Our approach to external network penetration testing
We combine automation with manual network penetration testing to quickly identify any vulnerabilities that exist through improper configuration present in operating systems or open network services that could be exploited to gain unauthorized access to the network or key servers from an internet perspective. Testing covers web servers, VPNs, firewalls, routers, mail servers, and a full range of networking services.
To give you a high level of assurance, our testers follow an in-depth methodology and use their experience to find a range of vulnerabilities.
What are the three types of penetration testing?
Several approaches can be taken to testing depending on the assurance that you need.
Black Box Testing
Working with only the IP address, IP range, or domain name provided, we will assess an environment as if we were an external hacker with no knowledge of the infrastructure.
Grey Box Testing
We’re given information about the environment in order to make more informed judgments about how to test the system.
White Box Testing
We use network diagrams and technical information to plan and execute a focussed and thorough network penetration test.
How we security test external infrastructure
Several testing stages follow that result in an effective test. By using our platform’s cyber intelligence capability together with expert penetration testing knowledge, Informer’s testers identify your true attack surface with depth.
- Asset discovery – asset mapping is using Informer’s discovery tools and intelligence engine
- Service identification – identifies live services that are accessible from the internet
- Vulnerability analysis – each service is analyzed in detail to identify misconfigurations and software vulnerabilities
- Service exploitation – exploitation will be performed to verify vulnerabilities and gain access to infrastructure
- Gain additional access & pivoting – successful exploitation will be used to gain further access to connected networks and hosts
Instant online reporting
Our external network penetration testing service is delivered through our SaaS platform for a faster and more dynamic security testing experience. You can start to remediate vulnerabilities as soon as our testers find them without having to wait for the test to be completed. Utilize our Jira integration to automate ticket creation for your developers to get to work on fixing issues.
A summary is provided for each test and gives you a non-technical overview of the results. For each vulnerability discovered, you can access:
- Detailed descriptions of the finding with CVSS scores
- Evidence detailing the location and parameters affected
- Screenshots uploaded by our penetration testers
- Remedial action and recommendations
- References to more information if you need to dig deeper
Each test is stored separately in the platform so you can access detailed findings fast or create a PDF report. You can download reports in a number of formats at any time during or after the test.
Technical support
We go beyond providing reports by offering a comprehensive debrief session so our penetration testing team can talk about the findings. This is a great opportunity for you and your security, IT, and development teams to ask any questions or seek advice.