Security Vulnerability Assessment, Penetration Testing, and Code Analysis

Also known as: Pen Testing, Security Testing, Security Assessment.


Evaluates effectiveness of information security controls and procedures

Key Features and Benefits

  • Comprehensive managed and self-service security vulnerability assessment 
  • Penetration testing
  • Code security analysis (static and dynamic)

Available To

Any Harvard-owned system on a Harvard-owned network

Requirements and Limitations

Customers must:

  • Work closely with the Information Security team to plan evaluation process(es), including defining scope of evaluation, setting required controls and parameters, scheduling service, etc.
  • Understand and acknowledge the potential for adverse impact on customer systems.
  • Manage remediation of all identified risks, including prioritization and impact to the business.
  • Provide and maintain currency of accurate primary and secondary contact information.
  • Adhere to University Information Technology Policies and the Harvard Enterprise Information Security Policy (HEISP).

Some procedures can affect the target system or service adversely (e.g., cause a service interruption) and will be conducted only with customer participation and approval.


No charge