Bids Are Invited For Custom Bid For Services -The Overall Scope Of Work Of The Bidder(S) Would Be As Follows: (I) Department Has Developed A Website With Its Url As Www.Gstmumbaicentral.Gov.In Andit Consists Of About 150+ Numbers Of Dynamic Pages Gener, MUMBAI-Maharashtra

Bids Are Invited For Custom Bid For Services - ---The overall scope of work of the bidder(s) would be as follows: (i) Department has developed a website with its URL as www.gstmumbaicentral.gov.in andit consists of about 150+ numbers of dynamic pages generated using Wordpress The website is English language and has been hosted on Indian Data centre. (ii) VAPT is essential with frequency at least bi-annually or whenever significant changes have been made in website IT Infrastructure. (iii) The Information Security Auditors/SI is expected to carry out an assessment of the vulnerabilities, threats and risks that may exist in the above website through Internet Vulnerability Assessment and Penetration Testing which includes identifying remedial solutions and implementation of the same to mitigate all identified risks, with the objective of enhancing the security of the website. (iv) The SI should provide the Web Security Audit certificate from the empanelled agency under Indian Computer Emergency Response Team (CERT-In) under the Department of Information Technology, Government of India. (v) The website audit should be done by using Industry Standards and as perthe Open Web Application Security Project (OWASP) methodology. (vi) The audit of the website should be conducted in conformity with Cert-In guidelines. After successful security audit of the website, the security audit report from the auditor should clearly state that all web pages along with respective linked data files (in pdf / doc / xls etc. formats), all scripts and image files are free from any vulnerability or malicious code, which could be exploited to compromise and gain unauthorized access with escalated privileges into the webserver system hosting the said website. (vii) Vulnerability Assessment & Penetration Testing - Black Box testing, entire Information System (detailed list of setups to be provided at the time of commencement of VAPT). (viii) Vulnerability Assessment and Penetration Testing should cover Department’s website completely. (ix) Selected bidder should carry out an assessment of threat & vulnerabilities and assess the risks in website. This will include identifying existing threats if any and suggest remedial solutions and recommendations of the same to mitigate all identified risks, with the objective of enhancing the security of the website. (x) The Penetration testing services should combine both manual and automated techniques to ensure DEPARTMENT’s website is properly protected and that compliance requirements are being met. The vulnerabilities and risks to DEPARTMENT by performing a real-world attack and recommendations should be delivered for remediation with a detailed report depicting a complete view of ICT systems in place for the website. The selected bidder is expected to develop a detailed plan, to perform the test and provide a full report, and also the bidder should have expertise to help to improve DEPARTMENT’s security posture with best industry standards and practices. (xi) Bidder is expected to perform a re-assessment afterremediation phase is over and all the identified vulnerability is fixed. Also, bidder is expected to submit detailed report on the status of identified vulnerabilities being resolved.

Refer document

Refer document

INR 5 Lakhs /-