Lately my site has been the victim of a malicious attack. I'm not 100% sure of how it was taken down, or the reason why, but I do know that my site is not 100% secure.
Your job is to do a thorough security evaluation of the website. I expect you to find ALL exploits, suggest fixes, and let me know how to avoid this problem again.
In your PM tell me how you're going to go about doing this, any software you'll be using, past security experience, and any other important information.
Please Note: You will NOT gain access to the files, databases etc.
I will go over all bids this weekend, and choose the winning bid on Sunday afternoon. I want to know what you specialise in [in regards to website security.]
Basically, tell me what exploits I have (example: XSS, SQL Injection etc.) and how to fix them. I want detailed information.