Client Story: Penetration Testing

August 11, 2022 • Client Story
Posted by
Arni Hardarson
Share this article

Overview

Tesserent provides penetration testing services for a large Australian government client. The client operates a complex ICT environment with a large annual ICT budget.

The client requires ongoing penetration testing to identify vulnerabilities and provide remediation advice across targets including custom-built applications, supporting infrastructure, and vendor solutions. These targets encompass a broad variety of technologies including Angular, NodeJS, Java, alongside products from SAP, Redhat, IBM and Microsoft.

What is penetration testing?

Penetration testing, or pen testing, is a type of cybersecurity testing that simulates hacking attempts on an organisation. Learn more about what is pen testing.


Project Delivery

Tesserent has worked with the client over a long period to refine the approach to penetration testing to achieve the optimum balance of effectiveness and efficiency to maximise the value of the penetration testing program. Tesserent takes a lead role in the operation of the program, working to continually improve the approach, techniques and outcomes used to deliver maximum value to the client. Tesserent works with stakeholders, including other service providers, to ensure the client’s needs are prioritised and business goals supported accordingly.

The Penetration tests were conducted over three phases:

  • Scoping: determining the scope of a test and conducting high level threat modelling to determine the best threats and attacks to simulate.
  • Planning: completing the preparation required to conduct the test. Gathering accounts, target hosts and IP addresses, reviewing design documentation and refining and validating the threat models created previously.
  • Delivery: completing the test applying both manual and automated techniques with tools including Burpsuite, Kali, Nessus, bespoke tools, and the department’s enterprise grade toolset to identify known and unknown (Zero Day) vulnerabilities in target applications, frameworks and infrastructure. Results are reported as they are identified, documenting, communicating and explaining vulnerabilities to affected teams to ensure that effective remediation is completed.

Outcome

Tesserent provided assurance to the client as to the technical security posture of the various systems and infrastructure under review.

This included:

  • Identification of systemic weaknesses within software development and service operations teams

  • Significant improvement in the client’s security posture

  • Identification and remediation of Zero Day vulnerabilities in Vendor products This provided the client with detailed information around potential security weaknesses, options for mitigating specific risks and information to be fed back to development teams to continuously improve the security of the wider environment over time.

Contact us

Speak with a Tesserent
Security Specialist

Tesserent is a full-service cybersecurity and secure cloud services provider, partnering with clients from all industries and all levels of government. Let’s talk.

Let's Talk
Tess head 4 min