We have a Web App, and off late, we have found the below concerning activities:
1. Scrapers (Of Russian origin) have created fake profiles on both sides of our marketplace, which needs to stop
2. Scrapers have been able to post projects on our web app, without signing up, from their local servers
3. Scrapers have been able to do activity on the web app on behalf of existing users, all from their local server, which is extremely concerning
4. New projects have been posted on the Scraper's local server using existing employer emails - Everytime a new project is posted, a notification email goes to the client. We have noticed these emails going out to the client, due to fraudulent activity of the scrapers. We know that the client has not posted these projects because a hyperlink in the email for "click here" has a local server in it.
We need:
1. To investigate how the scrapers were able to hack into our web app and where the security needs to be put in place through Pen testing - Presenting and explaining results of the test to tech team, along with handing a report
2. Deploy fixes to our existing architecture to block out these scrapers in the future, and make our web app and API endpoints extremely secure to prevent such hacks from happening in the future.
We are concerned that there will be more activity caused by these scrapers on our web app, which will cause mayhem on our web app.
We need someone who has experience in making Ruby based web apps more secure, and in blocking off scrapers from hacking into the database. Someone who knows AWS, Ruby, PostSQL, Sidekiq, and is a Cyber Security Professional.
About the recuiterMember since Mar 14, 2020 Nimish Gupta
from Guangdong, China