Recently our website hosted at Nexus was hacked.
It is a Magento cart with a theme placed on top of it. I think there is a twitter feed plugin as well.
We are due for a compliance audit for PCI and we have an audit by a credit card company.
We know the hack was XSS related as I am sure the vulnerability is there.
I need a Freelancer that is excellent at website security and if chosen this project might be re-made/upgraded to an NDA.
First the Freelancer will discover XSS security holes.
I want to know what specific changes made, I want to know what specifically you typed where.
I'll be running though the same steps to reproduce the issue for our managers responsible for the site.
Once we have discovered all of the issues, I want the Freelancer to fix them.
I want the freelancer to show me how he did it and answer questions (so I can do it myself) on other sites.
Your bid should:
1) Be accurate for price and ETA
2) Tell me how you will complete this project
3) Let me know your availability / time zone
5) Say "Security" as the first word in your Bid
I am happy to PM the link to a select few I feel fit for this project.
For now, assume besides an SSL that nothing was really done for security.
THIS IS TO BE COMPLETED 3/20 TODAY AND REPORTED ON WITHIN 12 HOURS (IN DETAIL)
Good luck. I'll contact you via PM if interested.
Thanks for your time.