We know that keeping your website secure can feel like an uphill battle. With a barrage of potential cyberattacks looming around every corner, it might seem impossible to safeguard your online presence. But don’t worry! At the Cyber Resilience Centre for the West Midlands, we offer a simple, effective service called First Step Web Assessment that is designed to help you pinpoint vulnerabilities and possible entry points that cybercriminals could exploit.  

What is a First Step Web Assessment? 

The First Step Web Assessment is a carefully created service that is brought to you by our team of trained Cyber Students under the supervision of senior cyber security practitioners with extensive private-sector experience. It’s a thorough yet straightforward assessment that helps you to lay the groundwork for better online security. 

Unlike our Web App Testing service, which offers a very detailed look into your website’s security, the First Step Web Assessment provides a light-touch assessment focusing on the reconnaissance stage. This initial phase is important because it’s the very first step an attacker would take to identify vulnerabilities in a target site. 

What is reconnaissance? 

In the cybersecurity world, reconnaissance is all about gathering information. For our First Step Web Assessment, we use both passive and active reconnaissance techniques to assess your site. Most of the assessment leans toward passive reconnaissance, where we gather information without actively engaging with your website. This approach allows us to identify outdated components and potential sensitive data exposure; essentially, highlighting risks that could leave your site vulnerable. 

But that’s not all! We also conduct automated scans, which fall under active reconnaissance. These scans look deeper, identifying vulnerabilities at a high level. Our trained cyber students use powerful tools from the Kali operating system to run these scans, ensuring we leave no stone unturned. 

What to expect in your assessment report 

Once our assessment is complete, you’ll receive a concise, non-technical report (about 2-3 pages long). This report outlines the risks we found and suggests mitigations tailored to the First Step Web Assessment criteria. It’s designed to give you a clear understanding of your website’s security posture, allowing for meaningful conversations with your developer, IT team, or hosting provider about how to enhance your security further. 

What our First Step Web Assessment assesses: 

Here’s a quick overview of the areas we cover during the First Step Web Assessment: 

• Domain and DNS records: We check for misconfigurations that could expose your site. 

• SSL certificates: Ensuring your site has a valid SSL certificate is vital for secure communications. 

• Email protections: We assess your email security to help prevent phishing and other attacks. 

• Security headers: Proper security headers can significantly improve your website’s defences. 

• Outdated components: Identifying outdated software helps mitigate known vulnerabilities. 

• Directory discovery: We look for exposed directories that could be exploited. 

• Automated scan vulnerabilities: Our automated tools provide a high-level overview of potential issues. 

What First Step Web Assessment does not include: 

To clarify, the First Step Web Assessment is not: 

• An exhaustive overhaul of your website to assess full functionality and settings. 

• A detailed assessment like our Web App Testing Service, which adheres to the OWASP methodology for a more in-depth analysis. 

  
  

Why choose the First Step Web Assessment? 

The First Step Web Assessment provides you with high-level insights into the risks of keeping your website live online. Our Cyber PATH student delivery team use a suite of tried-and-true assessment tools and techniques to align your website with current industry best practices. We’ll evaluate your site against known vulnerabilities, configuration issues, software risks, and overall functionality concerns. 

Ready to book a First Step Web Assessment? You can request one here.