Lean Security Independent security assurance Assessment completed

Penetration testing attestation

Independent security testing completed

Lean Security confirms that it performed independent Web Application and API Penetration Testing for Connect Psych Services Pty Ltd. Initial testing was conducted from 17-27 October 2025, followed by remediation verification completed on 22 December 2025.

No Critical, High or Medium-risk vulnerabilities were identified within the defined scope at completion of the retest.

The overall security posture was assessed as Low risk at the conclusion of the engagement.

0 Critical
0 High
0 Medium

Residual observations: 4 Low-risk and 1 Informational. These relate to security hardening and architectural best practice and are documented in the confidential technical report.

Assessed entity
Connect Psych Services Pty Ltd
Assessment type
Web Application and API Penetration Testing
Defined scope
Connect Psych platform and associated APIs across 11 nominated in-scope hosts
Testing model
Authenticated and unauthenticated manual security testing

Assurance basis

Testing included manual verification, controlled exploitation, authentication and authorisation analysis, API access-control testing and supporting automated analysis. The methodology was aligned with OWASP Top 10:2021, OWASP ASVS and NIST SP 800-115.

Testing was performed against the nominated staging environment. Connect Psych Services confirmed that this environment was a configuration-identical mirror of production at the time of testing.