External Penetration Test

Get an overview of your internet facing exposure and risks


Service

Most attackers use phishing or known vulnerabilities in internet facing systems to compromise an organization. In an external penetration test, the exposure of systems to the internet is identified in terms of information, ports, services, and applications available. These are analysed for sensitive information and vulnerabilities and exploited if possible. The observed vulnerabilities are evaluated based on the risk they pose to the business.

Thus, in our External Penetration Test, we simulate attackers attempting to obtain access to your systems, solely based on the accessibility of your internet facing infrastructure.


Value

  • Get an overview of which systems and services you are exposing on the internet.

  • Increase your resilience against attacks from the internet targeting your publicly available systems.

  • Identify potential sensitive information shared publicly.

Deliverables

The results from the test are conveyed in a written report containing executive summary for management and decisions makers, along with a technical section for technicians. The technical section describes the observed vulnerabilities, their effect, consequence, overall risk to the business and suggested remediation actions.


 

Methodology

We use automated and manual tools to get an overview of the external infrastructure based on a list of IPs and URLs from you. Afterwards, we manually analyse each in scope object with manual tests in conjunction with the output from our tools to identify and verify vulnerabilities and their impact to the business.

Examples of components we investigate:

  • Known vulnerabilities on systems

  • Missing patch management

  • Exposed ports and services

  • DNS records

  • SPF, DKIM and DMARC

  • GitHub repositories

  • Web applications identified during the test are tested to limited extent unless agreed otherwise.

 

 

Involvement

Limited involvement is required.

 


 

See our other services