Xsstrabajos

...to make sure you don't show people the wrong data, as well as some that will allow you to echo HTML safely. At this time, we ask you escape all $-variables, options, and any sort of generated data when it is being echoed. That means you should not be escaping when you build a variable, but when you output it at the end. We call this 'escaping late.' Besides protecting yourself from a possible XSS vulnerability, escaping late makes sure that you're keeping the future you safe. While today your code may be only outputted hardcoded content, that may not be true in the future. By taking the time to properly escape when you echo, you prevent a mistake in the future from becoming a critical security issue. This remains true of options you've saved to the dat...

Hey there, seeking Developer for Website Creation Using Microservices Architecture for a Social Media & E-Commerce Page ? Skills: Agora WebRTC AL ML Node.js, React.js, JavaScript, MongoDB, Redis, Web Sockets. Familiarity with Digital Ocean, AWS It's important that the entire develop...Rooms Food Delivery Tour Guide Beauty and Spa Restaurant Table Reservation Ride Sharing Tickets and Events Lawyers Services of all kinds StayToEnjoy Ads Live Stream Chat System Call and Video Call Help Center Report Center Ticket Center Calendar for Private and Business user Geo Fancing Admin Panel for StayToEnjoy Implement security measures such as encryption, validation and protection against XSS and CSRF attacks. Also we need AI for check content, pictures and video incl. live strea...

Hello everyone, I am looking for an expert who can assist with our websites. We currently manage 3 sites that function primarily as booking forms for different events. most of these sites are clones of each other, sharing the same database and codebase. This means changes made on one can easily be tr...there them to listen in to advice. We're coordinating a client call next week (3rd october or friday 6 october), and your insights would be invaluable. The call will either be on Tuesday evening or Friday morning, based on mutual agreement. If you have the expertise and availability, please let me know, we are looking for a serious professional for this, who knows what the score is on security From XSS to a Directory Traversal etc. Looking forward to working with a dedicated ...

i launched new site for our company, need a senior QA to do wordpress detailed testing and report all issues related to functionality, SEO, content alignment, speed, any errors, responsiveness, and security or vulnerability on our site (e.g.: XSS, RCE, CSRF, SSRF, SQLi, etc. ) we want to make sure website is hack proof

...bottlenecks, optimizing server response times and data loading. Implement caching mechanisms to reduce server load and enhance overall website speed. Conduct load testing and performance tuning to ensure the website can handle expected traffic levels. Security Implementation:Implement security measures to protect user data and the website from threats like SQL injection, cross-site scripting (XSS), and more. Regularly update and patch server-side components to address security vulnerabilities. Collaborate with security experts to perform penetration testing and security audits. API Integration:Integrate third-party APIs or services for features like payment processing, email notifications, or external data retrieval. Ensure seamless communication betwe...

...recommendations based on user behavior and preferences. Featured products and best-sellers sections. 9. Reviews and Ratings: User-generated product reviews and ratings. Display of average ratings. 10. Responsive Design: Mobile-responsive layout for a seamless experience on all devices. 11. Security: SSL encryption for secure transactions. Protection against common web vulnerabilities (e.g., SQL injection, XSS). Regular security audits and updates. 12. Admin Panel: Inventory management tools. Inventory syncing. Order processing and tracking. Analytics and reporting. 13. Payment Gateway Integration: Integration with trusted payment gateways for secure transactions. 14. Shipping and Logistics: Delivery Status Monitoring 16. Social Media Integration: Sharing products on social media....

...a project titled "Need Env Vulnerable Laravel IPS". The main purpose of this project is to identify vulnerabilities in Laravel and exploit them. Specifically, I am looking to test for the following vulnerabilities: - SQL Injection - Cross-Site Scripting (XSS) - Remote Code Execution (RCE) I would like the freelancer to test for vulnerabilities in all versions of Laravel. Ideal skills and experience for this job include: - Strong knowledge of Laravel - Expertise in identifying and exploiting vulnerabilities such as SQL Injection, XSS, and RCE - Experience in conducting security testing and vulnerability assessments - Familiarity with IPS (Intrusion Prevention System) If you are confident in your abilities to identify and exploit vulnerabilities in Laravel...

WordPress Expertise - Min 5 years WooCommerce Expertise - Min 5 years Strong skills in HTML, CSS, JavaScript AWS/Azure Experience....Understanding of e-commerce best practices, including product pricing, inventory management, and security. Language Localization: Familiarity with implementing multi-language support and RTL (Right-to-Left) text for Arabic. Security Expertise: Awareness of security best practices, including HTTPS encryption, data encryption, and protection against common web vulnerabilities (e.g., SQL injection, XSS). Payment Gateway Integration: Experience integrating and configuring secure payment gateways like Stripe, PayPal, or others. Version Control: Proficiency with version control systems such as Git for code management and collaboration. Performance Op...

An XSS Challenge Set. Identify the invulnerable XSS challenge, and explain why. An SQLi Challenge Set.

: Prefer Vercel or Netlify's serverless functions. Firebase's free tier might not be suitable. No pay-as-you-go plans. : Accept string inputs from a Chrome Extension and relay to the ChatGPT API. : Return the ChatGPT API's response to the Chrome Extension. Limit: E... : Return the ChatGPT API's response to the Chrome Extension. Limit: Each device should be limited to 1 request per day, even if the IP address changes due to VPN or other means. Exceeding this should prompt: "You have exceeded the API call limit for today." : Ensure the ChatGPT API key is never exposed to clients. Sanitize inputs against Cross-Site Scripting (XSS). Always use HTTPS for communication. Adherence to points 1, 4, and 5 is essential.

Project Title: Determine if Phishing link (URL) is malicious. I want an analysis of the links. 4-5 links Need breakdown and confirmation they are indeed malicious. What type of attack used. Overview: I am looking for someone who can analyze website links to determine if they are malicious or not. Believe they are XSS or session id stealing link.

...preparing both full reports and summaries of findings Skills: - Security testing - OWASP guidelines - Vulnerability identification - Report preparation List of testing should conduct on our app and web portal 1. Vulnerability Scanning 2. Authentication and Authorization Testing 3. Input Validation Testing 4. Security Misconfiguration Testing 5. Session Management Testing 6. Cross-Site Scripting (XSS) Testing 7. Cross-Site Request Forgery (CSRF) Testing 8. Security Headers Testing 9. Secure File Upload Testing 10. API Security Testing 11. Mobile App Specific Testing (if applicable) 12. Encryption Testing 13. DDoS (Distributed Denial of Service) Testing 14. Social Engineering Testing 15. Compliance Testing 16. Red Team Testing If you have the required skills and experience, ple...

...as Appium for automated testing to validate user interface and interactions on mobile platforms. Security Testing: Assure the security of all APIs by confirming the use of SSL certificates. Detect vulnerabilities concerning user data and credentials (our authentication is via Firebase). Verify that appropriate security practices are in place to mitigate risks, such as DB injection, clickjacking, XSS, MIME-Sniffing, and HSTS. Optimization of Costs, Performance, & Load Testing: Ensure the absence of code vulnerabilities that could lead to unwarranted billings at server and API providers. Implement strategies to optimize server and network requests to minimize costs, maintaining performance. Conduct load testing with tools like Apache JMeter to achieve the highest feasible spe...

Project Title: Fixing Vulnerabilities in Java Libraries I am in need of a skilled developer who can fix vulnerabilities in a set of Java libraries, specifically related to log4j. The vulnerabilities that need to be addressed include SQL Injection, Cross-Site Scripting (XSS), and Remote Code Execution (RCE). Requirements: - Strong knowledge and experience in Java programming - Expertise in identifying and fixing vulnerabilities in Java libraries, particularly log4j - Familiarity with SQL Injection, XSS, and RCE vulnerabilities - Access to the source code of the Java libraries is necessary for fixing the vulnerabilities Timeline: - The completion of this project is required within a week If you have the necessary skills and experience to fix these vulnerabilities and can me...

...Middleware and Authentication: Implement middleware for tasks like authentication, logging, error handling, etc. Use libraries like for authentication and authorization. Validation and Input Sanitization: Validate incoming data to ensure it meets the required criteria before processing. Sanitize user inputs to prevent security vulnerabilities like SQL injection and cross-site scripting (XSS) attacks. Error Handling: Implement error handling mechanisms to provide meaningful responses to users and log errors for debugging. Testing and Debugging: Write unit tests and integration tests using frameworks like Mocha, Chai, and Supertest. Use debugging tools and techniques to identify and fix issues in your code. Deployment: Choose a hosting platform (such as Heroku, AWS, or Digita...

I am seeking a freelancer to design a betting website, specifically a straightforward lottery system, with a substantial emphasis on security. It's crucial to engage with a professional who possesses deep knowledge and experience in the ...guidance on best development practices, hosting strategies, and measures to ensure the system remains efficient and secure. My topmost priority is to ensure the site's operability, speed, and above all, security. It's paramount that client funds remain unhackable, and all aspects related to the database, login, and payment methods are safe for users. Necessary requirements: HTML NoSQL Couch & Mongo XSS (Cross-site scripting) PostgreSQL Database Development Web Security API Azure Cloud Security SSIS (SQL Server Integration Ser...

I'm looking for someone to create something like an exam machine with CTF challenges (preferably an .ova file, something like those machines on Vulnhub) Each vulnerability must return some flag e.g. exploiting FTP you can find file : flag{ftp_is_easy} Vulnerabilities that should appear: Network: - Anonymous FTP login - SMB - Telnet - NFS - SMTP WEB: -XSS stored, reflected (but with filter bypass) -SQLi on login page -Directory Path Traversal -CSRF or SSRF -IDOR Let me know the price and completion time Don't look at the price in my bid, I just don't know about it and don't know how to price it

...and Laravel Shop Hello, I require a person who can do security testing for my Vue.js and Laravel shop application. As part of the project, I need to identify potential vulnerabilities and security loopholes within the application. The goal is to ensure that the shop is secure and protected against common threats. Here are the specific tasks I need your expertise on: 1. Cross-Site Scripting (XSS) Testing: Verify that the application is protected against cross-site scripting attacks, where malicious scripts are injected into web pages. 2. SQL Injection Testing: Test the application to ensure that it is resilient against SQL injection attacks, where malicious SQL statements are inserted into data input fields. 3. Session Hijacking Testing: Assess the application's resista...

...as APIs, databases, and third-party services. Security Assessment: Conduct a thorough security assessment of the website to identify vulnerabilities, potential risks, and weaknesses in the system. Security Enhancement: Implement appropriate security measures, protocols, and best practices to ensure the website is safeguarded against common web threats, such as SQL injection, cross-site scripting (XSS), and unauthorized access. Code Review: Review and optimize the existing PHP CodeIgniter, HTML, CSS, and JavaScript code to improve performance, readability, and maintainability. Requirements: Strong proficiency in PHP CodeIgniter, HTML, CSS, JavaScript, and NoSQL. Proven experience in debugging and fixing website issues. Knowledge of secure coding practices and web application secu...

...''). The reason for refusal is that the requested media violates the Content Security Policy (CSP) directive implemented on the website. A Content Security Policy is a security mechanism implemented by websites to control the types of content that can be loaded or executed on a page. It helps prevent cross-site scripting (XSS) attacks, code injection, and other malicious activities. In this case, the CSP directive in question is "default-src 3.14.255.26 'self'". It specifies the allowed sources for different types of content on the page. The directive you provided allows content to be loaded from the IP address 3.14.255.26 and the same origin ('self'). However, the media file requested from 'https://essentialreturns

...as APIs, databases, and third-party services. Security Assessment: Conduct a thorough security assessment of the website to identify vulnerabilities, potential risks, and weaknesses in the system. Security Enhancement: Implement appropriate security measures, protocols, and best practices to ensure the website is safeguarded against common web threats, such as SQL injection, cross-site scripting (XSS), and unauthorized access. Code Review: Review and optimize the existing PHP CodeIgniter, HTML, CSS, and JavaScript code to improve performance, readability, and maintainability. Requirements: Strong proficiency in PHP CodeIgniter, HTML, CSS, JavaScript, and NoSQL. Proven experience in debugging and fixing website issues. Knowledge of secure coding practices and web application secu...

...streaming solution / web application. Where clients on the LAN can upload mp3 and mp4 files, then these files can be managed on a content management page. using CVLC and sub-processing, the program creates a multicast stream of the content. The application is not web facing, I am currently missing many features such as the playlist functionality, and the project has current vulnerabilities such as XSS and RCE. Basic user management implementation using mariaDB and mySQL would be preferential, including the use of CSRF. Any other database solution can be tailored to your needs. For the basics I would like a programmer to either implement this extra functionality, (Content management, playlist creation, etc, maybe even user management, ) and if possible, solve some problems det...

The regex need to match the below payload so we need to get the 400response in area, as of now getting 200ok response. "paymentOrderReferenceNumber":"<img src=x onerror=alert(1);>" "paymentOrderReferenceNumber":"<svg/onload=alert('XSS')>"

Develop a marketplace for a niche The marketplace will have 3 types of users: admin, vendor, customers Booking will have parameters such as Date, Time, and Location. Custom...bookings Admin will be able to control the site backend to access analytics, modify changes to the site, etc There will be several forms of payment methods such as Bank Transfer, PayPal, Stripe, etc. As there will be payments on the site security must be top tier and taken into consideration. • Making sure the website is 100% secure preventing any attacks towards website - Cross site scripting (XSS) - SQL Injection Attacks - Cross site request forgery XSRF/CSRF - Session Hijacking - Hide Files from the Browser - Securely Upload Files For more information, full spec, and reference website please send ...

...and Databases such as Common Weakness Enumeration (CWE), provide details on the following vulnerabilities: a. SQL Injection. b. Cross-Site Request Forgery (CSRF) c. Cross-Site Scripting (XSS) d. Session Fixation e. Local File Inclusion (LFI) 5. Gain access to the target’s web site in the virtual environment which is provided to you using: a. SQL injection b. Cross-Site Scripting (XSS) 6. Recommend the necessary security solutions for protecting against the following risks and vulnerabilities: a. SQL Injection. b. Cross-Site Request Forgery (CSRF) c. Cross-Site Scripting (XSS) d. Session Fixation e. Local File Inclusion (LFI) ...

...Incorrect use of <label for=FORM_ELEMENT> <label for="pa_podokvir1583327">Podokvir</label> <label for="pa_okvir1583384">Okvir</label> snippet <?php if($attribute_name == 'pa_podokvir'):?> <td class="label"><label for="<?php echo esc_attr( sanitize_title( $attribute_name . absint( $product->get_id() ) . $randid ) ); ?>"><?php echo wc_attribute_label( $attribute_name ); // WPCS: XSS ok. ?></label></td> <td class="value"> <div id="podokvirPostId" style="display:none;" podokvir_id="<?php echo apply_filters( 'wpml_object_id', 2220, 'post' ); ?>"></div>...

...penetration testing on our web application within a tight timeframe of 1-2 weeks. The main objective of the project is to identify vulnerabilities and potential security risks. The ideal candidate should have experience in web application security and penetration testing. The specific skills required include: - Knowledge of web application vulnerabilities such as SQL injection, cross-site scripting (XSS), and CSRF - Knowledge of web application security standards such as OWASP Top 10 - Experience with penetration testing tools such as Burp Suite, Nmap, and Metasploit - Ability to provide detailed reports on findings and recommendations for remediation The project will involve testing the web application for vulnerabilities and providing a detailed report on findings and recomme...

Looking for a cyber security mentor to focus on application security, with experience in Python programming. The mentor should have intermediate-level expertise in the field. Ideal skills and experience include: - Strong knowledge of application sec...intermediate-level expertise in the field. Ideal skills and experience include: - Strong knowledge of application security, including threat modeling, secure coding practices, and vulnerability testing - Experience with Python programming language and related security libraries and frameworks - Understanding of web application security, including common vulnerabilities such as cross-site scripting (XSS) and SQL injection - Ability to provide guidance and mentorship to an intermediate-level learner, with clear communication and feedba...

I am looking for a freelancer to help me protect my website and PHP script from SQL Injection attacks. I need a complete solution as I currently have no security measures in place. The website is medium-size...and experience required: - Expertise in website security and protection against SQL Injection attacks - Knowledge of PHP programming - Experience in securing medium-sized websites with some complexity Additional skills that would be beneficial: - Familiarity with website hosting environments - Experience in handling Distributed Denial of Service attacks - Knowledge of Cross-site Scripting (XSS) protection techniques If you meet the above requirements and have a track record of successfully securing websites from SQL Injection attacks, please reach out to me with your...

I want to make a blogging site using PHP and MySQL Features : I can change favicon/title/brand of blog Rich text editor blog with thumbnail Secured against SQL Injection, XSS, DDoS and others URL Slug and Sitemap with good SEO Light / Dark theme and Responsive Admin Panel with good stats and setting like makes Suggested Post + Sharing Options + Views Counter + Popular Post Mail Subscription using PHPMailer (If possible) Simple search bar Pagination for 15 posts per page Footer with pages - About us and all Legal pages with social link Admin can add members and remove them (Members can post articles) I have attached few examples for some sections.

Initial requirements for a Strapi CMS platform with user management capabilities, including sign-in using Google or Microsoft accounts: - User Authentication: The platform should provide authentication capabilities for users to sign up, sign in, and manage their accounts. Social M...have a personalized dashboard where they can view their profile information, manage their content, and perform other relevant actions. User Activity Tracking: Connect to Google Analytics Scalability and Security: The platform should be designed to handle a large number of users, with robust security measures in place, such as encryption of sensitive data, protection against cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks, and adherence to best practices for data privacy and s...

...the project will involve replicating the session ID stealing process in order to better understand how it works and how to prevent it. This will involve creating a platform where users will receive a phishing link via their Microsoft email. Clicking on the link will allow us to obtain the session ID of the user's Microsoft account using techniques such as Session Hijacking, Session Fixations, or XSS. If this is not possible, we will send the user a link to download an exe file that will grab the session details. 2. Google Chrome Extension The second part of the project will involve creating a Google Chrome extension that will automatically detect and block phishing links. This extension should work in all cases and be able to detect even the most sophisticated phishing atta...

I'm having an issue with the embed of Calendly on my website, more specifically I'm having issues with the HTML overflow on my embed. Currently it is set to auto, but should be hidden. I'm embedding Calendly into a clickfunnels ...worked. however once you click to start selecting times and dates the same issue of overflow :auto kicks back in. this is the description of the issue written back on this page The issue with the “show more” on the calendly embed is that the HTML inside the iframe is set to overflow: auto; and there’s no option we can target that HTML using the CSS because we don’t host the iframe. This is to stop XSS (Cross Site Scripting). That being said, I suggest that you reach out to calendly and ask them to change the HTML f...

Hello Freelancers, I am in need of assistance creating a web application from scratch using Java Script Injection. This will be used to start a new business enterprise. I do not have the content ready to add to the website, so I am looking for help with...scratch using Java Script Injection. This will be used to start a new business enterprise. I do not have the content ready to add to the website, so I am looking for help with this as well. Additionally, I require design assistance for the website. - Set up the web from scratch using Apache web server, WordPress web application, MySQL database - setup JavaScript and request injection - Prevent XSS - Prevent server-side injection/inclusion - Report Thank you for taking the time to consider this project! I look forward to hearing...

With this line of research, we want to improve the usability of Web Security mechanisms. Thus, we study real-world issues developers face when working with different security mechanisms, as well as strate...research, we want to improve the usability of Web Security mechanisms. Thus, we study real-world issues developers face when working with different security mechanisms, as well as strategies for successful deployment. The mechanism that we are currently focused on is Trusted Types (TT), which enables a Web site's operator to enforce sanitization of input to JavaScripts APIs prone to client-side XSS. Trusted Types is still a work in progress, and we want to take the opportunity to include the perspective of real-world web developers. For more information please check-out

...detected during the scan, such as infected files or directories. Enable automatic updates for Imunify AV to keep it up-to-date with the latest security patches. Set up email notifications for security events such as malware detection, suspicious file modifications, and virus outbreaks. Use the WebShield feature to protect against web-based attacks such as SQL injection and cross-site scripting (XSS). Use the Proactive Defense feature to detect and prevent attacks such as brute force attacks, DDoS attacks, and port scans. Regularly monitor the security logs to detect and prevent security threats. For cPanel and WHM: Enable two-factor authentication for all cPanel and WHM logins. Disable root-level access to cPanel and WHM, and create a separate administrative account with ...

...meaningful (no dummy text). The user-interface and interaction design should follow best practice for ecommerce systems. Consideration should be given to the use of the system on Mobile Devices. The application should be prepared in ASP.NET Core in C#, together with other associated technologies (HTML, CSS, JavaScript). It should not be possible to inject HTML, Script or SQL and the possible threat of XSS attacks should be mitigated Your work will be accompanied with a brief report explaining your application design process, starting with the planning phases which would generally include research into the purpose of the site, website structure (using site map, mock-ups or annotated wireframe, mood board for a desktop, laptop and mobile device) to meet the requirements of the web...

...chose to receive email updates on the state of the pool and will receive reminder emails related to the event once a time slots has been chosen. 11. Events pages and data will be deleted 1 moth after the event has passed. Security requirements: - Basic security standards like HTTPS encryption, input validation, and error handling. - Basic protection against SQL injection and cross-site scripting (XSS) attacks. Technical Requirements suggestions: - Front end - React.js - Back End - using Firebase might make it easier to complete, and allow easy email authentication etc. We’ll be available for further guidance and support all throughout the development of the website app. Thank you for taking the time to read this proposal....

...security of the project, including use of encryption on APIs. 4)Detecting and removing vulnerabilities with respect to user data and credentials(FYI Firebase is being used for auth). 5)Load testing and ensuring the code for compiled packages to achieve highest feasible speeds as per industry standards. 6)Ensure security from attacks like DB injection, clickjacking , automated tool attacking ,XSS , MIME-Sniffing ,HSTS, etc --- depending on feasibility. 8)Ensure sever setups and plan selections scalability without issues and security therein. (FYI: We are using Digital ocean) 9)Ensure account setups with API providers and security therein. 10) Ensuring the code doesn't have vulnerabilities which could lead to unnecessary billings at server and API providers. Feel free ask ...

Hello, I have attack on prestashop / server Ubuntu, the issue of prestashop is just one, that the image and other page not working in https but http, mean that something in database or other place is wrong, that allow http connection instead https connection, also server is set that accept http connection instead only https connection, i need to close the door 80 and prestashop ...just one, that the image and other page not working in https but http, mean that something in database or other place is wrong, that allow http connection instead https connection, also server is set that accept http connection instead only https connection, i need to close the door 80 and prestashop setting all into https no http like url and entire prestashop. I want block cache poisoning and xss attack ...

The issue of prestashop is just one, that the image and other page not working in https but http, mean that something in database or other place is wrong, that allow http connection instead https connection, also server is set that accept http connection instead only https connection, i need to close the door 80 and prestashop setting all into https no http like url and entire pre...just one, that the image and other page not working in https but http, mean that something in database or other place is wrong, that allow http connection instead https connection, also server is set that accept http connection instead only https connection, i need to close the door 80 and prestashop setting all into https no http like url and entire prestashop. I want block cache poisoning and xss attac...

Requirements 1. Home page about the company/shop 2. ecommerce site to sell clothing products - includes catalogs, admin accounts for managing operational activities 3. Abilities to upgrade/update any future functionalities 4. Integrate payment gateways for online payment 5. Enquiry & order forms from customers - no payment option 6. Compatible with Desktop & Mob...page about the company/shop 2. ecommerce site to sell clothing products - includes catalogs, admin accounts for managing operational activities 3. Abilities to upgrade/update any future functionalities 4. Integrate payment gateways for online payment 5. Enquiry & order forms from customers - no payment option 6. Compatible with Desktop & Mobile layout 7. Secure coding standards ex - SQL injections, XSS etc...

help to fix code attached requirement 1. please note down all steps when fix it. 2. add email and authentication when created new user.

Hello There, We need a Pure UI Designer ( NOT HTML Designer) for our projects. Reply with XSS-UIDESIGN

...Management. - Accounting: spendings, incomes main focus of the app will be are for the accounting so most of the features in this Section. - Simple POS for the University café & print services. - User permission handing. - Data filtering, and more. - Exporting data in various formats Like EXCEL, CSV, PDF, Plain Text, ETC. - Record full user actions on the application. - Fully secured from SQL injections, XSS, Session Hijacking, Credential Reuse, ETC. - Connecting to some other API(s) for adding extra features. - Multi-university handing. ...

scan 1 app + admin deeply with burp or other tools to get significant findings. we will pay 300$ for each domain (app+admin) only if you find high severity findings such as bypassing login, XSS proofs / SQLI , getting other users data etc. work is ready to be started. we ask for 1h work to see it's serious then we can put milestones.

Hi Chavilesh K., I noticed your profile and would like to offer you my project. We can discuss any details over chat.

- Must have good knowledge of the IT / Software Industry - Must have excellent English - Must be able to go in-depth and have the capability to write 1000-2000 words for a ubiquitous topic like how to cook pizza :-) BEFORE BIDDING WRITE XSS

To Prevent Reflected XSS in form page. - Need to use appropriate response headers - Need to use Content Security Policy (CSP) to reduce the severity of any XSS vulnerabilities 2. Unrestricted Upload of File with Dangerous Type (for 11 file uploads fields) - To restrict certain file extensions only - To set maximum file size and name length and validate it - To include Captcha to avoid bots

I need someone to examine my website and try to find security problems in it. Content Injection, SQL Injection Exploit, CSRF Exploit, XSS Exploit, other exploits.