Skip to main content

Help us improve the Digital Marketplace - send your feedback

FullProxy Ltd

Pen Testing - Application Security

Penetration testing is a vital first line of defence for anyone managing a website. It replicates the actions a hacker would take to try to penetrate your cyber defences and shows you where the vulnerabilities lie. FullProxy provide a range of advanced and affordable options from one-off to continuous testing.

Features

  • Pinpoint the location of vulnerabilities in your network
  • Find all of your web assets
  • Get PCI-DSS certified
  • Self administer option

Benefits

  • Full actionable report details vulnerabilities
  • Access to an expert consultant to discuss findings
  • Advice on remediation
  • Quick and easy to administer
  • PCI-DSS certification in one click

Pricing

£2,995 an instance

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at g-cloud@fullproxy.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

6 4 0 6 4 2 8 7 1 3 1 9 9 7 3

Contact

FullProxy Ltd Chris Templeton / Ewan Ferguson
Telephone: 0141 291 5500
Email: g-cloud@fullproxy.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Invicti products
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
Details provided within supplied documentation
System requirements
  • Requirements dependent upon environment in which products are deployed
  • See vendor website or documentation for details
  • Minimum requirements are available on request

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Response time SLAs are negotiable with the client
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Yes, at an extra cost
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
N/A
Web chat accessibility testing
N/A
Onsite support
Yes, at extra cost
Support levels
Access to Support differs with contract purchased.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Pre-sales consultancy Online Training User documentation
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
No user data is retained as part of the service.
End-of-contract process
Renewal notice issued 90 days prior to contract end date.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Mobile is an app. There is no desktop service
Service interface
No
User support accessibility
None or don’t know
API
Yes
What users can and can't do using the API
Configuration, Analysis
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Different pen testing tiers available

Scaling

Independence of resources
The underlying resources (CPU and Memory) are under the control of the client and can be extended if required. The product is sold based on per instance therefore a client may have to purchase multiple instances if usage goes beyond initially anticipated levels.

Analytics

Service usage metrics
No

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Invicti

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Configuration data can be archived in a compressed multi-file archive or single file format and downloaded. The API can also be used to export the config.
Data export formats
Other
Other data export formats
  • Text
  • Zip
Data import formats
Other
Other data import formats
  • Text
  • Zip

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Availability of the deployed service is the responsibility of the customer
Approach to resilience
This information can be made available upon request
Outage reporting
This information can be made available upon request

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Role based access control
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QMS International Ltd
ISO/IEC 27001 accreditation date
30/11/2022
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Security governance policies available upon request

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Documentation on configuration and change management approach can be provided on request.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Documentation on configuration and change management approach on request
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Documentation on Proactive monitoring approach can be made available on request.
Incident management type
Supplier-defined controls
Incident management approach
Documentation on Incident Management approach can be made available on request

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

FullProxy's position on Social Values can be provided upon request

Covid-19 recovery

FullProxy's position on Social Values can be provided upon request

Tackling economic inequality

FullProxy's position on Social Values can be provided upon request

Equal opportunity

FullProxy's position on Social Values can be provided upon request

Wellbeing

FullProxy's position on Social Values can be provided upon request

Pricing

Price
£2,995 an instance
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
A free or trial version/PoC can be requested from FullProxy. More details can be provided upon request.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at g-cloud@fullproxy.com. Tell them what format you need. It will help if you say what assistive technology you use.