Functional Security Tester/Penetration Tester Job Posting
| Job Title: | Functional Security Tester/Penetration Tester |
| Company: | Ideareboot |
| Position Type: | Contract |
| Pay Rate: | Open |
| Skills: | HP Software, Nessus, Tamper Data, BurpSuite Pro |
| Date Posted: | Nov-04-09 |
Browse Similar Postings
By employer...
- Jobs from Ideareboot
By location...
- telecommute jobs
By category...
- Functional Security Tester/Penetration Tester jobs
- Systems Security jobs
- IT Contract jobs
By career level...
- Mid-level Systems Security jobs
- Mid-level Tech jobs
By skillset...
- HP Software
- Nessus
- Tamper Data
- BurpSuite Pro
Functional Security Testing By employer...
- Jobs from Ideareboot
By location...
- telecommute jobs
By category...
- Functional Security Tester/Penetration Tester jobs
- Systems Security jobs
- IT Contract jobs
By career level...
- Mid-level Systems Security jobs
- Mid-level Tech jobs
By skillset...
- HP Software
- Nessus
- Tamper Data
- BurpSuite Pro
Remote with 20% travel
6+ months contract
· Input validation bypass -- Client side validation routines and bounds-checking restrictions are removed to ensure controls are implemented on all application parameters sent to the server.
· SQL injection -- Specially crafted SQL commands are submitted in input fields to validate input controls are in place to properly protect database data.
· Cross-site scripting -- Active content is submitted to the application in an attempt to cause a user's web browser to execute unauthorized and unfiltered code. This test is meant to validate user input controls.
· Parameter tampering - Query strings, POST parameters, and hidden fields are modified in an attempt to gain unauthorized access to user data or application functionality.
· Cookie poisoning -- Data sent in cookies is modified in order to test application response to receiving unexpected cookie values.
· Session hijacking -- Client attempts to take over a session established by another user to assume the privileges of that user.
· User privilege escalation -- Client attempts to gain unauthorized access to administrator or other users' privileges.
· Credential manipulation -- Client modifies identification and authorization credentials in an attempt to gain unauthorized access to other users' data and application functionality.
· Forceful browsing -- Client enumerates files located on a web server in an attempt to access files and user data not explicitly shown to the user within the application interface.
· Backdoors and debug options -- Many applications contain code left by developers for debugging purposes. Debugging code typically runs with a higher level of access, making it a target for potential exploitation. Application developers may leave backdoors in their code. Client Business will identify these options that could potentially allow an intruder to gain additional levels of access.
· Configuration subversion -- Improperly configured web servers and application servers are common attack vectors. Client assesses the software features, as well as the application and server configuration for poor configurations.
Tools
· HP Software (Formally SPI Dynamics) WebInspect
· Nessus (Infrastructure Testing)
· Tamper Data
· BurpSuite Pro
Regards,
--------------------------------------------------------------------------------
Vikas Kanoongo
Recruitment | Sales
IdeaReboot
9055 SW 73rd CT, Unit 1409
Miami, Florida 33156 United States
vkanoongo@ideareboot.com | Work: 315.683.3001 | Fax: 305.397.2534
Join My Linkedin Network http://www.linkedin.com/in/vikaskanoongo
Follow our latest available jobs on Twitter http://twitter.com/ideareboot
| Location: | - |
| Telecommute: | Yes |
| Contact Name: | Vikas |
| Contact Phone: | 315.683.3001 |
| Contact Email: | vkanoongo@ideareboot.com |
| URL: | http://www.ideareboot.com |
©2003-2009 Dev Bistro
·
About Us
