Closed
Penetration Testing
Tender ID: 591735
Tender Details
Organisation:
Tender #:
PCS-02647
Status:
Closed
Publish Date:
8 August 2025
Closing Date:
19 August 2025
Closing Time:
11:59 PM (Australia/ACT)
Tender Description
This Tender is invited by the Issuer.
The duties of the engagement include:
- Test Scope: Identifying targets and test types based on threat modeling.
- Test Objectives: Pinpointing the penetration testers’ targets, determining the type of testing required, and gauging what success looks like.
- Attack Sources: Testing from both internal and external sources to the Department.
- Test Schedule: Establishing a timeline for the testing activities.
- Test Cases: Informed by industry guides.
- Rules of Engagement: Outlining permitted and disallowed activities during testing.
The Penetration Test Report should include:
- Executive summary
- Scope
- Constraints and Assumptions
- Findings – Outcomes (positive or negative), Vulnerabilities, and Issues
In-Scope Activities
- Web application testing (authenticated & unauthenticated)
- Directory fuzzing (RecurSense)
- Token manipulation and session replay
- Business logic flaw discovery
- Role-based access control testing
- TLS and cipher configuration review
Out-of-Scope Activities
- Denial-of-Service (DoS) testing
- Network layer scanning (e.g., Nmap)
- Production systems
- Mobile application testing from public app stores
- MID Server, ODBC, Edge Encryption
- External ServiceNow-managed domains
Rules of Engagement
- No destructive testing (e.g., data deletion, service disruption)
- Testing must stop immediately upon critical system compromise
- Credentials must be securely used and within agreed roles
- Logs and evidence must be retained and shared
- Retesting may be performed after remediation is appliedEstimated start date: Monday, 01 September 2025
Initial contract duration: 3 months
Extension term: Not applicable
Location of work: ACT, NSW
Working arrangements: Hybrid