External Penetration Testing
Overview:
External Penetration Testing is the process of assessing a network for external vulnerabilities and if found, performing a controlled attack to verify the results. This type of test is valuable in determining an organization's overall security posture.
Features:
- Determines whether identified technical vulnerabilities may be exploited
- Determines, by use of social engineering techniques, the extent to which internal users may represent an exploitable vulnerability to the organization’s security
Benefits:
- Independent verification of the security status of an organization’s Internet presence
- Compliance with PCI Penetration Testing Requirements
- Identification of prioritized remediation needs
Inclusions:
- Discovery of publicly available details about the organization to aid in the exploitation phase
- Enumeration of details about each component of the organization’s profile (such as domain names, host names, and network boundaries) through use of various tools and procedures
- Research to determine how reported vulnerabilities may be exploited
- Exploitation of vulnerabilities identified in the enumeration phase (with customer’s permission)
- Social engineering of customer’s organization
- Executive Summary, Technical Review and Raw Scan Results and Discovery Findings reports including prioritized recommendations
Bonus Inclusion:
- Post-engagement follow-up access to answer questions arising from reports
