External Network Penetration Testing
Stay protected from non-stop internet cyber attacks
Protect your front door
External Penetration Testing is performed over the internet, aimed solely at the exposed systems that you host online. This is the first line of defense from the bad actors who are scanning for targets each day.
Every system you use to host services online is exposed to the Internet. Firewalls and secure development techniques are key to keeping your data safe. Penetration testing these systems is key to ensuring that no stone is left unturned.
Frequent Cyber Attacks
The internet is flooded with attacks that are happening more and more each year. Hackers are writing software to scan the entire internet to look for systems to exploit. In many cases, the software will breach their targets as well.
Constantly evolving Threats
Internet threats are becoming more advanced every day. Attackers frequently use bots to scan, compromise, and setup a foothold in your environment. Your systems would be under their command and control.
Their vulnerability scan “pentest” really isn’t good enough
Most of our competition offers lower cost services that are labeled as penetration tests. The old saying, “If it seems too good to be true, it probably isn’t true,” comes to mind.
There’s no “easy” button in penetration testing. We suggest that you take a close look at their offering. Find out who will be doing your tests, how successful they have been in the past, and review their sample reports. Time and time again, we’ve seen subpar results with these providers and many customers come to us to finish the job that they couldn’t deliver.
With us, you may have to remediate a few items and leverage our included re-test to get a “clean report”. We will help you every step of the way. The difference is that our “clean report” will leave you far better protected from the real hackers.
What about a web application penetration test?
The web app pentest and the external pentest are two very different tests, even though they may involve the same system.
A web app test is usually credentialed and focuses thoroughly on the application itself, placing less emphasis on other open ports and potential issues on the system. This allows the tester to delve in and focus on the application’s business logic and possible coding gaps versus the system hosting the application.
And external penetration test includes web applications, to be sure, but it does not delve into them (unless the pentester finds a way in through SQL Injection or another critical vulnerability). An external test focuses on discovering any gaps in your external network and exploring what exploits they could lead to.
Separate or combined external network and web application tests are both valid and useful. A combined test can help you work within a budget. Separate tests provide separate reports, which may be helpful if your team reports the findings to different stakeholders.
A few cases we’ve seen before
Many companies don’t know everything they have exposed externally. We often find that someone rushing to get their job done may focus most on getting things working . . . and not on securing them. Here are some examples of what we’ve found:
Telnet and FTP services that require no credentials and allow malicious file uploads.
Exposed administrative pages, often requiring only easily discovered default credentials, that allowed Raxis to view and edit high level device settings — and even sensitive customer and system data.
Web login pages that revealed which usernames were valid and didn’t block brute-force attacks. This enables malicious actors to use easily accessible technology and test billions of potential password combinations per second. Weak ones can be cracked in an instant.