TenderDekho Logo
GEM

Mod Sectt Establishment Vulnerability & Penetration Testing Tender in Defence Sector, Web App Security (OWASP Top 10) 2026

Bid Publish Date

06-Feb-2026, 3:01 pm

Bid End Date

16-Feb-2026, 3:00 pm

Location

NEW DELHI , DELHI

Progress

Issue06-Feb-2026, 3:01 pm
AwardPending
Explore all 4 tabs to view complete tender details

Quantity

1

Bid Type

Two Packet Bid

Key Highlights

  • Precise scope: vulnerability testing of web applications with OWASP Top 10 alignment
  • Service location requirement: on-site support and local presence in consignee state
  • Contract flexibility: quantity/duration can shift by 25% at issuance and post-issuance
  • Liability: bidder remains jointly and severally liable with any assignee/sub-contractor
  • Documentation posture: mandatory certificate uploads and ATC-compliant submissions
  • Escalation: defined service support escalation matrix with contact numbers
  • Risk & security emphasis: malware analysis and pre-hosting assessments before deployment
  • No BOQ items: indicates a framework for security services rather than goods

Categories 5

CA FIRM INFORMATION SECURITY ACCOUNTANT FIRM WEB SECURITY AUDIT

Tender Overview

Mod Sectt Establishment of the Department Of Defence invites bids for Vulnerability and Penetration Testing - Web Application services, including application security audit (OWASP Top 10), Malware Analysis, and Pre-hosting assessment of applications. The scope covers ethical hacking, vulnerability addressing, and a plug-in solution recommendation. The contract contemplates service provision with on-site support, and a potential quantity/duration adjustment up to 25% at the time of issue and post-issue. The bidder must demonstrate the ability to operate within the consignee’s state through an accredited service presence. No BOQ items are listed, indicating a broad security testing framework rather than commodity goods.

Technical Specifications & Requirements

  • Scope: Web application security testing and risk assessment aligned to OWASP Top 10.
  • Services: Vulnerability assessment, penetration testing, malware analysis, and pre-hosting evaluation of applications prior to deployment.
  • Deliverables: Plug-in solution recommendation for existing infra and mitigation plan addressing identified findings.
  • Compliance: On-site service capability with a dedicated escalation matrix; service provider office must be located in the state of the consignee.
  • Documentation: Required to provide technical compliance and escalation details; no itemized BOQ present.
  • Additional controls: Joint liability with assignee/sub-contractor for contract performance; contractor shall not assign or subcontract without prior written consent.

Terms, Conditions & Eligibility

  • Quantitative flexibility: Up to 25% variation in contract quantity or duration, with acceptance of revised terms.
  • Procurement sensitivity: No assignment or subcontracting without prior consent; ultimate liability remains with the bidder.
  • Financial health: Bidder must declare absence of liquidation/bankruptcy; upload undertaking with bid.
  • Certifications: Upload all certificates/documents requested in the Bid document/ATC/Corrigendum; ensure presence of OEM authorizations if applicable.
  • Local presence: Office of service provider must be in the state of the consignee; escalation matrix required for service support.

Key Specifications

  • Vulnerability and Penetration Testing scope for web applications with OWASP Top 10 alignment

  • Malware analysis and pre-hosting assessment services

  • Plug-in solution recommendation to mitigate findings

  • On-site service capability in consignee state with documented escalation matrix

  • Joint liability with subcontractors and no unauthorized assignment

Terms & Conditions

  • 25% quantity/duration adjustment allowed; acceptance required

  • No subcontracting without prior written consent from buyer

  • Bidder must not be in liquidation or bankruptcy; provide undertaking

  • Mandatory certificates/documents must be uploaded as specified

  • Office of service provider must be located in the consignee state

  • Escalation matrix for service support required

Important Clauses

Payment Terms

The tender permits quantity/duration variation up to 25% at contract issue and thereafter; payment terms not explicitly defined in data provided.

Delivery Schedule

No explicit delivery timeline; service delivery is contingent on on-site support and project milestones defined in ATC.

Penalties/Liquidated Damages

No LD details provided in data; penalties likely governed by ATC and supplier agreement.

Bidder Eligibility

  • Evidence of non-liquidation/bankruptcy and financial viability

  • Ability to provide on-site security testing services in consignee state

  • Compliance with ATC/corrigendum certificates and required OEM authorizations

Documents 4

GeM-Bidding-8839007.pdf

Main Document

Scope Of Work Document

SCOPE_OF_WORK

Buyer uploaded ATC document

ATC

GEM General Terms and Conditions Document

GEM_GENERAL_TERMS_AND_CONDITIONS

Past Similar Tenders (Historical Results)

5 found

Vulnerability and Penetration Testing - Cyber Security Audit; Security & Compliance Audit Report(Co

Directorate General Of Quality Assurance ( Dgqa)

KANCHIPURAM, TAMIL NADU

Posted: 23 January 2026
Closed: 2 February 2026
GEM

Vulnerability and Penetration Testing - Network; Security Infrastructure Review; Vulnerability Addr

Sashastra Seema Bal (ssb)

DURG, CHHATTISGARH

Posted: 12 January 2026
Closed: 27 January 2026
GEM

Directorate General Of Quality Assurance Vulnerability Testing Tender Hyderabad Telangana 2026 CERT-IN empaneled

Directorate General Of Quality Assurance ( Dgqa)

HYDERABAD, TELANGANA

Posted: 9 January 2026
Closed: 19 January 2026
GEM

Directorate General Of Quality Assurance Cyber Security Audit Tender 2025 DGQA Defence Production Network Security & ISA Compliance

Directorate General Of Quality Assurance ( Dgqa)

MUMBAI, MAHARASHTRA

Posted: 1 January 2026
Closed: 12 January 2026
GEM

Centre for Development of Advanced Computing Vulnerability and Penetration Testing Tender Pune Maharashtra OWASP Top 10 2025

Centre For Development Of Advanced Computing (c-dac)

PUNE, MAHARASHTRA

Posted: 26 December 2025
Closed: 5 January 2026
GEM

🤖 AI-Powered Bidder Prediction

Discover companies most likely to bid on this tender

Live AI
Historical Data

Required Documents

1

GST registration certificate

2

Permanent Account Number (PAN) card

3

Experience certificates of similar security testing engagements

4

Financial statements demonstrating financial stability

5

EMD/Security deposit documentation (if applicable per ATC)

6

Technical bid documents and method statements

7

OEM/partners authorizations (if required)

8

Escalation matrix and service support contact details

9

Proof of local service office in the consignee state

Frequently Asked Questions

Key insights about DELHI tender market

How to bid for vulnerability testing tender in defence sector 2026

Bidders must meet eligibility criteria including on-site service capability in the consignee state, submission of GST, PAN, and experience certificates, plus OEM authorizations if required. Provide a detailed method statement for OWASP Top 10 aligned testing and malware analysis, with an escalation matrix and compliant documentation in the bid submission.

What documents are required for web app security tender in defence

Required documents include GST certificate, PAN, company financial statements, prior security testing experience certificates, OEM authorizations, technical bid, and an escalation matrix. Upload certification proof referenced in ATC and Corrigendum; ensure subcontractor approvals are documented if applicable.

What standards are expected for OWASP Top 10 based testing

Tenders expect OWASP Top 10 compliant testing with a formal vulnerability assessment and penetration testing delivered to mitigate web app risks. Provide methodology, risk ratings, and remediation recommendations aligned to industry best practices and security controls.

When is the service support escalation matrix required

An escalation matrix with telephone contacts must be submitted as part of the service support proposal. It ensures prompt issue resolution; include multiple levels (vendor, OEM, regional) with response times and hours of operation.

What is the local presence requirement for defence testing

The contractor must maintain an office or authorized service facility within the consignee state. Provide proof of address, local staff, and a dedicated point of contact for on-site security testing and post-deployment support.

What happens if contract quantity changes by 25%

The buyer may modify contract quantity/duration by up to 25%, requiring the bidder to adjust project scope and pricing accordingly. Acceptance of revised terms is mandatory for award continuation; ensure pricing reflects potential variation.

Similar Tenders

5 found

Cyber Security Audit - Infrastructure Audit, Security and Compliance Audit, Information Security Au

N/a

📍 CHHINDWARA, MADHYA PRADESH

Est: ₹10.0 L
⏰ Deadline: 2 weeks left
🛒 Type: Service
View GEM

Vulnerability and Penetration Testing - Network, Web Application; Application Security Audit (OWASP

National Security Guard (nsg)

📍 GURGAON, HARYANA

Est: ₹64,900
⏰ Deadline: 2 weeks left
🛒 Type: Service
View GEM
Urgent

Vulnerability and Penetration Testing - Network, Web Application, servers; Data Communications and

Tata Memorial Centre

📍 MUMBAI, MAHARASHTRA

EMD: ₹60,000
⏰ Deadline: 2 days left
🛒 Type: Service
View GEM
Urgent

Vulnerability and Penetration Testing - Desktop PCs & Routers; Security Infrastructure Review, Data

Director General Telecom Hq

📍 ERNAKULAM, KERALA

Est: ₹1.0 L
⏰ Deadline: 2 days left
🛒 Type: Service
View GEM
Urgent

Vulnerability and Penetration Testing - Cyber Security Audit; Security & Compliance Audit Report (C

Directorate General Of Quality Assurance ( Dgqa)

📍 KANCHIPURAM, TAMIL NADU

Est: ₹17,500
⏰ Deadline: 1 day left
🛒 Type: Service
View GEM