Security and vulnerability testing

The University Computer Security Incident Response Team (CSIRT) can offer comprehensive penetration testing on any research application.


Depending on the data classification of the data held within the system/application, CSIRT can run web penetration testing using the industry leading AppCheck NG software.  Following the scanning, you will receive a list of vulnerabilities and their rating/priority (high,medium,low).

If your research application is hosted on-campus, the team can also run infrastructure vulnerability testing on the servers hosting your application.

Where do I go for help?

Email the IT Service Desk (

Service cost

Free* *Unless "Strictly Confidential" data is held

Are there limits to the service?

If the data held in the system is classed as "Strictly Confidential" following a Privacy Impact Assessment (see point 14 on this FAQ ), third party scanning is required for security compliance.    

The third party scanning has costs that must be met by the researcher and hopefully will be caught at the grant proposal stage during the standard University grant proposal submission process.

Expertise level required to use this service