top of page
web app.png

First Step Web Assessment

What is a First Step Web Assessment?

Our ‘First Step Web Assessment’ has been designed by our private-sector experienced security team to not only provide you with an initial assessment of your website but also to provide our cadre of cyber students an opportunity to further develop their skills under the strict management of our supervising team.


The First Step Web Assessment (FSWA) is a service to assess your website. FSWA is considered an initial light touch assessment of the website compared to the complete Web App Vulnerability Assessment service offered.


The FSWA is a set price due to the set parameters and time for testing.


This service focuses on the reconnaissance stage for the site.

Reconnaissance is the first stage a threat attacker would undertake to identify a vulnerable site. Both passive and active reconnaissance techniques will be used to assess the site. However, the majority of the assessment will be passive. Passive reconnaissance is where we attempt to gain information about your site without actively engaging with it. Through the reconnaissance stage, outdated components and sensitive data exposure can be identified highlighting additional risks. 


The service also undertakes automated scans to identify vulnerabilities at a high overview level. Automated scans can be considered active reconnaissance as we will conduct scans against the site to gain further information. The trained Cyber PATH Student would assess the site using tools found within the Kali operating system. 


At the end of the allotted assessment time, a short non-technical report (2-3 pages) is created for you to show the risk to the site tested and the mitigations against the criteria of the FSWA. The report will allow you to consider the risk and encourage further discussion with the site's developer/IT/host provider to bolster your security further.


What FSWA assesses:

  • Domain and DNS records

  • SSL Certificates

  • Email protections

  • Security Headers

  • Outdated components

  • Directory discovery 

  • Vulnerabilities shown through automated scan 


The FSWA is not:

  • An overhaul of the site to assess the full functionality and settings within the site

  • A detailed assessment of the site compared to the Web App Testing Service, which follows the OWASP methodology

This service offers high-level insight into the risks associated with continuing to present their website online.


Our Cyber PATH student delivery team use a collection of tried and trusted assessment tools and techniques to assess the website against current industry recognised best practise. Our team will assess the website against known vulnerabilities, issues with configuration, risks relating to the software and risks relating to your website’s functionality.


£180 one off fee.

If you are a charity or a micro organisation we offer a £3o discount.

bottom of page