Platform
Attack Surface Management Platform
Continuous discovery, inventory, classification, prioritization, and security monitoring of external assets
- How our Attack Surface Management Solution Works
  See how the Informer platform works and how it can help you
- External Asset Discovery
  Quickly map your internet facing assets
- Vulnerability Discovery
  Find your vulnerabilities before attackers do
- Integrated Penetration Testing
  Expert security testing built into the platform
- Integrations
  Speed up asset detection and remediation
- Security Insights
  Track your attack surface reduction progress
Learn more
- Understanding DMARC: A Comprehensive Guide to Email Security
- Access instant security insights
Security Testing
Penetration Testing Services Delivered as SaaS
We offer a comprehensive range of manual penetration testing services with results delivered in real-time
- Web Application Penetration Testing
  Unauthenticated and authenticated web application security testing
- Continuous Penetration Testing
  Continuously penetration test your web application
- Mobile Application Penetration Testing
  In-depth security assessments of iOS and Android apps
- External Network Penetration Testing
  External perspective network and infrastructure penetration testing
- Internal Network Penetration Testing
  Internal perspective network and infrastructure penetration testing
Learn more
- Auto Retest vulnerabilities
- Access real-time security insights
Plans
Use Cases
Use Cases
Explore our use cases to learn more about managing your attack surface
- Asset Discovery and Inventory
  Harness automated asset discovery for a real-time view of your asset inventory
- Attack Surface Reduction
  Improve security posture by removing exposed assets
- Cloud Asset Monitoring
  Eliminate shadow risks in cloud services
- Risk Validation
  Expert penetration testing to exploit vulnerabilities dected by scanners
Resources
Discover our attack surface management articles and insights
Explore our latest platform updates, security trends, company news and customer stories.
- Attack Surface Management
  Our latest articles on attack surface management
- Penetration Testing
  Penetration testing and vulnerability insights
- Cybersecurity Insights
  Our expert views on cybersecurity insights, best practice and practical advice
- All blog posts
  All our platform updates, articles and company news
Latest article
- Understanding DMARC: A Comprehensive Guide to Email Security
Company
Company
Learn more about Informer's story, career opportunities and more
- About Us
  Learn about the Informer story
- Careers
  Find out about our latest career opportunities
- Contact Us
  Talk to our team of security experts

External Network Penetration Testing

Internet perspective penetration testing that will identify misconfigurations and patching issues that could lead to a data breach and access to your private networks.

Powered by Informer

Our scalable SaaS solution reforms traditional external network penetration testing, harnessing the power of both automated scanning and integrated expert penetration testing to provide business-critical security insights and efficient attack surface management in a single platform.

REAL-TIME RESULTS

View your external network penetration testing results instantly from day one instead of waiting weeks for your report

REMEDIATE FASTER

Add additional team members and set up alerts and integrate Informer into your remediation workflow with integrations

AUTOMATED RE-TESTING

One-click retesting allows you to validate identified vulnerabilities that you have fixed for added assurance

Our approach to external network penetration testing

We combine automation with manual network penetration testing to quickly identify any vulnerabilities that exist through improper configuration present in operating systems or open network services that could be exploited to gain unauthorized access to the network or key servers from an internet perspective. Testing covers web servers, VPNs, firewalls, routers, mail servers, and a full range of networking services.

To give you a high level of assurance, our testers follow an in-depth methodology and use their experience to find a range of vulnerabilities.

What are the three types of penetration testing?

Several approaches can be taken to testing depending on the assurance that you need.

Black Box Testing

Working with only the IP address, IP range, or domain name provided, we will assess an environment as if we were an external hacker with no knowledge of the infrastructure.

Grey Box Testing

We’re given information about the environment in order to make more informed judgments about how to test the system.

White Box Testing

We use network diagrams and technical information to plan and execute a focussed and thorough network penetration test.

How we security test external infrastructure

Several testing stages follow that result in an effective test. By using our platform’s cyber intelligence capability together with expert penetration testing knowledge, Informer’s testers identify your true attack surface with depth.

Asset discovery – asset mapping is using Informer’s discovery tools and intelligence engine
Service identification – identifies live services that are accessible from the internet
Vulnerability analysis – each service is analyzed in detail to identify misconfigurations and software vulnerabilities
Service exploitation – exploitation will be performed to verify vulnerabilities and gain access to infrastructure
Gain additional access & pivoting – successful exploitation will be used to gain further access to connected networks and hosts

Instant online reporting

Our external network penetration testing service is delivered through our SaaS platform for a faster and more dynamic security testing experience. You can start to remediate vulnerabilities as soon as our testers find them without having to wait for the test to be completed. Utilize our Jira integration to automate ticket creation for your developers to get to work on fixing issues.

A summary is provided for each test and gives you a non-technical overview of the results. For each vulnerability discovered, you can access:

Detailed descriptions of the finding with CVSS scores
Evidence detailing the location and parameters affected
Screenshots uploaded by our penetration testers
Remedial action and recommendations
References to more information if you need to dig deeper

Each test is stored separately in the platform so you can access detailed findings fast or create a PDF report. You can download reports in a number of formats at any time during or after the test.

Technical support

We go beyond providing reports by offering a comprehensive debrief session so our penetration testing team can talk about the findings. This is a great opportunity for you and your security, IT, and development teams to ask any questions or seek advice.

We're CREST Penetration Testing Accredited

Informer is a CREST Penetration Testing accredited company. We invest in our team to ensure our pen testing methodologies, knowledge, skills, and experience are at the forefront of external network penetration testing.

Exposed open services

Full TCP and UDP port ranges searched and fingerprinted

Mapped network perimeter

Known and unknown internet-facing assets identified

Out-of-date & misconfigured services

Finds all services set up incorrectly and not maintained

Unsupported software

Identifies software that is no longer supported by vendors

Artifacts left during deployment

Files leftover from set up that expose configurations or credentials are found

Default settings

Deployed services that have not had their settings changes after release

Frequently asked questions

If you have any further questions, get in touch with our team of security experts

Can you work out of hours?

We can work out of hours for an additional charge. If part of your infrastructure is in a time zone that is in our normal working business hours then we won’t charge.

What happens if you find a critical vulnerability?

Our testers will contact you immediately by phone, email, and the dedicated Slack channel that we will use with you during the testing process.

Will brute forcing our user accounts block access to our systems?

There is a possibility that this could occur. Let us know which systems are sensitive and they’ll be avoided.

Do you test for Denial of Service (DoS)?

This isn’t something we actively test for and we wouldn’t recommend testing for this. However, we will highlight vulnerabilities that could lead to a Denial of Service.

What is network penetration testing?

A network penetration test is a type of security assessment designed to identify cyber-security vulnerabilities that could be used by hackers to compromise on premise and cloud environments.

What are the 5 stages of network penetration testing?

The network penetration testing process typically consists of five phases:

Planning and Reconnaissance. The goal of this phase is to plan to simulate an attack. Understanding your company’s tech stack and systems is key.
This refers to the investigation stage, where penetration testers use scanning tools, explore your systems and identify vulnerabilities of the network.
Gaining Access. Having identified network vulnerabilities, the penetration testers use these security vulnerabilities to gain access to your business network. The pen testers then use these vulnerabilities to exploit your system.
Persistent Access. After successfully gaining access to your system, the pen tester will maintain access long enough to accomplish the typical malicious hackers’ goals.
Security Assessment Report. After the Network Penetration test, a report is prepared discussing the process itself together with the analysis. The report will outline the security vulnerabilities found and how to prevent future attacks.

Why you should perform a penetration test on your network?

It’s crucial to find out how vulnerable your network is before an attack happens. You can use the information collected to fix potential security flaws and keep your data safe from hackers.