Looking for a Security Specialist to conduct a Grey-Box Penetration Test on a SaaS platform built with Laravel and React. The app helps real estate sourcers package deals using AI and third-party data. The objective of this project is to collate the results of a gray box test, identifying vulnerabilities and weaknesses at minimum in the application's authentication and authorization mechanisms, input validation, state management, access control and encryption of a web application. Testing will focus on identifying potential security risks and providing recommendations for remediation. Scope of Work: • Audit the Authentication/Authorization flow (JWT/Laravel Sanctum). • Test for IDOR and Broken Access Control between user accounts. • Audit API security (integrations with AI and Property Data providers). • Check for OWASP Top 10 vulnerabilities (XSS, SQLi, CSRF). • Check for Insecure Webhooks and Hardcoded Secrets Requirements: • Proven experience with Laravel security. A sample report of a penetration test which you have conducted recently would be preferrable. • What are the certifications held by your company for penetration testing? • Ability to provide a detailed report with 'Proof of Concept' and 'Remediation Steps'. • Experience with manual code review. • Confirm testing methodology you provide. • After the preliminary test report, we can work on the fixes based on recommendations and would need a final seal of approval.