Authenticated Dynamic Security Testing – Django Web Application/Plugins

Seeking an experienced application security tester to perform authenticated dynamic testing of a Django-based web application implemented as plugins.

Focus areas include authentication and session management, role-based access control, logic flaws, XSS (stored and reflected), CSRF, input validation weaknesses, insecure file handling, API abuse, sensitive data exposure, and security misconfiguration.

Testing should align broadly to OWASP Top 10 / OWASP Testing Guide, using tools such as Burp Suite or OWASP ZAP alongside manual validation.

This is not an infrastructure test, just the application. I.e. we're not testing the web server (NGINX), only the web application.

A structured report is required with reproducible steps, affected endpoints, impact, and severity ratings.

After remediation by our development team, at least one rescan will be required, with a possible second validation pass if needed.

We'll give you access to a server and the application for testing, along with credentials.

Contract duration of less than 1 month.

Mandatory skills:

Website Security, Web App Penetration Testing, OWASP, CVSS, NMAP, Python, API, Burp, Penetration Testing