Our work

Engagements that made a difference

A selection of security assessments across government agencies, technology platforms, and private sector organisations. Client identities are protected by default — details shared on request for qualified prospects.

Government Agency

State Government Web Portal

Multi-year web application security engagement covering a high-traffic public-facing government portal and all associated endpoints, APIs, and backend systems serving millions of state residents.

Sector Government / Public Sector
Engagement type Web application pentest, ongoing partnership
Duration Multi-year engagement

Scope & challenge

  • Large-scale government portal with multiple interconnected applications and services
  • Public-facing APIs handling sensitive citizen data and transactions
  • Complex authentication and authorisation architecture across departments
  • Regulatory and compliance requirements for government data handling
  • Requirement for zero-downtime testing during live service hours

Outcomes

  • Full OWASP Top 10 assessment across all public-facing applications and APIs
  • Identified and confirmed remediation of all critical and high-severity vulnerabilities
  • Delivered executive and technical reporting aligned to government compliance requirements
  • Established an ongoing security partnership for continuous assessment over multiple years
  • Zero service disruption throughout the engagement
Education Technology

EdTech Assessment Platform

CMS security assessment combined with a full architecture review of a custom-built multi-tier student assessment platform handling sensitive educational performance data for K-12 and higher education clients.

Sector Education Technology
Engagement type Web application pentest, architecture review
Stack CMS, custom n-tier application, cloud-hosted

Scope & challenge

  • WordPress-based CMS with custom plugins handling user authentication and data storage
  • Custom-built student assessment application with complex multi-role access control
  • Sensitive student performance data requiring strong data segregation controls
  • Multiple third-party integrations introducing additional attack surface

Outcomes

  • Full CMS penetration test identifying plugin vulnerabilities, misconfigured permissions, and authentication weaknesses
  • Architecture review of the custom application revealing data segregation gaps
  • Hardened CMS configuration and reduced attack surface across all components
  • All critical and high findings validated as remediated within 30 days
Private Sector

Residential Services Company

Network and web application security assessment for a growing services organisation expanding its digital infrastructure and handling increasing volumes of sensitive client data.

Sector Private / Residential Services
Engagement type Network pentest, web application assessment
Focus Infrastructure security, client data protection

Scope & challenge

  • Internal and external network infrastructure with legacy and modern components
  • Customer-facing web portal handling booking, payments, and personal data
  • Growing organisation without a dedicated security team
  • Need for actionable findings accessible to non-technical management

Outcomes

  • Full internal and external network penetration test identifying critical misconfigurations
  • Web application and customer portal assessment with OWASP-aligned findings
  • Executive-level reporting delivered alongside technical findings
  • Remediation roadmap prioritised by risk to help the team focus limited resources
  • Follow-up retest confirmed all critical issues resolved

Want to see how we work?

Get in touch and we will walk you through our methodology and what to expect from an engagement.

Start a conversation