I need an experienced ethical hacker to run a focused penetration test on one of my production-level web applications. The priority is to uncover any Broken Authentication weaknesses—including session fixation, credential stuffing exposure, weak password reset flows, or other logic flaws that let a user assume another user’s identity. Scope • Target: single public-facing web app (URL and credentials supplied after NDA). • Tech stack: standard LAMP with a custom PHP layer and MySQL backend; JavaScript front-end. No third-party mobile clients are in scope. Approach Please follow a recognised methodology such as OWASP Web Security Testing Guide, document every step, and keep traffic within agreed testing windows so our monitoring team can correlate logs. Deliverables 1. Executive summary outlining overall risk and key findings. 2. Detailed technical report for each exploit, including reproduction steps, severity rating, and screenshots or Burp Suite/OWASP ZAP logs. 3. Practical remediation advice mapped to OWASP ASVS controls. 4. One brief debrief call to walk through results. Acceptance Criteria • At least one attempt to exploit every authentication and session management flow. • No data exfiltration outside the test environment. • All findings reproducible by our internal security lead. If you hold relevant certifications (OSCP, CEH, or similar) please mention them; signed NDA is required before testing can begin.