We use cookies to give you the best experience and to help improve our website

Find out more about how we use cookies

Choose whether to use cookies:

No thanks That's fine

Skip to main content

Jisc

You are in:

  • Cyber security
  • Penetration testing

Utilities:

  • Search the Jisc website
    Clear search results

Search the Jisc website
Clear search results

Navigation:

  • Allow and deny lists
  • BS 31111 audit and assessment
  • Critical services protection
  • Cyber Essentials
  • Cyber security assessment
  • Cyber security financial X-ray
  • CSIRT
  • Foundation DDoS mitigation
  • Email advice and testing
  • Janet Network resolver
  • Network time service (NTP)
  • Managed SIEM
  • Penetration testing
  • Primary nameserver service
  • Security operations centre
  • Simulated phishing and associated training
  • Splunk
  • Web filtering and monitoring framework
  • Vulnerability assessment service and tools supply framework
Service

Penetration testing

Coding on a computer
Creative Commons attribution information
Coding on a computer
©F8 studio via Shutterstock
All rights reserved

Evaluate and improve the security of your system or network – by simulating real-world attacks.

Contact your account manager

For enquiries contact:

  • 0300 300 2212
  • securityservices@jisc.ac.uk

About penetration testing

CREST-accredited

CREST penetration testing accreditation logo

Jisc is a CREST-accredited provider of penetration testing.

CREST membership is an internationally-recognised badge of excellence in information security. 

In research and education, there is an increasing need for cost-effective penetration testing, which tests systems and networks against real-world cyber attack scenarios.

That’s not just so you can satisfy your own organisation that you’re mitigating cyber security risks – giving increased peace of mind – but also so you can comply with third-party standards, for example when you connect to public-sector networks, for GDPR, Cyber Essentials compliance or processing credit card payments (PCI-DSS).

For these reasons, we offer a penetration testing service, which helps you identify vulnerabilities, assess risks, and take corrective action, all at a cost-effective daily rate.

All work is carried out by our in-house cyber security experts, who are experienced, trained and certified.

We offer this service on a time-bound or scope-bound basis – so you only pay for the days you need. This means it’s cost-effective for you, and can be adapted to your needs and budget.

How does the penetration testing service help my organisation?

This service helps you to:

Evaluate your readiness against real-world attacks

During penetration testing, our experts mimic real-world attacks – looking for ways to circumvent your security systems and data, using tools and techniques commonly used by attackers.

We then provide a comprehensive report, helping you to determine:

  • Where your vulnerabilities lie – including how well your systems tolerate real-world attacks, and how successfully you detect and respond to them
  • What impact these vulnerabilities may have – and how likely they are to be exploited
  • What actions you can take to improve your security posture

Diagram - how the service works

Creative Commons attribution information
The penetration testing process
©Jisc
All rights reserved

The penetration testing service process:

  • Performing reconnaissance
  • Identifying vulnerabilities:
    • Exploring vulnerabilities
    • Escalating privileges
    • Gathering information
    • Creating pivot points
  • Cleaning up
  • Reporting

Conduct varying tests according to your needs and budget

Because this is a flexible service, we offer varying scope and depth of penetration testing – making the service cost-effective for you.

Our service could range from a straightforward evaluation of your external networks, to many hours of involved on-campus manual testing.

Alternatively, you may simply be looking to have the security of an individual system or application tested before it is deployed – or you may be interested in the wider security of your network.

Either way, we can adapt our testing schedules to suit you.

Before testing begins, we can advise you on the level of service you are likely to need.

Why use Jisc?

  • We offer a very competitive member-only rate compared to commercial equivalents
  • Our expertise lies in testing the applications and systems our members use consistently such as VLEs and student and parent portals; the platforms and services only found in education and research
  • We feed back our threat findings to the sector, for the benefit of the whole community
  • We also feed back our findings to software vendors so remediation can take place quickly and fixes can be rolled out across the whole sector
  • In collaboration with the SOC and CSIRT teams who manage security across the Janet Network, our sector specific threat intelligence is always current and industry leading
  • We understand the security challenges facing education and research, from the annual influx of new students, to networks across different campuses, devolved IT departments and legacy systems and software
  • Our VAT-exempt cost sharing group discounts make each engagement even more affordable for education and research
  • Our security experts can offer workshops as part of an engagement upskill your internal staff to and enhance your testing and security capability for the future

Case studies

  • Read how flexible penetration testing helps keep Grimsby Institute secure (pdf)
  • Find out how 'exceptional’ penetration testing helped Xaverian College plan their long term approach to security (pdf)

What information would you need to provide?

Different forms of penetration testing mean you need to provide different levels of information about your systems. These include:

  • White box testing – where you provide full network information
  • Grey box testing – where you allow the attacker user-level privileges
  • Black box testing – where you provide no privileged information

Typically you will be required to provide information such as IP ranges; domains; URLs of applications; which systems and applications you consider key; and what IP addresses and systems should be avoided.

Further information

To find out more about the penetration testing service, contact your account manager or email professional.cyberservices@jisc.ac.uk.

Eligibility

This service is available to all Janet Network-connected institutions.

Use of this service is subject to adherence to the:

  • Janet Network connection policy (pdf)
  • Acceptable use policy
  • Security policy

How to buy

Crown Commercial Service supplier logo

Jisc have been appointed as an approved supplier on the Crown Commercial Services dynamic purchasing system (DPS). The benefit for our members in purchasing through the DPS is that it allows public sector buyers to procure an extensive variety of cyber security services from a range of pre-qualified suppliers.

Visit the Crown Commercial Service (CCS) website for more information. The ‘how to buy’ section gives full details for registering as a buyer and navigating through the process.

NB: The Jisc penetration testing service is not listed on the NCSC approved list since we are CREST accredited.

The CCS run regular webinars for customers explaining what and how to buy from the new cyber security DPS. See upcoming webinar sessions.

Service level description

Security

Please ensure your organisation understands and adheres to the security policy.

Hours of service

The service is available during the business day.

The business day is defined as Monday to Friday. It excludes 24-31 December, all English public holidays and also the Tuesday following the August public holiday.

Service description

A service providing organisations with manual penetration testing and consultancy.

Your responsibilities

You are responsible on an ongoing basis for:

  • Ensuring that Jisc has up to date contact details of a suitable representative from within your organisation and any changes in responsibility promptly notified
  • Ensuring the list of authorised users is maintained where automated testing is employed.

Charges

Charges will be determined during the discussions of the requirements between you and Jisc.

Request for service

Request this service by contacting the service desk on tel: 0300 300 2212 or via email: professional.cyberservices@jisc.ac.uk.

Service delivery time

You will be contacted to discuss requirements within three business days of receipt of a request for assistance.

Terms and conditions

Please ensure your organisation understands and adheres to the terms and conditions.

Escalation

If you are experiencing an issue with the service, and wish to escalate the issue please contact us via the service desk on tel: 0300 300 2212 or via email: professional.cyberservices@jisc.ac.uk.

Legitimate interests assessment

Read our Jisc penetration testing service legitimate interests assessment (pdf).

UKAS and ISO 9001 and ISO IEC 27001 logo
 
Cyber Essentials badge
Cyber Essentials PLUS logo

 

 

 

This service is included within the scope of our ISO9001 and ISO27001 certificate and is certified by Cyber Essentials and Cyber Essentials Plus for its internet-facing infrastructure, including firewalls and routers, located in the UK.

Read more about International Organisation for Standardisation (ISO) standards, Cyber Essentials and Cyber Essentials Plus certification and view Jisc certificates.

You are in:

  • Cyber security
  • Penetration testing

Give feedback

Areas

  • Connectivity
  • Cyber security
  • Cloud
  • Data and analytics
  • Libraries, learning resources and research
  • Student experience
  • Trust and identity
  • Advice and guidance

Explore

  • Guides
  • Training
  • Consultancy
  • Events
  • R&D

Useful

  • About
  • Membership
  • Get involved
  • News
  • Jobs

Get in touch

  • Contact us
  • Sign up to our newsletter
  • Twitter
  • Facebook
  • LinkedIn
  • YouTube
  • Cookies
  • Privacy
  • Modern slavery
  • Accessibility