top of page

Web Vulnerability Assessments

First Step Web Assessment (FSWA)

This service has been designed by our private-sector experienced security team to not only provide an initial assessment of your website but also to provide our cadre of cyber students an opportunity to further develop their skills under the strict management of our supervising team.

The FSWA is considered an initial light touch assessment of the website compared to the complete Web App Testing service (see below).

The FSWA service focuses on the reconnaissance stage for the site. Reconnaissance is the first stage a threat attacker would undertake to identify a vulnerable site. Both passive and active reconnaissance techniques will be used to assess the site.


However, the majority of the assessment will be passive. Passive reconnaissance is where we attempt to gain information about your site without actively engaging with it. Through the reconnaissance stage, outdated components and sensitive data exposure can be identified highlighting additional risks. 

A short non-technical report is created for you to show the risk to the site tested and the mitigations against the criteria of the FSWA. The report will allow you to consider the risk and encourage further discussion with the site's developer/IT/host provider to bolster your security further.

The FSWA is a set price due to the set parameters and time for testing.


We are offering this for £250, with a £50 subsidy for small and micro-businesses and charities.

Web App Vulnerability Assessment


This service assesses your website and web services for weaknesses. Based on best practice industry standards we will assess the top 10 security risks to websites and attempt to identity vulnerabilities.

This service also benefits from regional Police and National Cyber Security Centre intelligence to capture the very latest known threats and techniques used by cyber criminals. It should be noted that although the interaction with your systems is kept to a minimum, there is always a risk that poorly maintained or designed systems can suffer outages during vulnerability assessments.

That is why all web application vulnerability assessments are supported with back-out and recovery plans agreed in advance to minimise risk. This service assesses your website and web services for weaknesses. The service reporting will describe in plain language, what each weakness means to your business and the risks associated with each. Service reporting will include plans and guidance on how to fix those weaknesses.

We are able to recommend our IASME trusted partners network to provide additional services such as a full penetration test. If after this you need further support, we are able to recommend you to our network of trusted partners. These trusted partners have been subject to due diligence checks

by IASME, the accreditation body appointed by the National Cyber Security Centre to oversee the Cyber Essentials/Cyber Essentials Plus schemes. As such, they have a sound understanding of the most common cyber technical controls.

bottom of page