External Network Penetration Test
Starting at
$
5,000
About this service
Summary
A comprehensive penetration test of your organization's external, Internet-facing attack surface. Assets assessed include hosts, services, and web application. This assessment can be used to satisfy compliance requirements.
Process
The external network penetration testing process begins with scoping and planning, where we collaborate with the client to define the scope, including which external IP addresses, ranges, or assets will be tested, and any compliance or business requirements. Once the scope is defined, the reconnaissance phase is initiated. This phase involves gathering open-source intelligence (OSINT) on the target network, identifying exposed services, subdomains, network ranges, and any publicly available vulnerabilities.
Next is the scanning and enumeration phase, where automated and manual scans are conducted to identify open ports, running services, and potentially vulnerable software versions. In the vulnerability identification phase, we analyze the results from the scans to find weaknesses such as unpatched software, misconfigurations, or exposed services. Once these are identified, we move into the exploitation phase, where attempts are made to exploit these vulnerabilities to gain access to the network. This could involve attacks such as exploiting weak authentication, outdated software, or vulnerable services.
If successful in gaining access, we then enter the post-exploitation phase to assess how deep into the network we can go, whether it’s possible to move laterally, escalate privileges, or extract sensitive data. After completing the tests, we move into the reporting phase, where a comprehensive report is delivered, detailing all vulnerabilities, their risk levels, proof of concept for exploitation, and recommendations for mitigation. Finally, in the remediation and retesting phase, we assist the client in addressing the vulnerabilities and offer retesting to confirm that security gaps have been closed effectively.
FAQs
What is an external network penetration test?
An external network penetration test is a simulated attack from the perspective of an external threat actor, targeting your publicly exposed systems, servers, and network infrastructure to identify vulnerabilities that could be exploited to gain unauthorized access.
How long does an external network penetration test take?
The duration depends on the size of the external network, the number of assets, and the complexity of the environment. Typically, tests take anywhere from one to three weeks.
Will the test affect my live systems?
While the test is designed to be non-disruptive, certain activities like scanning and exploitation attempts may cause performance issues. We work closely with clients to minimize any potential disruptions, and tests are usually conducted during off-peak hours if necessary.
What kinds of vulnerabilities do you look for?
We look for a wide range of vulnerabilities such as open ports, outdated software, misconfigured firewalls, unpatched services, weak encryption, and exposed services vulnerable to exploitation. Our testing follows best practices including standards from NIST, OWASP, and industry guidelines.
How do you protect my data?
All data collected during the penetration test is treated with strict confidentiality and handled securely. The results are stored in encrypted formats and shared only with authorized personnel.
What happens after the test?
After the test, you will receive a detailed report outlining discovered vulnerabilities, their potential risks, exploitation details, and recommended mitigation steps. We will also be available to consult on remediation efforts, and we offer retesting services to verify that fixes have been successfully applied.
What's included
Written Report
A clear, concise written report containing findings, attack path, mitigation recommendations, etc.
Outbrief
A video outbrief highlighting findings, attack path, etc. Including Q&A.
Duration
2 weeks
Skills and tools
Industries
Work with me