Information Security


Security Testing

The Information Security Group provides vulnerability scanning, web application testing, and penetration testing services. Just email isg@ucl.ac.uk to book.

Vulnerability scanning

We can perform an automated scan of your host(s) under your jurisdiction and provide you with a report of the vulnerabilities found. The scan will consist of a portscan of your server using Nessus (or similar tools) which will enable us to advise you of anything that is out of date, or any insecure services. This can be done as a one-off or on a monthly basis.

Web application testing

We have a commercial tool, IBM Appscan, as well as open source tools, to review the operation and access controls of your web application, and provide you with a report detailing findings by risk level. This will typically require a test login to the application.

Penetration testing

Upon request, we can conduct a detailed security assessment of your host(s) or a particular web application. The testing will be performed following a suitable scoping exercise. This will start with a vulnerability scan, but will also verify and attempt to exploit possible vulnerabilities. We will provide you with a report outlining our confirmed findings by risk level and our advice on remediation.

External penetration testing

We can also arrange for external penetration testing, with a CHECK and CREST certified company, which would need to be funded by the requesting department.

Code review

We are planning on providing this service in the future, if you are interested please contact us for more information.