Penetration Testing - Payment Times Reporting Scheme (PTRS 3.0)

The Payment Times Reporting Scheme (PTRS) Customer Portal has undergone significant enhancements in Release 3.0, introducing new features and improved user experience. As part of the security assurance process, a penetration test (PEN Test) is required prior to go-live to ensure the portal meets stringent security standards and complies with the Authority to Operate framework.

The penetration test will focus on:

• External and internal attack surfaces of the PTRS portal, including web application, APIs, and authentication flows.
• Infrastructure and hosting configurations, such as WAF/CDN controls, TLS enforcement, and header security.
• Role-based access controls, session management, and data handling pathways.
• Dependency and configuration checks for CI/CD pipelines and exposed endpoints.

Testing must include both authenticated and unauthenticated scenarios and cover non-production and production-like environments.

Key Deliverables

• Executive Summary for senior stakeholders.
• Detailed Technical Report with evidence, risk ratings, and remediation recommendations.
• Retest Results (if required) to confirm vulnerability closure.

Estimated start date: Monday, 12 January 2026

Initial contract duration: 10 days

Extension term: Not applicable

Location of work: ACT

Working arrangements: Hybrid