FIRST STEP WEB ASSESSMENT
What is a First Step Web Assessment (FSWA)?
A FSWA is a light-touch assessment of your website’s
security which highlights the most pressing weaknesses,
For example sensitive data exposure or vulnerable and outdated components.
Our work is non-intrusive and should have no effect on your website’s performance. All we need is the website address you would like us to assess.
Who should get a FSWA?
Any business that uses a website or web services.
What are the benefits to my business?
Informs you of high-level risks to your website;
Acts as a first step to minimise the chance of a criminal breaching your website and causing financial or operational disruption;
Provides you with reassurance that you are doing what you can to protect your services for the benefit of your customers and reputation.
How much does a FSWA cost?
Each service we offer is tailored to suit the needs of the business we are working with and is £180.

What do you get with our FSWA?
• A light-touch assessment carried out by Cyber PATH students, supported by our experienced private sector cyber security supervisors.
• A 2–3 page findings report highlighting any key areas of concern and suggested mitigation.
• An optional meeting with the team involved in your assessment to discuss any queries you may have.
• Guidance on the next steps to strengthen your cyber resilience.
​
Who is providing this service?
The National Cyber Resilience Centre Group’s (NCRCG) Cyber PATH student team, under the supervision of our leading cyber security practitioners.
Cyber PATH, coordinated centrally by the NCRCG, employs exceptional university students, who are looking to shore up the nation’s defences against cybercrime and gain vital experience in a commercial setting. Our students are passionate, background checked and insured. Speak to us if you want to find out more.
Will there be any disruption to your operations during the FSWA?
Our team will liaise with you to find a mutually suitable time to perform this assessment. Our work is non-intrusive and should have no effect on your website’s performance.
​
What we check and what do some of these words mean?
We try not to use technical jargon, but if there are some new words, we have a glossary.

How do you get a FSWA?
Simply email us and we can discuss any questions you have, the only information we need is the URL / website address of the service you would like to assess.
Technical Specifications
Action | First Step Assessment | Web Application Assessment |
---|---|---|
Report length | 1-2 pages | Extensive |
Report Detail | Overview | Highly detailed with an Exec Summary |
Broken Authentication | X | |
Software and data integrity failure | X | |
Security logging and monitoring failure | X | |
Server side request forgery | X | |
XML External Entities | X | |
Security Misconfiguration | X | |
Cross site scripting | X | |
SQL injection | X | |
Insecure Design | X | |
Broken Access Control | X | |
Vulnerable and Outdated components | X | X |
Sensitive Data Exposure | X | X |
Automated Vulnerability scan | X | X |
Reconnaissance / Enumeration | X | X |