Penetration testing attestation
Independent security testing completed
Lean Security confirms that it performed independent Web Application and API Penetration Testing for Connect Psych Services Pty Ltd. Initial testing was conducted from 17-27 October 2025, followed by remediation verification completed on 22 December 2025.
The overall security posture was assessed as Low risk at the conclusion of the engagement.
Residual observations: 4 Low-risk and 1 Informational. These relate to security hardening and architectural best practice and are documented in the confidential technical report.
- Assessed entity
- Connect Psych Services Pty Ltd
- Assessment type
- Web Application and API Penetration Testing
- Defined scope
- Connect Psych platform and associated APIs across 11 nominated in-scope hosts
- Testing model
- Authenticated and unauthenticated manual security testing
Assurance basis
Testing included manual verification, controlled exploitation, authentication and authorisation analysis, API access-control testing and supporting automated analysis. The methodology was aligned with OWASP Top 10:2021, OWASP ASVS and NIST SP 800-115.
Testing was performed against the nominated staging environment. Connect Psych Services confirmed that this environment was a configuration-identical mirror of production at the time of testing.