Testing is an important aspect of understanding your current security standard, however, it can be exaggerated and as there is a large variety of testing options it is usually misunderstood. All testers and companies utilised by YorCyberSec are certified and checked.

Vulnerability Management Program

The most cost-effective option for creating a high-level program around infrastructure security. Fully bespoke, consisting of a mixture of, regular assessments and professional advice from a certified security tester.

Options start from just £795 annually for quarterly blended security assessments.


To gain a more in depth understanding of your vulnerabilities, and how they can be exploited an infrastructure penetration assessment is required. Testing can be done on external and internal infrastructure, and is sometimes a compliance requirement.

Lost/Stolen Device

Simple to understand really. If your company lost a laptop how easy is it to access and what is available to the attacker.

Web App

This is testing the security of a web site and its functionality. Ensuring users cannot see each other’s data, a user cannot make themselves an admin. Testing usually follows the globally recognised OWASP standards.

Build Reviews

This is testing the security of a device or server. These are usually done to CIS standards. When a standard build is deployed, this can offer assurance that it is secure from the outset. Often done in conjunction with a lost/stolen device test.