top of page

EMCRC introduces First Step Web Assessment (FSWA) service

A core offering of the CRC network is the provision of affordable and accessible paid cyber resilience services, and our First Step Web Assessment is an affordable health-check for reviewing your online operation and ensuring you’re strong against the threat of cybercrime.

What is a First Step Web Assessment?

The First Step Web Assessment (FSWA) is a service to assess your website essentially. FSWA is considered an initial light touch assessment of the website compared to the complete Web App Testing service which we also offer.

You might think your online operations are all above board, but you can’t know for sure until you’ve been tested. Our FSWA will give you a detailed overview of what you need to do to increase your resilience to online crime.

Your business has been tested to the limit over the past few years. A pandemic, lockdowns and unpredictable - and unprecedented - markets have seen businesses come under pressure in recent times, but there's one more test that will give you confidence to keep your business operating.

Critically, our FSWA tests your website for vulnerabilities against cyber-attacks.

The finer (techy) details

This service focuses on the reconnaissance stage for your website. Reconnaissance is the first stage a threat attacker would undertake to identify a vulnerable site. Both passive and active reconnaissance techniques will be used to assess the site.

However, the majority of the assessment will be passive. Passive reconnaissance is where we attempt to gain information about your site without actively engaging with it. Through the reconnaissance stage, outdated components and sensitive data exposure can be identified, highlighting additional risks.

The service also undertakes automated scans to identify vulnerabilities at a high overview level. Automated scans can be considered active reconnaissance as we will conduct scans against the site to gain further information.

Our Cyber PATH students will be delivering your FSWA under the expert guidance of our cyber resilience professionals, allowing your business to benefit from high-quality service while supporting the development of our local highly skilled cyber students.

At the end of the allotted assessment time, a short non-technical report (2-3 pages) is created for you to show the risk to the site tested and the mitigations against the criteria of the FSWA. The report will allow you to consider the risk and encourage further discussion with the site's developer/IT/host provider to bolster your security further.

What FSWA assesses:

  • Domain and DNS records

  • SSL Certificates

  • Email protections

  • Security Headers

  • Outdated components

  • Directory discovery

  • Vulnerabilities shown through automated scan

The FSWA is not:

  • An overhaul of the site to assess the full functionality and settings within the site

  • A detailed assessment of the site compared to the Web App Testing Service, which follows the OWASP methodology

This service offers high-level insight into the risks associated with continuing to present your website online. Our Cyber PATH student delivery team use a collection of tried and trusted assessment tools and techniques to assess the website against current industry recognised best practise.

Our team will assess the website against known vulnerabilities, issues with configuration, risks relating to the software and risks relating to your website’s functionality.

For more information or to discuss and/or book your FSWA, please contact us.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page