External Network Penetration Testing

Internet perspective penetration testing that will assess the security of your online systems and networks from the outside. Our testing will uncover any flaws or weaknesses that could allow attackers to compromise your data and infiltrate your internal networks.

Contact us for a quote

Powered by Informer

Our scalable SaaS solution reforms traditional external network penetration testing, harnessing the power of both automated scanning and integrated expert penetration testing to provide business-critical security insights and efficient attack surface management in a single platform.

Continuous Penetration Testing Service

REAL-TIME RESULTS

View your external network penetration testing results instantly from day one instead of waiting weeks for your report

Informer Platform Cloud Services Alert

REMEDIATE FASTER

Add additional team members and set up alerts and integrate Informer into your remediation workflow with integrations

External Network Penetration Testing

AUTOMATED RE-TESTING

One-click retesting allows you to validate identified vulnerabilities that you have fixed for added assurance

Our Approach to External Network Penetration Testing

We use a combination of automation and manual network penetration testing to quickly detect any vulnerabilities that result from misconfiguration in operating systems or open network services that could be used to gain unauthorized access to the network or key servers from the internet. We test web servers, VPNs, firewalls, routers, mail servers, and various networking services.

To provide you with a high level of confidence, our testers use a detailed methodology and their expertise to discover a variety of vulnerabilities.

What are the three types of penetration testing?

Several approaches can be taken to testing depending on the assurance that you need.

Black Box Testing

We only work with the IP address, IP range, or domain name that you give us, and we evaluate an environment as an external hacker who has no knowledge of the infrastructure.

Grey Box Testing

We get some information about the environment to help us make better decisions about how to test the system.

White Box Testing

We use network diagrams and technical information to design and perform a focused and comprehensive network penetration test.

How we security test external infrastructure 

Several testing stages follow that result in an effective test. By using our platform’s cyber intelligence capability together with expert penetration testing knowledge, Informer’s testers identify your true attack surface with depth.

  • Asset discovery – asset mapping is using Informer’s discovery tools and intelligence engine
  • Service identification – identifies live services that are accessible from the internet
  • Vulnerability analysis – each service is analyzed in detail to identify misconfigurations and software vulnerabilities
  • Service exploitation – exploitation will be performed to verify vulnerabilities and gain access to infrastructure
  • Gain additional access & pivoting – successful exploitation will be used to gain further access to connected networks and hosts

Instant online reporting

Our external network penetration testing service uses our SaaS platform to give you a quick and interactive security testing experience. You can fix vulnerabilities as soon as our testers discover them without waiting for the test to end. Use our Jira integration to create tickets automatically for your developers to resolve issues.

Each test comes with a summary that gives you a simple overview of the results. For each vulnerability discovered, you can access:

For each vulnerability discovered, Informer provides a:

  • Description of the finding
  • Evidence detailing the location and parameters affected
  • Screenshots
  • Remedial action and recommendations
  • References to more information if you need to dig deeper

Each external infrastructure test is stored separately in our platform so you can access detailed findings fast or export them in a PDF report. You can download reports in a number of formats at any time during or after the test.

Technical Support

Our external infrastructure penetration testing service does not end with delivering reports. We also provide a thorough debrief session where our pen testers explain the findings and answer your questions. You can invite your security, IT, and development teams to join the session and get expert advice on how to fix the vulnerabilities and improve your web application security.

We're CREST Penetration Testing Accredited

Informer is a CREST Penetration Testing accredited company. We invest in our team to ensure our pen testing methodologies, knowledge, skills, and experience are at the forefront of external network penetration testing.

37838_Crest icons_2022_4_PT-
Perimeter target icon

Exposed open services

Full TCP and UDP port ranges searched and fingerprinted

Circles icon

Mapped network perimeter

Known and unknown internet-facing assets identified

Setting Green Logo

Out-of-date & misconfigured services

Finds all services set up incorrectly and not maintained

Mouse Icon

Unsupported software

Identifies software that is no longer supported by vendors

Information Green Logo

Artifacts left during deployment

Files leftover from set up that expose configurations or credentials are found

Browser Logo

Default settings

Deployed services that have not had their settings changes after release

Frequently asked questions

If you have any further questions, get in touch with our team of security experts

Can you work out of hours?

We can work out of hours for an additional charge. If part of your infrastructure is in a time zone that is in our normal working business hours then we won’t charge.

What happens if you find a critical vulnerability?

Our testers will contact you immediately by phone, email, and the dedicated Slack channel that we will use with you during the testing process.

Will brute forcing our user accounts block access to our systems?

There is a possibility that this could occur. Let us know which systems are sensitive and they’ll be avoided.

Do you test for Denial of Service (DoS)?

This isn’t something we actively test for and we wouldn’t recommend testing for this. However, we will highlight vulnerabilities that could lead to a Denial of Service.

What is network penetration testing?

A network penetration test is a type of security assessment designed to identify cyber-security vulnerabilities that could be used by hackers to compromise on premise and cloud environments.

What are the 5 stages of network penetration testing?

The network penetration testing process typically consists of five phases:

  1. Planning and Reconnaissance. The goal of this phase is to plan to simulate an attack. Understanding your company’s tech stack and systems is key.
  2. This refers to the investigation stage, where penetration testers use scanning tools, explore your systems and identify vulnerabilities of the network.
  3. Gaining Access. Having identified network vulnerabilities, the penetration testers use these security vulnerabilities to gain access to your business network. The pen testers then use these vulnerabilities to exploit your system.
  4. Persistent Access. After successfully gaining access to your system, the pen tester will maintain access long enough to accomplish the typical malicious hackers’ goals.
  5. Security Assessment Report. After the Network Penetration test, a report is prepared discussing the process itself together with the analysis. The report will outline the security vulnerabilities found and how to prevent future attacks.

Why you should perform a penetration test on your network?

It’s crucial to find out how vulnerable your network is before an attack happens. You can use the information collected to fix potential security flaws and keep your data safe from hackers.