External Penetration Test
Get an overview of your internet facing exposure and risks
Service
Most attackers use phishing or known vulnerabilities in internet facing systems to compromise an organization. In an external penetration test, the exposure of systems to the internet is identified in terms of information, ports, services, and applications available. These are analysed for sensitive information and vulnerabilities and exploited if possible. The observed vulnerabilities are evaluated based on the risk they pose to the business.
Thus, in our External Penetration Test, we simulate attackers attempting to obtain access to your systems, solely based on the accessibility of your internet facing infrastructure.
Value
Get an overview of which systems and services you are exposing on the internet.
Increase your resilience against attacks from the internet targeting your publicly available systems.
Identify potential sensitive information shared publicly.
Deliverables
The results from the test are conveyed in a written report containing executive summary for management and decisions makers, along with a technical section for technicians. The technical section describes the observed vulnerabilities, their effect, consequence, overall risk to the business and suggested remediation actions.
Methodology
We use automated and manual tools to get an overview of the external infrastructure based on a list of IPs and URLs from you. Afterwards, we manually analyse each in scope object with manual tests in conjunction with the output from our tools to identify and verify vulnerabilities and their impact to the business.
Examples of components we investigate:
Known vulnerabilities on systems
Missing patch management
Exposed ports and services
DNS records
SPF, DKIM and DMARC
GitHub repositories
Web applications identified during the test are tested to limited extent unless agreed otherwise.
Involvement
Limited involvement is required.
See our other services