External Infrastructure Penetration Testing

Download PDF
Get In Touch

External Infrastructure Penetration Testing is conducted remotely, to assess web-facing systems specified by the client.

Regular testing of IT infrastructure to highlight vulnerabilities and weaknesses that can be exploited is an essential security measure.

Testing attempts to discover and expose system security within a specific brief focused on external-facing technology such as firewalls, remote access, gateways and web servers.

The client specifies a key system (or systems) and our consultants attempt to compromise specified hosts using multiple, non-destructive, attack methods, escalating to data exfiltration if security weaknesses permit.

External Penetration Testing

This testing aims to highlight vulnerabilities and misconfiguration of systems, potential data theft or the ability to gain a foothold in the supporting network.

The method may vary for each test, depending on the network, organisation and environment. This will also take into account client concerns and risk appetite.

Whilst establishing the technical risk, our consultants use analysis techniques to help your organisation resolve issues as quickly as possible.

This will help reduce the risk posed to you and your people, reducing the likelihood of reputational damage.

Our service can be fully tailored to your specific needs and environment, with reporting delivered in your preferred format where possible.

Analysis and Potential Exploitation

This testing is designed to assess security posture against best practices and attempts are made, where safe and permitted, to exploit any vulnerabilities discovered.

This may involve escalating privileges if possible, accessing key systems and ultimately exfiltrating confidential data if practical.

Overview

The following is typically included within the assessment:

  • Host discovery & port scanning.

  • Vulnerability assessment.

  • Fingerprinting of services.

  • Exploitation and privilege escalation.

  • Password evaluation.

  • TLS/SSL analysis.

  • Identify security misconfiguration.

  • Exfiltration of data (if possible).

Let’s Make Things Happen

Fill the form in and one of our team will be in touch for a no-obligation discussion or quote regarding your requirements

“It was obvious, very quickly, that the Cognisys team knew exactly what they were doing. The speed that they uncovered some major issues justified our selection of them. I’d be more than happy to recommend them.”

Dan Mitchell

Head of IT – Clarion Solicitors

Cyber Security Expert

Alex Martin

Cyber Security Expert
01422 416000
Thank you for your message. We will be in contact soon.
There was an error trying to send your message. Please try again later.

By submitting my data I agree to be contacted