View by Author

Most Recent Articles

Anchoram Consulting achieves CREST ANZ accreditation

Anchoram Consulting achieves CREST ANZ accreditation

The Anchoram Consulting story is based on integrity, with core […]

Share This Article:

CRET ANZ

CREST ANZ

The Anchoram Consulting story is based on integrity, with core operational values of timeliness, quality and transparency.

As innovative technologies continue to bolster visibility and connectivity, our organisational strategy must evolve to put people and outcomes ahead of profit. This is why Anchoram has based its core business principle on putting people first, always. Having the right people means that we can deliver the right outcomes. This ethos is why Anchoram Consulting sought the highly revered CREST ANZ accreditation. This accreditation demonstrates to our clients that Anchoram Consulting is dedicated to providing services that are high quality, accredited and accessible.

In this article, we’ll explain what CREST is, what it means for Anchoram Consulting, and what it means for you – our clients.

What is CREST?

CREST Australia New Zealand (ANZ) is an internationally recognised accreditation body that offers certification for organisations that provide penetration testing, vulnerability assessments and other cybersecurity services. By accrediting companies and certifying individual practitioners, CREST ensures that organisations operate with integrity, demonstrate technical expertise, follow best practices in cybersecurity testing and consultancy, and ensure that companies adhere to the highest standards of technical excellence, professionalism and ethics.

For Anchoram Consulting, CREST accreditation is more than a credential, it is a testament to the company’s unwavering commitment to quality and trust. Achieving this accreditation requires enhancing internal processes, such as rigorous auditing of service delivery methods, adherence to CREST’s strict code of conduct, and ensuring employee certifications meet industry-leading standards.

This alignment pushes Anchoram Consulting to refine every aspect of its operations, from testing methodologies to data handling and reporting procedures. It demonstrates that Anchoram Consulting not only meets global cybersecurity benchmarks but also actively contributes to improving security standards in the industry.

CREST accreditation enhances Anchoram Consulting’s reputation as a trusted cybersecurity partner, paving the way for greater collaboration with clients, government and industry leaders​.

As a fully accredited organisation, Anchoram Consulting gains access to CREST’s knowledge base, professional development programs and network of trusted partners. These resources further empower our consultancy team to tackle emerging threats, use innovative tools and deliver services with precision and integrity.

What does it mean for our clients?

Anchoram Consulting’s CREST accreditation directly benefits our clients by providing them with unparalleled confidence in service quality. Clients can trust that the cybersecurity solutions we offer are crafted and executed by highly skilled professionals with verified expertise. This ensures that every service, from penetration testing to vulnerability assessments, is tailored to the client’s unique requirements, using cutting-edge techniques and adhering to robust methodologies​.

CREST accreditation also means that Anchoram Consulting’s processes undergo regular audits, offering clients transparency and assurance that their data and systems are handled securely and ethically. For organisations seeking a reliable cybersecurity partner, Anchoram’s CREST membership serves as a hallmark of excellence, guaranteeing actionable insights, comprehensive risk mitigation and adherence to best practice.

By choosing Anchoram Consulting, clients benefit from the security and peace of mind that comes from working with a CREST-certified provider, ensuring the  partnership is based on trust, expertise and proven results​.

Below  are some case studies from previous engagements, and a testimonial from one of our clients demonstrating how our services have been of benefit to them.

Case study 1

Enhancing Security in an Educational Technology Platform

Background:
A client operating in the educational technology sector engaged Anchoram Consulting to assess the security of their web application, APIs and mobile platforms. The platform provides critical services to students and educators, necessitating a robust security framework to protect sensitive data and ensure operational continuity.

Engagement Overview:
The scope of the engagement included a comprehensive penetration test covering the client’s web application, mobile apps (iOS and Android) and Azure cloud configuration. The assessment aimed to uncover vulnerabilities that could be exploited by threat actors, with a focus on areas such as authentication, session management, input validation and compliance with OWASP standards.

Findings and Recommendations:
Our review and assessment identified several vulnerabilities, including but not limited to:

  • Cross-Origin Resource Sharing (CORS) Policy Issues: Arbitrary origins were trusted, creating potential exposure to unauthorised access. A recommendation was made to implement a whitelist of trusted domains.
  • Outdated JavaScript Dependencies: Vulnerabilities in third-party libraries were flagged. Anchoram Consulting recommended routine updates to mitigate risks.
  • Weak Password Policies: Password lockout mechanisms were insufficient. Recommendations included enforcing strong passwords, multi-factor authentication and lockout protocols.
  • Improper Error Handling: Error messages exposed sensitive information, risking potential reconnaissance by attackers. Generic error messaging was advised.

Impact:
The outcome of this engagement helped the client address critical vulnerabilities, ensuring a stronger security posture. The implementation of recommended mitigations significantly reduced the risk of data breaches and enhanced the trust of platform users.

Case study 2

Securing a Healthcare Meal Ordering System

Background:
A government healthcare provider contracted Anchoram Consulting to evaluate the security of their web-based meal ordering application. Their system manages sensitive patient dietary data, requiring stringent protection against potential breaches.

Engagement Overview:
The penetration test was scoped to the web application, focusing on vulnerabilities affecting user authentication, data handling and system configuration. Both authenticated and unauthenticated access scenarios were tested to mimic real-world attack vectors.

Findings and Recommendations:
Key findings included, but were not limited to:

  • Cross-Site Request Forgery (CSRF): A critical vulnerability was identified in core functionality. Anchoram Consulting advised implementing anti-CSRF tokens to mitigate the risk.
  • Configuration Information Disclosure: Sensitive paths were exposed in application responses, providing attackers with insights into the application architecture. The recommendation included removing or securing configuration details.
  • Vulnerable JavaScript Libraries: Outdated dependencies posed a risk of exploitation. Regular updates and removal of unused libraries were advised.
  • Information Disclosure: Server version information and default IIS pages increased the attack surface. Steps were taken to suppress these disclosures.

Impact:
Through the application of Anchoram Consulting’s recommendations, the client achieved a significant improvement in their security posture. This not only mitigated immediate threats, but also ensured compliance with healthcare data protection standards, safeguarding patient trust.

Testimonial

Cyber Security Health Check for Comparify

Industry: Technology Services
Services: Cyber Security Health Check and Risk Assessment

The Challenge

As a leading platform for comparison services, Comparify operates in a highly competitive and data-sensitive industry. With an increasing volume of customer data and an evolving threat landscape, the company recognised the importance of proactively identifying potential vulnerabilities in its systems. Comparify sought an independent assessment to validate their existing security measures and enhance their overall cyber resilience.

The Solution

Anchoram Consulting conducted a comprehensive Cyber Security Health Check tailored to Comparify’s unique requirements. This involved:

  • System and Network Review: Evaluating infrastructure for potential vulnerabilities.
  • Policy and Governance Review: Ensuring alignment with industry best practices.
  • Risk Identification and Prioritisation: Highlighting critical risks requiring immediate action.

Anchoram Consulting provided detailed reports that included actionable recommendations:

  • Executive Report: A concise overview for decision-makers, presenting key findings and strategic insights.
  • Technical Report: An in-depth analysis designed for IT teams to address technical issues effectively.

The Outcome

The health check reinforced Comparify’s commitment to safeguarding their operations and customer data. Key outcomes included:

  • Identification and mitigation of critical vulnerabilities.
  • Enhanced understanding of their cyber risk profile.
  • Clear roadmap for improving security practices and technology implementation.

Client Testimonial

“Engaging with Anchoram Consulting gave us the confidence to address potential weaknesses before they could become critical. Their tailored approach, clear communication and detailed reporting exceeded our expectations, providing both strategic and technical insights that empower us to continuously improve. We highly recommend their services to organisations committed to robust cybersecurity.”
Karl Eckert – Co-Founder, Comparify

The Anchoram Consulting story is based on integrity, with core […]

Share This Article:

Categories

Subscribe

Subscribe to our newsletter and get the latest news and information from Anchoram.

View by Author

Most Recent Articles

Author Profiles