Urgently Require a Pen Tester to work remotely
Thanh toán khi bàn giao
Hi, This job is about a UK based competition related to cyyber securety. I need someone who is proficient with these jobs. There are program rules, and expected eligibility.
TESTING POLICY AND RESPONSIBLE DISCLOSURE
Please adhere to the following rules while performing research on this program:
Denial of service (DoS) attacks on Ooredoo QPSC applications, servers, networks or infrastructure are strictly forbidden.
Avoid tests that could cause degradation or interruption of our services.
Do not use automated scanners or tools that generate large amount of network traffic.
Do not leak, manipulate, or destroy any user data or files in any of our applications/servers.
Do not copy any files from our applications/servers or disclose them.
No vulnerability disclosure, full, partial or otherwise, is allowed.
Notify Ooredoo immediately if you discover any evidence of a breach of Ooredoo’s systems apart from your own tests.
We strive to review submitted vulnerabilities reports within 4 weeks.
Ooredoo will not pursue legal action against researchers who report vulnerabilities within the terms of company’s reporting mechanism.
By participating to this program :
You agree not to disclose to any third party any information related to your report, the vulnerabilities and/or errors reported, nor the fact that a vulnerabilities and/or errors has been reported to Ooredoo.
You agree to indemnify and hold Ooredoo harmless against all claims, losses, demands, proceedings, fines, and expenses arising from or related to your violation of these rules.
Unless otherwise required under applicable law or regulation, Ooredoo has no responsibility to pay you compensation for any direct, indirect, or consequential losses, property damage, ﬁnancial loss, loss of productivity, information that is lost or corrupted, regardless of whether such loss could have been foreseen, or any other loss that is not due to Ooredoo’s gross negligence.
You agree that these terms and conditions will be governed by the laws of the State of Qatar and you consent to the jurisdiction of the courts of Qatar, which will have exclusive jurisdiction over any dispute arising hereunder.
We are happy to thank everyone who submits valid reports which help us improve the security of Ooredoo QPSC, however only those that meet the following eligibility requirements may receive a monetary reward:
You must be the first reporter of a vulnerability.
The vulnerability must be a qualifying vulnerability (see below).
The report must contain the following elements:
Clear textual description of the vulnerability, how it can be exploited, the security impact it has on the application, its users and Ooredoo QPSC, and remediation advice on fixing the vulnerability;
Proof of exploitation: screenshots demonstrating the exploit was performed, and showing the final impact;
Provide complete steps with the necessary information to reproduce the exploit, including (if necessary) code snippets, payloads, commands etc.
You must not break any of the testing policy rules listed above.
You must not be a former or current employee of Ooredoo QPSC or one of its contractors.
If you find the same vulnerability several times, please create only one report and eventually use comments. You'll be rewarded accordingly to your findings.
The triage team will use the "One Fix One Reward" process: if two or more endpoints use the same code base and a single fix can be deployed to fix all the others weaknesses, only one endpoint will be considered as eligible for a reward and other reports will be closed as 'informative'.
Reward amounts are based on:
Reward grid of the report's scope;
CVSS scoring and actual business impact of the vulnerability upon performing risk analysis.
If you are confident you can perform these tasks send me a proposal describing all your qualifications and previous accomplishment. Start your proposal with a word "cupcake" so I know you have read the description.
ID dự án: #36699231
Về dự án
17 freelancer chào giá trung bình$491 cho công việc này
Hello i am a cybersecurity engineer and i am certified professional pentester, i have read your description and i can work with you, just contact me to discuss more about the project.
Can we discuss the scope size? Cyber Security summitinformation security specialist. Cyber Security | Pentest | Threat Intelligence | Ethical Hacking | DevSecOpsa