Website Penetration Test

Cranfield UniversitycontractContracts FinderRef 246/SG/IS/WEB/FEB2016closed

Estimated value

Awarded value

Suppliers

0

Lots

1

0 awarded

Published

15 Feb 2016

Deadline 24 Feb 2016

Description

The overall aim of the project is to independently measure the effectiveness of security controls within the website, from an external perspective, outline any vulnerabilities and recommend improvements. Specific objectives are: • Assess the level of exposure that the site could present • Assess whether access levels can be escalated (known as privilege escalation) • Assess whether an unauthorised user can modify the site contents for other users • Assess whether any forms on the site allow unauthorised modification of data outside their intended purpose (i.e. SQL Injection attacks) • Assess the level of this exposure from an external attack (in regards to the protection of data held in the system) to ensure that security controls and coding controls are fit for purpose • Measure the degree of compliance with good practice • Identify actions that will reduce any identified risks to an acceptable level • Recommend improvements in security controls to prevent unauthorised access and misuse of the service (i.e. obtaining data of registered users of the site)

Scope

Reference
246/SG/IS/WEB/FEB2016
Commercial tool
Standalone contract
Contract dates
08 Mar 2016 to 03 Apr 2016
CPV classifications
72222300

Submission & procedure

Submission deadline
24 Feb 2016, 12:00 am