Websicherheit Jobs

Ich habe eine Domain und auch bereits eine fertige Seite als installierbaren Script. Aufgrund von meiner Sicherheit möchte ich es so einrichten das ich so gut wie möglich anonym das ganze hosten kann. Und auch per VPN oder anderen Tunnel Möglichkeit drauf zugreifen können. Ein VPS wäre ideal mit einer OS wo ich drauf auch ins Internet gehen kann und dort die Accounts verwalten etc. Die vorhandene Domain würde dann auf den neuen sicheren Anbieter umziehen.

I’m looking to build an AI-powered software requirement assistant as a full-stack web application. The goal is to help users turn rough ideas into clear, structured software requirements through a conversational interface. The system should guide users with intelligent follow-up questions and generate well-defined outputs such as feature lists, user stories, and functional and non-functional requirements. AI integration will be handled using Gemini and ChatGPT, with a Dialogflow-based bot managing natural language conversations. The application will include two dashboards. A user dashboard for registered users to sign up and log in using email + OTP, start new requirement sessions, view previous conversations, and export generated requirements. An admin dashboard will allow manageme...

My custom ERPNext / Frappe application is live and handling sensitive business data, so I need a thorough application-level penetration test carried out strictly under OWASP methodology. The scope is the full web stack exposed by the app: all HTTP(S) endpoints, client-side code, server-side logic and the REST API. Please exercise the assessment as a real-world attacker would—manual testing supported by tools such as Burp Suite, OWASP ZAP, or equivalent—then document every confirmed vulnerability with clear reproduction steps and risk ratings. Where possible, include a practical fix or mitigation I can implement directly in the Frappe framework. Deliverables • Executive-level summary (non-technical) • Detailed technical report covering findings mapped to OWASP To...

I am launching a new cross-platform VPN that has to stand shoulder-to-shoulder with NordVPN, ExpressVPN and the rest of the current market leaders. The finished product will ship as two native clients—one for Google Play, one for the App Store—built on the same secure core. Security is non-negotiable: the tunnel must run AES-256 with WireGuard, enforce a true No-Logs policy and expose a Kill Switch. On performance, I expect consistently high speeds and smart routing logic that automatically selects the fastest exit without user input. From the first launch the experience needs to feel effortless: one-tap connect, a clean, modern UI in line with the guidelines at , and an auto-reconnect that silently restores protection after any drop. To differentiate, I also want native ...

I’m looking for a seasoned ethical hacker to walk me through a full-scale security consultation. My end goal is to understand where my current defenses fall short and what concrete steps I should take next. Here’s what I need from you: • An initial review session where we discuss my existing environment, assets and risk tolerance. • A structured security assessment—penetration-testing techniques, threat modeling or code review—tailored to my setup. • A clear, prioritized remediation roadmap with short-term quick wins and longer-term strategic fixes. • A follow-up call to make sure I’ve interpreted and implemented your recommendations correctly. I’m open to exploring network, application or database security—whichever you...

Busco un desarrollador WordPress senior, con fuerte enfoque en arquitectura, rendimiento y escalabilidad, para la Fase 1 (foundation técnica) de un proyecto llamado Animotion World. Animotion World es una plataforma internacional relacionada con animación que comenzará con un sitio web tipo concurso, pero está pensada para evolucionar por fases (usuarios, envíos, votaciones, etc.). IMPORTANTE: esta fase NO es una web completa ni un proyecto de diseño visual. El objetivo es construir una base técnica sólida, no una web de marketing. Alcance – Fase 1 Instalación y configuración limpia de WordPress Estructura base del sitio (4 páginas): Home About Contest overview Basic info / FAQ Maquetación s...

The job is a focused security review of a specific WordPress plugin I will provide. Your task is to confirm and fully document any Cross-Site Scripting (XSS) weaknesses you uncover, then map each verified issue to an exact CVSS v3.1 vector and numerical score. You will receive the plugin source for testing. Review identified vulnerabilities (e.g. Stored XSS, CSRF) Validate technical impact and exploitation context Calculate CVSS v3.1 scores with clear justification per metric

I am looking for an experienced freelancer to design and develop a web-based application that is user-friendly, secure, and scalable. The system should follow modern UI/UX standards and be suitable for real-world use. This project is for an academic/business-purpose system and must be well-structured and documented.

Looking for dev sec ops training

Developer / Odoo Implementation Partner – Custom Logistics Platform (Magaya/CargoWise-like) for Freight Forwarding ABOUT US: We are Shipping company (freight forwarding/logistics). We need a secure, simple-to-use online platform built on (cloud) that supports our daily operations similar to Magaya/CargoWise, but with only the features relevant to our business. PROJECT GOAL: Build an Odoo-based operations system to manage: Warehouse Receipts (WR) Shipments (Air/Ocean/Trucking/etc.) Invoices generated from WR Payment receipts generated from invoices Customer shipment tracking page (public lookup) Role-based permissions across HQ and branch Rewards/loyalty system Dashboards, automations, and integrations

I need an experienced professional to resolve a Google AdSense policy violation or account issue on my website. Key Requirements: - Fix policy violations or account issues, including crawler and indexing - Must have experience with Google AdSense - Ability to interpret and resolve clear error messages from AdSense

Build me, or rip and build me a website which will be dedicated to the discovery and sale of a particular item. I would like the website made in a way with a black background and made very similar to that of a particular website which I currently like. the website should have an added payment option liked for payment in crypto in stable coins ONLY. I also would like the website made in a way that all of the information on it is secure so that no one can simply take screenshots, download, or screen record any of the textual information or pictures that will be uploaded and visible on the website. The website should also support a automatic detect and suggested translation feature which the text on the website would be automatically translated into any language when seen from any particular ...

Instead of changing my name on all my legal documents, Social Security Administration said I could obtain through the courts an official Petition of Name Change to show SSA .

I need a dependable developer to assume full responsibility for hosting my portfolio website. The current provider no longer suits my needs, so I’m ready to migrate everything—files, databases, SSL, e-mail records and all—onto a new host you recommend or manage yourself. My priorities are clear: professional-grade work, transparent pricing with no surprise add-ons, and honest communication at every step. I did not specify my present host or platform, so part of your first task will be to review what I have in place and propose the best-fit environment, whether that ends up being shared, VPS, or something more robust. To keep expectations straightforward, here’s what I consider a successful hand-over: • Seamless migration with zero or minimal downtime ...

I’m part of the Simplifi HR and Payroll team and need an extra pair of skilled hands to keep our recruitment funnel running smoothly. Day to day, you’ll jump on short screening calls with applicants, record concise notes in our cloud-based ATS, and make sure every offer letter, I-9, and compliance form is uploaded and verified before onboarding moves forward. You’ll receive a full software stack—ATS, HRIS, secure e-signature platform—and walk-through videos that explain our exact workflow, so there’s no guesswork. What I value most is clear communication, respect for confidentiality, and the ability to keep digital records tidy and up to date. Deliverables I measure: • Completed screening interviews with notes logged the same day • Onboa...

CLT ACADEMY – FUNFIN (Mobile + Web) Phase-1: Full Ecosystem Launch (MENA Ready) Freelancer / Agency Quotation Brief (RFP) 0) Purpose of this Document We are inviting freelancers/agencies to submit a detailed quote to build the CLT Academy Super App as a single-phase, full-scope delivery (mobile + web + admin + backend + security + integrations). This document defines the vision, scope, features, security requirements, integrations, and deliverables. Quotes must be based on this scope. 1) Project Vision CLT App will be the central operating system of CLT Academy — combining learning, live trading education, engagement, gamification, monetization, and community in one secure, multi-language platform. This is not just a course app. It is a subscription-based learning + engag...

I need a fresh installation of Windows Server 2019 Standard with 2 VM's on bare-metal hardware(current running WinSrv 2012 Std) and need an expert hand to assist me remotely with setup and virtualization layer to spin up two guest machines for web hosting. Each VM must be configured so I can quickly use or back-up disks from or in qcow, qcow2 or raw image format without compromising security. Here is what the engagement looks like: — Prepare the host: enable and fine-tune the virtualization role, apply best-practice updates, and confirm networking is ready for public-facing HTTP/HTTPS traffic. — Create two VMs: allocate sensible CPU/RAM, attach storage that supports qcow/qcow2/raw, install the preferred Linux as guest OS, with a imported image to prove everything work...

I need my existing WordPress site rebuilt from the ground up—about 16-18 pages in total. Any clean, modern theme is fine as long as it loads quickly, scores well on Core Web Vitals, and is structured for solid on-page SEO. Core content will include both image and video galleries, so please factor in lightweight gallery plugins or custom blocks that won’t slow the site down. I prefer a single, streamlined top navigation bar rather than side menus; the layout should also make it easy for us to add new city-specific pages in the near future without redesigning everything. When you reply, send a detailed project proposal outlining the theme or starter framework you would use, how you’ll handle speed optimisation (caching, minification, CDN, etc.), and your approach to SEO...

I already have an Azure subscription with a fresh Windows Server instance and I want to turn it into a solid host for my new web application. The main thing I need right now is a clean, secure IIS setup that can serve as the foundation for whatever framework I decide to deploy next. Here’s what I expect from the engagement: • Install and configure IIS on the Windows Server VM (latest stable version). • Apply best-practice hardening for public-facing sites—SSL/TLS, basic firewall rules, and the usual HTTP security headers. • Enable automatic startup and health-check monitoring so the site stays online after reboots or scaling events. • Provide concise, step-by-step documentation (screenshots or shell commands) so I can reproduce the setup in other en...

My personal Gmail has been compromised and all standard recovery steps I know—namely the recovery-email and phone prompts—have failed. Google’s automated flow keeps looping me back to “unable to verify,” so I’m locked out even though I can still see activity alerts landing on my phone. I’m looking for someone who knows Google’s account-recovery system inside out, can guide me through the right sequences (or submit the correct escalation forms), and help me regain full access without violating Google’s Terms of Service. Ideally you have a track record of restoring accounts after similar unauthorized takeovers and can show me how to harden security once we’re back in. Deliverables • Verified step-by-step plan tailored to my...

l’erreur « Too Many Requests » (HTTP 429) et cela bloque la navigation . Je souhaite que quelqu’un identifie la cause exacte — qu’il s’agisse d’un dépassement de quota côté serveur, d’un réglage Cloudflare, d’un plugin trop bavard ou d’une attaque de type bot — puis mette en place la solution définitive. Je n’ai pas encore déterminé si le problème vient du code, de la configuration serveur ou d’un service tiers, c’est donc à vous de poser le bon diagnostic, de tester vos hypothèses et de livrer la correction. Vous devrez travailler directement sur l’environnement de production ou, si vous préférez, mettre en plac...

has suddenly dropped offline. I first suspected the domain setup, corrected that, yet every browser still throws DNS_PROBE_FINISHED_NXDOMAIN. No recent changes were made on my side, and although support tickets are open with the host, they have not resolved the issue. My husband holds the log-ins for both the registrar and hosting control panels, so you will have full access once we kick off. At the same time, our second site——works on desktop, but the “Book Online” button has vanished on mobile. The styling and functionality were fine before, so I need that call-to-action back in place without disturbing the rest of the layout. What I need from you • Bring back online and confirm it resolves everywhere. • Restore the missing mobile “Book Now...

I need a controlled, professional penetration test against my own server, strictly for a security assessment. The scope is limited to application-level security; network, wireless, and physical assets are out of bounds unless something there directly affects the application attack surface. Here’s what I expect: • An ethical attack on every exposed application component—APIs, web front-end, authentication flows, file uploads, session management, business logic, and any third-party integrations. • Use of industry-standard tooling such as Burp Suite, OWASP ZAP, Metasploit, and custom scripts where helpful, always observing responsible-disclosure practices. • Zero disruption to production data or availability; all tests must run in the maintenance window we wil...

I have a handful of production-level websites built with running on a Node.js back end, each exposing AI-driven endpoints and features. Before traffic scales any further, I want every possible door that an attacker might exploit closed—whether that means fixing insecure code patterns, tightening DevOps settings, or putting guardrails in front of the AI models themselves. Here’s what I need from you: • A thorough security audit that covers code, dependencies, build pipeline, server configuration, AI endpoints, and any third-party integrations. • Concrete remediation: update or patch the code, configure headers, implement rate-limiting, add encryption where missing, and harden authentication/authorization flows. • A clear report that documents every vulnerabi...

We are looking for an experienced penetration tester / cybersecurity consultant to design a professional penetration testing report template that can be reused for multiple clients and engagements. The objective is to create a clean, structured, and industry-standard report template that can be used for Web, API, Mobile, and Infrastructure penetration testing engagements. The template should be suitable for enterprise and government-level clients. This is NOT a penetration test. This project is strictly for report template design. Scope of Work The freelancer will be responsible for creating a complete penetration testing report template, including but not limited to: 1️ Cover & Metadata Report title Client name Engagement type Application / Asset name Test date & report ...

My personal Gmail has been compromised and all standard recovery steps I know—namely the recovery-email and phone prompts—have failed. Google’s automated flow keeps looping me back to “unable to verify,” so I’m locked out even though I can still see activity alerts landing on my phone. I’m looking for someone who knows Google’s account-recovery system inside out, can guide me through the right sequences (or submit the correct escalation forms), and help me regain full access without violating Google’s Terms of Service. Ideally you have a track record of restoring accounts after similar unauthorized takeovers and can show me how to harden security once we’re back in. Deliverables • Verified step-by-step plan tailored to my...

We are using Cloudflare and need to block scraping and traffic. My site’s articles are being lifted almost as soon as they go live. It is definitely content scraping and, despite the fact that I already block offending IPs and run basic rate-limiting through Cloudflare, the traffic keeps finding its way around those measures. I need someone deeply familiar with Cloudflare’s firewall rules, Managed Challenge, Bot Management, and edge-side features to tighten things up without breaking the experience for legitimate users or search-engine crawlers. Please review my current rules, identify loopholes, and implement a layered defence that might include custom WAF rules, dynamic JavaScript challenges, threat score thresholds, or other techniques you know to be effective. Deliverabl...

I'm seeking an expert to help with my WordPress site and TLS certificate. My hosting is through Namecheap. Tasks include: - Fix performance issues, particularly slow loading times and high server response times. - Renew and manage my TLS encryption certificate to secure HTTPS traffic. Ideal skills and experience: - Proficiency in WordPress, especially in performance optimization. - Experience with TLS/SSL certificates and their management. - Knowledge of SEO marketing and site layout improvement is a plus.

Hello, Google and GitHub authentication are currently not working, so the system is not functioning properly in Chrome at the moment. I will upload a video demonstrating the issue. I look forward to your invitation.

My personal Gmail has been compromised and all standard recovery steps I know—namely the recovery-email and phone prompts—have failed. Google’s automated flow keeps looping me back to “unable to verify,” so I’m locked out even though I can still see activity alerts landing on my phone. I’m looking for someone who knows Google’s account-recovery system inside out, can guide me through the right sequences (or submit the correct escalation forms), and help me regain full access without violating Google’s Terms of Service. Ideally you have a track record of restoring accounts after similar unauthorized takeovers and can show me how to harden security once we’re back in. Deliverables • Verified step-by-step plan tailored to my...

Google has rejected my campaigns with the “manipulated website” policy warning. I run a service-based business on WordPress and—at least on my end—nothing major has changed lately. I’m looking for someone who knows Google Ads and its site-quality policies inside out to find out what’s tripping the filter, clean it up, and guide me through getting the account approved again. Here’s what I need from you: • Run a full audit of the WordPress site—plugins, themes, redirects, and any other red-flag items Google looks for. • Explain clearly what’s causing or could be causing the “manipulated website” label. • Remove or fix the offending code/content, or point me to exactly what needs to be done if it’s a h...

has suddenly dropped offline. I first suspected the domain setup, corrected that, yet every browser still throws DNS_PROBE_FINISHED_NXDOMAIN. No recent changes were made on my side, and although support tickets are open with the host, they have not resolved the issue. My husband holds the log-ins for both the registrar and hosting control panels, so you will have full access once we kick off. At the same time, our second site——works on desktop, but the “Book Online” button has vanished on mobile. The styling and functionality were fine before, so I need that call-to-action back in place without disturbing the rest of the layout. What I need from you • Bring back online and confirm it resolves everywhere. • Restore the missing mobile “Book Now...

I manage several WordPress sites hosted on a Bluehost VPS with domains registered through GoDaddy. The builds were put together quickly and, as a result, I’m constantly fighting three recurring problems: • Website downtime • Security vulnerabilities • Noticeable performance drops I’m looking for someone who already understands the ins-and-outs of WordPress server administration on a VPS—configuring the stack, hardening the install, monitoring uptime, and jumping in fast when an alert fires. Beyond keeping the sites online and secure, you’ll handle light monthly housekeeping: refreshing page copy or images, making small design tweaks in the theme builder, and staying on top of routine plugin and core updates so nothing breaks. Expect only a few ...

My website needs a thorough security health-check. I want an ethical hacker to attempt real-world attacks, document every weakness, and explain how to close the gaps. Standard black-box and grey-box techniques are welcome, and I expect coverage of common web threats—SQL Injection, XSS, broken authentication, misconfigured headers, insecure direct object references, and anything else you uncover. Please probe the live production instance (no staging mirror is available), but keep service disruption to an absolute minimum and notify me immediately if you hit a critical point where downtime is possible. Burp Suite, OWASP ZAP, SQLMap, Nikto, Nmap, or your preferred toolset are all fine as long as your methodology aligns with OWASP Top 10 and produces reproducible results. Deliverables ...

Quiero llevar mi entorno de correo al siguiente nivel. Trabajo con MailCow como servidor y Roundcube como webmail y necesito introducir nuevas funcionalidades que mejoren la experiencia diaria y, a la vez, refuercen la seguridad y usabilidad. En MailCow la tarea se centra en ajustar su lógica interna —gestión de buzones, filtros y autenticación— para que responda a flujos propios de nuestra casilla electrónica. Por la parte de Roundcube, el objetivo es más visible: rediseñar la interfaz de usuario con un tema coherente con nuestra marca, instalar y/o crear plugins que amplíen capacidades (por ejemplo, vista previa de adjuntos, respuestas rápidas, agenda enriquecida) y aplicar configuraciones extra que eleven la seguridad ...

I already have a complete n8n workflow built and running on n8n cloud; now I need it hosted permanently on a local Windows server that I control. Your job is to install n8n on that machine, migrate my existing workflow, and make sure everything runs reliably every time the server reboots. You’ll be working with Windows Server — no cloud or dedicated hosting, just this on-prem setup. Deliverables I expect: • n8n installed and configured as a Windows service (or comparable solution) so it starts automatically • My exported workflow imported and confirmed working end-to-end • Clear notes on any environment variables, ports, or dependencies you touch I can provide remote access (RDP or preferred tool) and the workflow export file as soon as we start. If thi...

1. Objective To migrate the listed websites from Microsoft Azure to Hosting with you , ensuring zero or minimal downtime, improved cost efficiency, security hardening, and ongoing application and infrastructure support. ________________________________________ 2. Websites in Scope The following production websites are included in this scope: 8 wordpress 1 Static App 1 Drupal + Vue.js ( with 100 hours of AMC) ________________________________________ 3. Requirements • Migration of website code, content, and configurations. • Migration of databases (if applicable). • Environment setup on new hosting (production-ready). • Validation of website functionality post-migration. • Dedicated or isolated hosting environment per website (as required). • Optimized server ...

I am launching a full-scale online store that will carry roughly 10,000 SKUs of kids toys. The site must present this large catalogue clearly, let shoppers pay in multiple currencies, and calculate delivery costs and options at checkout. A smooth, responsive user experience is essential—from powerful search and category navigation to a secure, friction-free payment flow. Back-office efficiency matters just as much. I will need streamlined bulk-upload tools for product data and images, real-time inventory tracking, automated order confirmation, and shipping-label generation that ties into the major couriers I use now. Please build the site on an e-commerce platform you are comfortable scaling (Shopify Plus, Magento, WooCommerce, or similar), and configure it so I can maintain pr...

I need Google Cloud Logging fully configured to ingest real-time syslog from both firewalls and routers on my network. The estate includes several firewall brands and models, all of which can point to a syslog target, so the solution must stay vendor-agnostic. Here is what I’m after: • Stand-up or fine-tune a log forwarder (Fluent Bit, rsyslog, or any proven alternative you prefer) that listens locally, receives the events, and reliably forwards them into Google Cloud Logging. • Lock the listener down so it will only accept traffic from a strict IP whitelist—this is the sole authentication method required right now. • Validate that messages from at least one firewall and one router reach the correct Log bucket with original timestamps intact and the proper r...

I need an API integration of the Easebuzz payment gateway into my subscription service website. Requirements: - Integrate Easebuzz API for payment processing - Ensure secure transactions and data protection - Provide detailed documentation of the integration - Conduct thorough testing to ensure functionality Ideal Skills and Experience: - Experience with API integrations - Familiarity with Easebuzz and subscription service models - Strong background in web security and testing - Good documentation skills Looking forward to your bids!

Important Update & Reminder for All Applicants: A sincere thank you to everyone who has applied. The quality seen has prompted us to clarify our position for an efficient selection. · Our Priority: We are seeking an expert technical partner for a complex, long-term project and are prepared to invest accordingly. · Required for Assessment: To move forward, please ensure your application includes: 1. Direct URLs to 2-3 live WordPress projects you have personally developed or technically led, ideally demonstrating experience with booking or complex e-commerce logic. Applications without links to live projects will not be considered. 2. Priority to projects featuring complex booking, appointment, or service management systems. · On Budget: The figure on the jo...

The Jira Forge cloud app is almost ready for Bugcrowd, but before I submit it I need an external security sweep that leaves zero chance of a P1–P4 slipping through. You will receive full admin access to a dedicated Jira Cloud instance (and, if useful, a second test tenant you spin up on your own account). Scope to hit hard: user authentication flows, data-access controls inside every module, and all exposed API endpoints. Try parameter tampering—changing the createdBy USER_ID, privilege escalation, session hijacking—anything that could let a normal user act as an admin or see another employee’s data. Burp Suite is essential, and you’re free to bring any other standard tools that help you dig deeper. Deliverables • Comprehensive report: finding, im...