Project Description

We are seeking an experienced security professional to conduct a penetration test on a financial data integration. The final report will be submitted to a partner as part of a third-party security review process.

Scope of Work:

Perform penetration testing based on OWASP Top 10 vulnerabilities
Test OAuth 2.0 Authorization Code Flow (CSRF, state tampering, open redirect, XSS)
Review token storage, encryption (AES-256-GCM), and data handling
Assess API endpoints (AWS Lambda and Next.js routes)
Evaluate automated transaction sync processes

System Overview:

3 AWS Lambda endpoints (OAuth initiate, callback, transaction sync)
3 Next.js API routes (status, connect, disconnect)
OAuth 2.0 flow with encrypted token storage in PostgreSQL

Deliverables:

Professional PDF penetration test report including:Executive summary
Testing methodology
Findings with severity levels (Critical/High/Medium/Low)
Remediation recommendations
Retest confirmation (if applicable)

Requirements:

Proven experience in API and OAuth security testing
Strong understanding of OWASP testing methodology
Ability to deliver a professional, audit-ready report
Security certifications (CEH, OSCP, GPEN, etc.) are a plus

What We Provide:

API endpoints and sandbox credentials
Source code access (if needed)
Architecture documentation