GSA CYBER SECURE LIMITED

Web Application Security Assessment

Web Application Testing is a critical process used to assess the security of web-based applications. It involves evaluating the application's vulnerabilities, weaknesses, and potential risks to ensure a robust and secure web presence. The testing can identify security flaws, such as input validation errors, authentication weaknesses, and improper access controls.

Features

• Web Application Security Testing
• Web Services Security Testing
• API Security Testing

Benefits

• Security Assurance
• Identify Vulnerabilities and Weaknesses
• Improved quality, performance, and functionality
• Protect Sensitive Data
• Compliance with Security Standards and Regulations
• OWASP Top Ten
• Understand and Manage Risk

£800 to £1,495 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at anthony.dickinson@gsaglobal.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

338603134968329

Contact

Anthony Dickinson
07900280470
anthony.dickinson@gsaglobal.com

Planning

• Planning service: Yes
• How the planning service works: GSA Cyber Secure will work with clients to help them plan both technical assurance testing and governance security projects. During this exercise, ; GSA Cyber Secure will gather key requirements, concerns and objectives for the project. Once identified, a detailed scope is created that defines requirements, testing boundaries and objectives. This is created by a technical lead consultant to ensure all technical details are captured, fully understood, the end deliverable is achievable, and objectives met. ; Projects can be started through the following processes:; • Submitting a direct request to the assigned account manager, either via email or phone.; • Initiating project requests via the GSA Cyber Secure Portal.; • Scheduled meetings between GSA Cyber Secure and the client often serve as a starting point for future projects.; Moreover, GSA Cyber Secure has the capability to develop work programs for clients upon request. These programs usually span six months or more and aim to accomplish specific business objectives or attain desired maturity levels.
• Planning service works with specific services: No

Training

• Training service provided: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: We offer both technical assurance testing of migrated cloud services to help identify risks, weaknesses and vulnerabilities and cloud consultancy to ensure secure design and implementation. See our Cloud Security Assessment Services.
• Setup or migration service is for specific cloud services: Yes
• List of supported services:
  • Azure
  • AWS
  • Google Cloud Platform

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: We have defined processes to ensure quality and consistency in our projects. These include detailed methodologies, QA workflows and project checklists, KPIs and updates. ; ; GSA Cyber Secure are aligned to ISO9001.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
• Other security services:
  • Cyber Due-Diligence
  • Insider Risk
• Certified security testers: Yes
• Security testing certifications:
  • CREST
  • Cyber Scheme
  • Other
• Other security testing certifications:
  • CISSP
  • OSCP
  • ISO27001 Lead Auditor

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: Constraints are specific to the client requirements, system(s) under test and assessed at time of engagement.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Emails are followed up within 24 hours during normal UK working hours. For active project support, these are followed up within 4 hours during normal UK working hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: At no additional cost, GSA Cyber Secure will appoint three main points of contact.; Firstly, a dedicated account manager who will be the main point of contact and deal with the day-to-day queries / tasks from the client, including regular catchups and programme progress with the client’s project manager. ; Secondly, a technical champion from GSA will be assigned to the programme who can be the regular technical point of contact to help scope, interpret findings and deal with technical queries. This provides a consistent technical point of contact and familiarity with the projects.; Lastly, a senior manager will oversee the project and provide high-level guidance and support and be the first escalation path for any issues / concerns the client may have.; At an individual project level, the main points of contact during project scoping and scheduling will be the dedicated account manager and the operations team.; Once in project delivery, the lead consultant will provide daily summaries of progress and raise any issues / concerns with the clients’ project manager / technical contact.; Both the lead consultant and technical champion (if different) will be available post-project to answer any queries.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 15/12/2023
• What the ISO/IEC 27001 doesn’t cover: A.10.2 Key Management. ; A.11.1.6 Delivery and loading areas.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Crest Penetration Testing accredited company
  • Crest Vulnerability Assessment accredited company

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At GSA Cyber Secure we actively promote and encourage steps to reduce our carbon footprint by:; - Support remote working to reduce carbon emissions.; - Effective recycling in our offices.; - Downsizing or closure of offices no longer required.; - Reviews of our travel policy to reduce travel where appropriate and encourage use of more efficient travel modes. ; - Encouraging the use of remote testing to reduce unnecessary journeys. ; - Ensuring all systems / servers are powered down when not required. ; - Providing a EV car scheme.

  Equal opportunity

  GSA Cyber Secure and our parent company, GSA Global, are equal opportunities employer.

  Wellbeing

  Our founding principles are built on honesty, transparency, and quality in our dealings with clients. This allows us to provide a healthy work-life balance for our employees via structured utilisation that provides time and the flexibility to both develop and maintain their skills, and deliver high quality service. Coupled with improved employee benefits and a mature forward-looking approach to common industry issues such as burn-out and mental health problems, allows all employees an effective work-life balance.

Pricing

• Price: £800 to £1,495 a unit a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at anthony.dickinson@gsaglobal.com. Tell them what format you need. It will help if you say what assistive technology you use.