Contact person: Business Client

Phone:Show

Email:Show

Location: Surat, India

Budget: Recommended by industry experts

Time to start: As soon as possible

Project description:
"I need a thorough security assessment of my Android application with emphasis on two fronts: all traffic that moves over Wi-Fi and the login flows that depend on username-and-password as well as OAuth. The build is in beta and a staging backend is ready; I will provide the APK, test accounts, and API keys.

Your task is to intercept, analyse, and attempt to break every request made on Wi-Fi—checking certificate pinning, TLS configuration, token handling, and susceptibility to man-in-the-middle or session hijacking. On the authentication side I want to see whether brute-force protections, password storage, token exchange, refresh logic, and logout processes hold up to OWASP MASVS-AUTH guidance.

Deliverables
• A concise PDF report that lists each finding with severity (CVSS or OWASP), reproducible steps, screenshots or packet captures, and clear remediation advice.
• A short verification pass after fixes are applied, confirming that critical and high-risk items are closed.

You are welcome to work with Burp Suite Pro, mitmproxy, Frida, or comparable tooling; just outline your preferred setup so I can align test credentials and timelines." (client-provided description)