External Perimeter Penetration Test

An external perimeter penetration test simulates an attack on your internal systems from the outside. Our consultant simulates a potential attacker (hacker) trying to breach your external perimeter from the internet.

Benefits

An external perimeter penetration test will allow you to see your network from an external attackers' perspective, giving you a head start in defending against them.

All services and devices accessible from the internet are under constant automated scanning and attacks these days. It's common for a vulnerability, once discovered, to be mass-exploited across the entire internet by threat actors within a few days. Even in cases of targeted attacks, the external perimeter is still one of the first areas to be examined.

The typical scope of an external test consists of all your externally accessible devices, such as web servers, mail servers, firewalls, VPNs, and other network devices.

We recommend this test as a good first step when building your cybersecurity capabilities, as well as a periodic activity to check for any regressions. The test is also appropriate as part of an External Attack Surface Management (EASM) plan.

Testing Process

Establishing the scope forms the basis of the test. This typically includes selecting IP ranges or domain names. The scope can also be created using Open-Source Intelligence (OSINT).

A typical external penetration test is conducted in so-called zero-knowledge mode. This means we are not provided with any authentication credentials (usernames, passwords, certificates, keys, etc.) or other non-public information.

The following tests, among others, are performed under these conditions:

• We begin with network scanning to discover accessible servers and services.

• We fingerprint the available services and analyze the server software used, creating a list of the technologies in use.

• All identified devices, services, and technologies are tested for known security flaws and vulnerabilities using automated tools (e.g., vulnerability scanners, web application scanners and other specialized tools).

• Websites located within the scope are only subjected to a basic security assessment; a detailed security review of web applications (based on the OWASP methodology) is offered by the Web Application Penetration Test.

• Based on the expertise of the penetration testers, specific services are selected for a manual search for flaws and vulnerabilities.

• All findings from the previous steps are verified by manual tests, false positives are eliminated, genuine flaws are documented, and where possible, we try to demonstrate their exploitability.

Our internal methodology is based on the NIST 800-115 (2008) standard and the OSSTMM (2010) methodology, but it focuses primarily on modern procedures, trends, and best practices in cybersecurity testing.

All findings, along with proposed recommendations, are presented in the final report.

Other Types of Tests

This test can be combined with other supporting or follow-up tests:

• Open-Source Intelligence (OSINT) Analysis creates a target list based on an in-depth reconnaissance of your external perimeter. Compared to a pre-defined scope, it often uncovers services that the security department is completely unaware of (shadow IT).

• It is advisable to perform penetration tests of all externally accessible web applications and APIs identified by the external perimeter test.

• An Internal Infrastructure Penetration Test has similar objectives, benefits, and procedures, but it analyzes security inside your perimeter.

In addition to the tests described above, we also provide our clients with many other types of penetration tests. For a full list, see Penetration Testing – Overview.

Final Report

The results of the penetration test are documented in a final report, which contains details of the testing process, a description and classification of all the vulnerabilities found, and recommendations for mitigating the risks. We deliver the report securely in MS Word and PDF formats. The results can also be presented in a management presentation or a technical workshop.

This type of test is also sometimes called an external penetration test or external infrastructure penetration test.