Information Security


Security Testing

We provide the following security testing services: vulnerability scanning, web application testing and penetration testing.

Security Testing

Vulnerability scanning

We can perform an automated scan of your host(s) under your jurisdiction and provide you with a report of the vulnerabilities found. The scan will consist of a portscan of your server using Nessus (or similar tools) which will enable us to advise you of anything that is out of date, or any insecure services. This can be done as a one-off or on a monthly basis. 

Web application testing

We can review the operation and access controls of your web application, and provide you with a report detailing findings by risk level. This will typically require a test login to the application.

Penetration testing

Upon request, we can conduct a detailed security assessment of your host(s) or a particular web application. The testing will be performed following a suitable scoping exercise. This will start with a vulnerability scan, but will also verify and attempt to exploit possible vulnerabilities. We will provide you with a report outlining our confirmed findings by risk level and our advice on remediation.

External penetration testing

We can also arrange for external penetration testing, with a CHECK and CREST certified company, which would need to be funded by the requesting department.

Just email isg@ucl.ac.uk to book.