SERVICES
External Network Testing
As an organization grows, its assets multiply exponentially, and therefore all publicly exposed applications and services become the target of malicious hackers. Every day, your perimeter network is attacked, and even small external vulnerabilities can cause serious damage. In an external penetration test, vulnerabilities are detected on infrastructure devices and servers that can be accessed online. You will be able to see how effective your security system is from the birds' eye view by conducting a network penetration test.
PROCESS FLOW
Our process flow is smooth and simple.
Schedule
A Meeting
Scope Assessment
And Timeline
Payment
for Services
Security
Audit
Draft
Report
Retesting
Final
Audit Report
External Network Audit
| S.NO | Audit Category | Audit Category Checklist |
|---|---|---|
| 1 | Reconnaissance and Information Gathering | |
| Whois information discovery | ||
| IP and IP range enumeration | ||
| DNS enumeration | ||
| Subdomain enumeration | ||
| Certificate information gathering | ||
| Fingerprinting of Web Services and Technologies | ||
| Enumerating open ports and services | ||
| Credential Stuffing for leaked Employee data | ||
| GitHub leak detection for sensitive information | ||
| Information exposed through archived data | ||
| Search Engine Discovery Reconnaissance for Information Leakage | ||
| 2 | Vulnerability Scanning and Exploitation | |
| Using open-source, commercial, and internally developed tools to identify and confirm well-known vulnerabilities | ||
| Spidering the in-scope network device(s) to effectively build a map of each of the operating systems, open ports and services, and areas of interest | ||
| Using discovered sections, features, and capabilities to establish threat categories to be used for more manual/rigorous testing (i.e., default admin credentials, session hijacking, known vulnerabilities in out-of-date components) | ||
| Building the network's threat model using the information gathered in this and the previous phase to be used as a plan of attack for later phases of the assessment | ||
| Use various open-source and commercial tools to exploit the vulnerable services discovered in the above steps. Escalate privileges to find out the maximum impact |
