1920 - Provision of Dynamic Application Security Testing services SAAS.

Descriptions

An Post is seeking to enter into a Framework Agreement with one provider to meet its requirements for the Provision of Dynamic Application Security Testing services SAAS. It is anticipated that the Framework Agreement will commence in H2 2019 and continue for a period of 1 years with an option to extend the Contract for a further 2 years. An Post utilise a Dynamic Web Application Security Testing (DAST) Software as a Service (SaaS) solution to assess the security of their public facing web applications and networks. The successful supplier’s SaaS solution will perform DAST assessments on the public facing web applications and networks designated as in scope by An Post. Please note CREST certification is mandatory for penetration testing services with the successful supplier. The solution must encompass a Client Access Portal that provides the following: - View the list of in scope assets/network ranges - Schedule on-demand ad-hoc assessments - View results of security assessments - View technical details of findings such as requests/responses as they relate to the vulnerabilities where applicable - Retest individual findings or entire host/range - Automatically generate vulnerability reports (Technical/Executive), ability to also generate reports based on compliance requirements such as PCI-DSS - View trends for assets/network ranges - Ability to generate email alerts based on various criteria such as: Assessment started/completed, new vulnerability found, port opened, new host detected and so on - Multi Factor authentication support for administrative access to the portal - Client Access Platform must be hosted in the EEA Where reference is made to any brand name or proprietary product or service this is for reference purposes only and should be interpreted to be accompanied by the words, “or equivalent”. Any volumes contained in this notice are indicative only and An Post reserves the right to change in accordance with ongoing operational requirements.