Posted today
Unspecified
Unspecified
IT - Security
Remote/Hybrid•Brussels, Belgium (On/Off-Site)
Perform Grey Box penetration testing in isolated, non-production environments (pre-prod, development, or equivalent) unless explicit authorization is granted for production access.
Conduct testing in alignment with the OWASP Application Security Verification Standard (ASVS).
Assess security controls including authentication, access control, session management, input validation, business logic, API security, cryptography, logging, and configuration/file access.
Adhere to clearly defined scope boundaries, including approved URLs, APIs, systems, account types, and privilege levels.
Follow agreed permitted and prohibited testing techniques, with defined escalation and incident reporting procedures.
Provide a detailed findings report with CVSS scoring for all identified vulnerabilities.
Include step-by-step proof of concept, supported by screenshots, logs, or payloads as evidence.
Deliver root cause analysis, business impact assessment, and remediation guidance aligned with OWASP ASVS and secure coding principles.
Demonstrate proficiency with security testing tools such as Burp Suite, Nmap, SQLMap, and similar industry-standard tools.
Conduct testing in alignment with the OWASP Application Security Verification Standard (ASVS).
Assess security controls including authentication, access control, session management, input validation, business logic, API security, cryptography, logging, and configuration/file access.
Adhere to clearly defined scope boundaries, including approved URLs, APIs, systems, account types, and privilege levels.
Follow agreed permitted and prohibited testing techniques, with defined escalation and incident reporting procedures.
Provide a detailed findings report with CVSS scoring for all identified vulnerabilities.
Include step-by-step proof of concept, supported by screenshots, logs, or payloads as evidence.
Deliver root cause analysis, business impact assessment, and remediation guidance aligned with OWASP ASVS and secure coding principles.
Demonstrate proficiency with security testing tools such as Burp Suite, Nmap, SQLMap, and similar industry-standard tools.
group id: 10448332
