WEBSITE ASSESSMENT
What is a First Step Web Assessment (FSWA)?
A FSWA is a light-touch assessment of your website’s security which highlights the most pressing weaknesses. For example sensitive data exposure or vulnerable and outdated components.
Our work is non-intrusive and should have no effect on your website’s performance. All we need is the website address you would like us to assess.
Who should get a FSWA?
Any business that uses a website or web services.
What are the benefits to my business?
-
Informs you of high-level risks to your website;
-
Acts as a first step to minimise the chance of a criminal breaching your website and causing financial or operational disruption;
-
Provides you with reassurance that you are doing what you can to protect your services for the benefit of your customers and reputation.
How much does a FSWA cost, will it disrupt my business operations and how long will it take?
As each Website Vulnerability Assessment is bespoke to the client’s requirements and needs, meaning the testing duration varies. Once all parties have signed off on the scope of the assessment, the assessment duration can be confirmed.
​
When scoping the project, we analyze and plan to avoid any disruptions. If necessary, we have the ability to conduct the assessment during weekends or evenings to avoid high-traffic hours. There will not be any disruption unless we advise you in advance and both parties are agreed on that.
Important Note: Outsourced developers/contractors are not necessarily responsible for the web application’s security. Our objectives and tooling are different. However, we work hand in hand with developers to address the security side of their operation.
​
The cost of the service is £180.
Who should get a FSWA and what are the benefits?
Any business that uses a website or web services should invest in a First Step Web Assessment.
​
-
With a Website Vulnerability Assessment, you want to identify any vulnerabilities before cyber criminals do.
-
Conducting a regular vulnerability scan will help you determine the effectiveness of any current security measures.
-
Performing a Website Vulnerability Assessment before launching a new website will reduce the risk of potential problems when you go live.
-
Vulnerability scanning mitigates the risks of a cyber attack, which will come with a range of costs, including reputational damage and financial penalties.
-
Whilst a Vulnerability Assessment is not explicitly required by the GDPR (General Data Protection Regulation), it does require organisations that process personal data to ensure that they have implemented appropriate technical and organisational security measures, including identifying vulnerabilities.
What do you get with our FSWA?
• A light-touch assessment carried out by Cyber PATH students, supported by our experienced private sector cyber security supervisors.
• A 2–3 page findings report highlighting any key areas of concern and suggested mitigation.
• An optional meeting with the team involved in your assessment to discuss any queries you may have.
• Guidance on the next steps to strengthen your cyber resilience.
​
Who is providing this service and what is the process behind the service?
The National Cyber Resilience Centre Group’s (NCRCG) Cyber PATH student team, under the supervision of our leading cyber security practitioners.
Cyber PATH, coordinated centrally by the NCRCG, employs exceptional university students, who are looking to shore up the nation’s defences against cybercrime and gain vital experience in a commercial setting. Our students are passionate, background checked and insured.
​
We will first conduct an initial meeting to discuss if this service is right for you, if this is deemed an appropriate service we will then arrange the assessment with you. Once the assessment has been completed, we will compile a findings report and send this to you. We will then arrange an in-person or virtual debrief with you to go through the findings so you can understand exactly what we found and any risks to your business.
​
What do you check?
-
Reconnaissance/Enumeration
-
Automated Vulnerability Scan
-
Sensitive Data Exposure
-
Vulnerable and Outdated Components
What are the Technical Specifications?
Action | First Step Assessment | Web Application Assessment |
|---|---|---|
Report length | 1-2 pages | Extensive |
Report Detail | Overview | Highly detailed with an Exec Summary |
Broken Authentication | X | |
Software and data integrity failure | X | |
Security logging and monitoring failure | X | |
Server side request forgery | X | |
XML External Entities | X | |
Security Misconfiguration | X | |
Cross site scripting | X | |
SQL injection | X | |
Insecure Design | X | |
Broken Access Control | X | |
Vulnerable and Outdated components | X | X |
Sensitive Data Exposure | X | X |
Automated Vulnerability scan | X | X |
Reconnaissance / Enumeration | X | X |