top of page


What is a First Step Web Assessment (FSWA)?

A FSWA is a light-touch assessment of your website’s security which highlights the most pressing weaknesses.  For example sensitive data exposure or vulnerable and outdated components.

Our work is non-intrusive and should have no effect on your website’s performance. All we need is the website address you would like us to assess.

Who should get a FSWA?

Any business that uses a website or web services.

What are the benefits to my business?

  • Informs you of high-level risks to your website;

  • Acts as a first step to minimise the chance of a criminal breaching your website and causing financial or operational disruption; 

  • Provides you with reassurance that you are doing what you can to protect your services for the benefit of your customers and reputation.

How much does a FSWA cost, will it disrupt my business operations and how long will it take?

As each Website Vulnerability Assessment is bespoke to the client’s requirements and needs, meaning the testing duration varies. Once all parties have signed off on the scope of the assessment, the assessment duration can be confirmed.

When scoping the project, we analyze and plan to avoid any disruptions. If necessary, we have the ability to conduct the assessment during weekends or evenings to avoid high-traffic hours. There will not be any disruption unless we advise you in advance and both parties are agreed on that.


Important Note: Outsourced developers/contractors are not necessarily responsible for the web application’s security. Our objectives and tooling are different. However, we work hand in hand with developers to address the security side of their operation.

The cost of the service is £180. 

Who should get a FSWA and what are the benefits?

Any business that uses a website or web services should invest in a First Step Web Assessment.

  • With a Website Vulnerability Assessment, you want to identify any vulnerabilities before cyber criminals do.

  • Conducting a regular vulnerability scan will help you determine the effectiveness of any current security measures.

  • Performing a Website Vulnerability Assessment before launching a new website will reduce the risk of potential problems when you go live.

  • Vulnerability scanning mitigates the risks of a cyber attack, which will come with a range of costs, including reputational damage and financial penalties.

  • Whilst a Vulnerability Assessment is not explicitly required by the GDPR (General Data Protection Regulation), it does require organisations that process personal data to ensure that they have implemented appropriate technical and organisational security measures, including identifying vulnerabilities.

What do you get with our FSWA?
• A light-touch assessment carried out by Cyber PATH students, supported by our experienced private sector cyber security supervisors.
• A 2–3 page findings report highlighting any key areas of concern and suggested mitigation.
• An optional meeting with the team involved in your assessment to discuss any queries you may have.
• Guidance on the next steps to strengthen your cyber resilience.


Who is providing this service and what is the process behind the service?
The National Cyber Resilience Centre Group’s (NCRCG) Cyber PATH student team, under the supervision of our leading cyber security  practitioners.

Cyber PATH, coordinated centrally by the NCRCG, employs exceptional university students, who are looking to shore up the nation’s defences against cybercrime and gain vital experience in a commercial setting. Our students are passionate, background checked and insured. 

We will first conduct an initial meeting to discuss if this service is right for you, if this is deemed an appropriate service we will then arrange the assessment with you. Once the assessment has been completed, we will compile a findings report and send this to you. We will then arrange an in-person or virtual debrief with you to go through the findings so you can understand exactly what we found and any risks to your business.

What do you check?

  • Reconnaissance/Enumeration

  • Automated Vulnerability Scan

  • Sensitive Data Exposure

  • Vulnerable and Outdated Components

What are the Technical Specifications?

First Step Assessment
Web Application Assessment
Report length
1-2 pages
Report Detail
Highly detailed with an Exec Summary
Broken Authentication
Software and data integrity failure
Security logging and monitoring failure
Server side request forgery
XML External Entities
Security Misconfiguration
Cross site scripting
SQL injection
Insecure Design
Broken Access Control
Vulnerable and Outdated components
Sensitive Data Exposure
Automated Vulnerability scan
Reconnaissance / Enumeration

Ready to increase your cyber resilience? 

 Take steps to improve your organisations understanding of cyber threats

and attacks by getting in touch with us today and

booking your consultation call with our team.

bottom of page