External infrastructure penetration testing

Regular external infrastructure penetration testing highlights exploitable vulnerabilities within your systems.

Why conduct external infrastructure penetration testing?

Conducting an external infrastructure penetration test is critical for identifying vulnerabilities in systems exposed to the internet, such as web servers, firewalls, and DNS configurations.

These tests help organisations detect potential entry points threat actors could exploit, including outdated software, misconfigurations, and weak security controls. By regularly evaluating external-facing assets, organisations can proactively strengthen their defences, reduce the risk of breaches, and ensure compliance with industry regulations.

CEO reviewing external infrastructure penetration testing results on his laptop

Scoping and planning

Understanding business objectives

In the initial phase, we work closely with the client to align the external infrastructure penetration testing with their security concerns and business objectives. This involves identifying critical assets, understanding compliance requirements, and determining the focus areas of external-facing systems that potential threat actors could target.

Defining the scope

Once the objectives are established, we define the scope of the testing, which includes external IP addresses, web servers, firewalls, and other internet-facing infrastructure. Ensuring that all critical components are included is essential for delivering a thorough evaluation and identifying any boundaries or exclusions for clarity.

Rules of engagement

Next, we establish clear rules of engagement to guide the testing process. This includes the testing methods, tools, and techniques used. Additionally, we agree on operational guidelines, such as testing windows, communication protocols, and how sensitive findings will be handled to minimise disruption.

OSINT (Open Source Intelligence)

We perform OSINT to gather publicly available information about the client’s external assets. This step helps us identify exposed systems, domains, and other crucial details, such as leaked credentials from the dark web and publicly exposed unprotected cloud storage that threat actors could leverage, providing a clear map of what’s visible and vulnerable from an external perspective.

Threat landscape analysis

We perform a threat landscape analysis to make the testing more targeted, reviewing common external threats and vulnerabilities pertinent to the client’s industry and infrastructure. The testing scenarios are then tailored to simulate real-world attack methods, such as port scanning, web application exploitation, and network attacks.

Reporting

A detailed report is prepared once the testing is complete, prioritising findings and providing strategic, actionable recommendations to strengthen the external security posture through our SmartView portal.

SmartView takes care of your reporting

Cognisys’ SmartView Portal provides a centralised platform for clients to manage their projects and vulnerabilities efficiently. Through the portal, clients can track the status of each identified issue, assign tasks to team members, and monitor the progress of remediation efforts.

A detailed report is prepared once the external infrastructure penetration testing is complete, prioritising findings and providing strategic, actionable recommendations to strengthen the external security posture through our SmartView portal.

Cognisys SmartView portal
source code review

Why choose Cognisys for external infrastructure penetration testing?

We offer a truly comprehensive external infrastructure penetration test by leveraging advanced techniques such as OSINT, subdomain mapping, and dark web credential scanning to uncover vulnerabilities others may miss. Our team not only identifies potential risks but also actively attempts to exploit them, simulating real-world attack scenarios to test your defences. We aim to progress from no external access to achieving internal network access, ensuring a thorough evaluation of your security posture. By combining these efforts with actionable insights and a proven methodology, we deliver unparalleled and thorough testing for your critical external infrastructure.

FAQs

By conducting an external penetration test, you can significantly reduce your attack surface, improve business continuity, and ensure compliance with industry-specific security standards and regulations. This proactive approach to cybersecurity not only protects your external network infrastructure from threats but also enhances your organisation’s reputation as a secure and trustworthy entity.

An external infratstructure penetration test typically takes between a few days to a week, depending on the complexity and size of your external assets. The time required can vary based on the number of publicly accessible systems, applications, and services being tested. We ensure a thorough assessment by carefully analysing your external infrastructure, identifying vulnerabilities, and providing actionable recommendations, all while minimising disruption to your operations.

An authorisation form is a document that grants permission to conduct penetration testing on your systems. It is essential for several reasons:

  • Computer Misuse Act Compliance: In the UK, unauthorised testing can violate the Computer Misuse Act. The authorisation form ensures that the penetration test is legally sanctioned.
  • Scope Definition: The form clearly outlines the scope of the test, including the IP addresses and systems to be tested. This ensures that only authorised scans are conducted and helps identify unauthorised activities.
  • Stakeholder Awareness: By listing the scan IP addresses at the bottom of the form, you ensure that all stakeholders are aware of the testing activities and can differentiate between legitimate tests and potential attacks.
  • Cognisys Scanner IPs, as per the auth form, should be whitelisted during the testing period.

We strive to conduct testing to minimise disruption to your business operations. For example, if you run a 24/7 online retail store, we can schedule tests during off-peak hours to minimise impact. We will work with you to find the best time for testing. We also recommend creating a separate sandbox environment for undisrupted pen tests.

If a critical vulnerability is discovered, we will immediately notify you and provide recommendations for mitigation. This allows you to address the issue promptly and minimise potential risks.

We retest all identified vulnerabilities once the client confirms they have fixed them. If some vulnerabilities remain unresolved, we will label them as “Open”, and another round of retesting will be necessary to close those findings from the report.

We will provide a detailed report on the SmartView portal that includes an executive summary, technical findings, severity ratings, and recommendations for remediation. The SmartView portal allows testers and clients to view vulnerabilities as soon as they are discovered. This real-time reporting enables prompt action and efficient management of security issues. Please check the SmartView section on our website for more details.

  • Inform the SOC Team: Notify the SOC team about the upcoming penetration test. Provide them with the test’s start and end dates and times. Provide details about the scope of the test, including the IP ranges, subnets, and types of activities expected.
  • Designate Points of Contact: Identify and share contact information for the penetration testers and SOC team members responsible during the test.
  • Define Rules of Engagement: Clearly define what is in and out of scope for the penetration test. Specify the types of testing that will be conducted, such as scanning, exploitation, and post-exploitation activities. Establish a procedure for pausing or stopping the test if unexpected issues arise.
  • Incident Reporting: Define how and when to report incidents discovered during the penetration test. Outline how the SOC team should notify the penetration testers if they detect test activities as potential threats. Ensure the SOC team understands the standard baseline of network activity to identify deviations caused by the test.
  • Whitelist Cognisys Scan IP address(s) – For external network assessments, whitelist Cognisys-owned IP ranges belonging to the scanner appliances such as Qualys Cloud Scanner and Cognisys Azure VMs.

Let’s make things happen

Fill in the form and one of our team will be in touch for a no-obligation discussion or quote regarding your requirements.

info@cognisys.co.uk
Leeds office

5 Park Place
Leeds
LS1 2RU

info@cognisys.co.uk
London office

131 Finsbury Pavement
London
EC2A 1NT

LET’S TALK