I need a thorough gray-box penetration test on my production website, with the single overriding aim of uncovering every practical vulnerability before any attacker does. I will provide the credentials and limited internal information you need, but I want you to approach the assessment as an informed outsider. Please concentrate your effort on three critical areas of the application: the login and authentication flow, any data-storage or database components exposed through the site, and every user-input form. Within those zones, actively attempt SQL Injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF). Feel free to expand to other OWASP-Top-10 issues if your reconnaissance suggests additional risk. A methodical approach that combines manual exploration with tools such as Burp Suite, OWASP ZAP, or similar industry-standard utilities is preferred. Keep detailed notes, screenshots, and packet captures where relevant so that every finding can be reproduced internally. Deliverables I expect: • A concise executive summary for management. • A technical report listing each vulnerability, its risk rating, proof-of-concept steps, and clear remediation advice. • All raw logs or scripts created during testing, so we can perform a future retest. • A brief follow-up consultation to clarify findings once the report is delivered. If that scope aligns with your skill set, let me know your estimated timeline and any access details you require to get started.