External penetration tests imitate the role of an attacker attempting to gain access to an internal network without any internal resources or insider knowledge. Consultants will begin by gathering information through Open-Source Intelligence (OSINT) and passive information gathering - including employee information, historical breached passwords, and other data that can be leveraged against external systems to gain internal network access. They will also identify scanning and enumeration to discover vulnerabilities they can exploit.
All testing performed is based on the NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, OWASP Testing Guide (v4), and customized testing frameworks.
• Planning – Customer goals are gathered and rules of engagement obtained.
• Discovery – Perform scanning and enumeration to identify potential vulnerabilities, weak areas, and exploits.
• Attack – Confirm potential vulnerabilities through exploitation and perform additional discovery upon new access.
• Reporting – Document all found vulnerabilities and exploits, failed attempts, and company strengths and weaknesses.