Our external infrastructure penetration test focuses on the threat of external attackers rather than threats inside the organisation. Therefore we do not test further than the authentication screens for applications that are only used internally.  (For detailed testing of applications see our Application Testing service).

We perform two phases of testing.  

First is an initial discovery phase to discover your externally facing IP address ranges.  This is an often missed step which results in large holes in long forgotten development instances, or test environments being undetected as teams focus on the well protected production systems.

Once we confirm the IP addresses and domains to test with you, we will proceed to active testing. 

The testing will include: 

1. Open-source discovery of internet-facing assets 
2. TCP/UDP port scan allocated IP address space, to include: 
3. Service fingerprinting and vulnerability assessment 
4. Manual testing of any targets based upon the tester’s judgement and output of the Vulnerability assessment 
5. Internet-facing web-applications: 
6. Service fingerprinting and vulnerability assessment 
7. Automated web-scan for common misconfigurations 
8. Manual testing for authentication bypass 
9. Test for appropriate use of encryption  
10. Test for best-practice web-hardening techniques 
11. Verification of DMARC/SPF email anti-spoofing configuration 
12. Check of IP addresses against threat intelligence and blacklists 

As with all our penetration testing services, once we’ve finished testing, we’ll provide you with a report of our findings and pragmatic advice on how to resolve the issues found.