (Mandatory) 14. GST Verification API Real-time verification Auto-fill business name, address, status Store GST data in KYC records Prefill invoice header 15. PAN Verification API Validate PAN via government-approved services Match PAN with name/D...

...Pages** - **Login/Register Pages** - **User Dashboard** - **Admin Dashboard** - **404 Error Page** ### 9. **Email Notifications** (Priority: MEDIUM) - Booking confirmation emails - Payment confirmation emails - Admin notifications for new bookings - Email templates with booking details ### 10. **Security Features** (Priority: HIGH) - Input validation and sanitization - SQL injection prevention - XSS protection - CSRF protection - Rate limiting - Secure session management - for security headers - Secure password storage - OAuth security best practices ### 11. **Image Management** (Priority: MEDIUM) - **Cloudinary integration** for image hosting - Image upload for tours - Image upload for blog posts - Image optimization and resizing - Multiple image support for tours ### 12. *...

Hi , Looking for .NET Code Security Expert is a professional specializing in building and auditing secure applications using Microsoft's .NET framework. Need to focus on secure coding practices, threat mitigation, secure design, validation controls, authentication/authorization, cryptography, and handling vulnerabilities like SQL Injection and XSS to protect against cyber threats, often certified through programs like CASE.NET. They integrate security throughout the Software Development Life Cycle (SDLC) Looking forward to your response. Regards, Dipak

...Complete a thorough security scan (manual review + preferred tools such as Drupal Security Review, OWASP ZAP, or your equivalent). 2. Pinpoint every SQL injection and XSS entry point left in the codebase or database. 3. Patch, update, or re-configure affected core files/settings, ensuring no functionality loss. 4. Provide a concise remediation report outlining: – Location of each vulnerability found – Exact fix applied – Recommended preventive measures for future deployments 5. Run final penetration tests to demonstrate that the site is clean and stable. Acceptance criteria • No detectable SQLi or XSS issues in automated scans and manual testing. • Site functionality intact across all existing user flows. • F...

...Pages** - **Login/Register Pages** - **User Dashboard** - **Admin Dashboard** - **404 Error Page** ### 9. **Email Notifications** (Priority: MEDIUM) - Booking confirmation emails - Payment confirmation emails - Admin notifications for new bookings - Email templates with booking details ### 10. **Security Features** (Priority: HIGH) - Input validation and sanitization - SQL injection prevention - XSS protection - CSRF protection - Rate limiting - Secure session management - for security headers - Secure password storage - OAuth security best practices ### 11. **Image Management** (Priority: MEDIUM) - **Cloudinary integration** for image hosting - Image upload for tours - Image upload for blog posts - Image optimization and resizing - Multiple image support for tours ### 12. *...