We provide the following security testing services: vulnerability scanning, web application testing and penetration testing.

Vulnerability scanning
We can perform an automated scan of your host(s) under your jurisdiction and provide you with a report of the vulnerabilities found. The scan will consist of a portscan of your server using Nessus (or similar tools) which will enable us to advise you of anything that is out of date, or any insecure services. This can be done as a one-off or on a monthly basis.
Web application testing
We can review the operation and access controls of your web application, and provide you with a report detailing findings by risk level. This will typically require a test login to the application.
Penetration testing
Upon request, we can conduct a detailed security assessment of your host(s) or a particular web application. The testing will be performed following a suitable scoping exercise. This will start with a vulnerability scan, but will also verify and attempt to exploit possible vulnerabilities. We will provide you with a report outlining our confirmed findings by risk level and our advice on remediation.
External penetration testing
We can also arrange for external penetration testing, with a CHECK and CREST certified company, which would need to be funded by the requesting department.
Contact us via https://myservices.ucl.ac.uk/ to book.