I need a tight, no-nonsense penetration test on my web application, with every bit of effort aimed at uncovering SQL injection vectors. The scope is limited to the publicly exposed app; network, mobile, and other layers can stay untouched for now. Once you sign an NDA I’ll provide a fresh staging clone, basic architecture notes, and test credentials. Your mission is to probe every input that reaches the database—manually and with trusted tools such as Burp Suite, sqlmap, or OWASP ZAP—then hand back clear, reproducible evidence of any flaw. Deliverables • A short report listing each SQLi finding with request/response proof, severity, and straightforward remediation guidance. • A written statement confirming the test caused no disruption or data exposure. When you pitch, keep it simple: show me the relevant experience you’ve had breaking web apps, especially any wins against injection flaws. I’m choosing the freelancer with the strongest, most directly applicable track record and the availability to wrap this test within the week.