External Network Penetration Testing

Internet perspective penetration testing that will identify misconfigurations and patching issues that could lead to a data breach and access to your private networks.

Contact us for a quote

Powered by Informer

Our scalable SaaS solution reforms traditional external network penetration testing, harnessing the power of both automated scanning and integrated expert penetration testing to provide business-critical security insights and efficient attack surface management in a single platform.

Continuous Penetration Testing Service

REAL-TIME RESULTS

View your external network penetration testing results instantly from day one instead of waiting weeks for your report

Informer Platform Cloud Services Alert

REMEDIATE FASTER

Add additional team members and set up alerts and integrate Informer into your remediation workflow with integrations

External Network Penetration Testing

AUTOMATED RE-TESTING

One-click retesting allows you to validate identified vulnerabilities that you have fixed for added assurance

Our approach to external network penetration testing

We combine automation with manual network penetration testing to quickly identify any vulnerabilities that exist through improper configuration present in operating systems or open network services that could be exploited to gain unauthorized access to the network or key servers from an internet perspective. Testing covers web servers, VPNs, firewalls, routers, mail servers, and a full range of networking services.

To give you a high level of assurance, our testers follow an in-depth methodology and use their experience to find a range of vulnerabilities.

What are the three types of penetration testing?

Several approaches can be taken to testing depending on the assurance that you need.

Black Box Testing

Working with only the IP address, IP range, or domain name provided, we will assess an environment as if we were an external hacker with no knowledge of the infrastructure.

Grey Box Testing

We’re given information about the environment in order to make more informed judgments about how to test the system.

White Box Testing

We use network diagrams and technical information to plan and execute a focussed and thorough network penetration test.

How we security test external infrastructure 

Several testing stages follow that result in an effective test. By using our platform’s cyber intelligence capability together with expert penetration testing knowledge, Informer’s testers identify your true attack surface with depth.

  • Asset discovery – asset mapping is using Informer’s discovery tools and intelligence engine
  • Service identification – identifies live services that are accessible from the internet
  • Vulnerability analysis – each service is analyzed in detail to identify misconfigurations and software vulnerabilities
  • Service exploitation – exploitation will be performed to verify vulnerabilities and gain access to infrastructure
  • Gain additional access & pivoting – successful exploitation will be used to gain further access to connected networks and hosts

Instant online reporting

Our external network penetration testing service is delivered through our SaaS platform for a faster and more dynamic security testing experience. You can start to remediate vulnerabilities as soon as our testers find them without having to wait for the test to be completed. Utilize our Jira integration to automate ticket creation for your developers to get to work on fixing issues.

A summary is provided for each test and gives you a non-technical overview of the results. For each vulnerability discovered, you can access:

  • Detailed descriptions of the finding with CVSS scores
  • Evidence detailing the location and parameters affected
  • Screenshots uploaded by our penetration testers
  • Remedial action and recommendations
  • References to more information if you need to dig deeper

Each test is stored separately in the platform so you can access detailed findings fast or create a PDF report. You can download reports in a number of formats at any time during or after the test.

Technical support

We go beyond providing reports by offering a comprehensive debrief session so our penetration testing team can talk about the findings. This is a great opportunity for you and your security, IT, and development teams to ask any questions or seek advice.

We're CREST Penetration Testing Accredited

Informer is a CREST Penetration Testing accredited company. We invest in our team to ensure our pen testing methodologies, knowledge, skills, and experience are at the forefront of external network penetration testing.

37838_Crest icons_2022_4_PT-
Perimeter target icon

Exposed open services

Full TCP and UDP port ranges searched and fingerprinted

Circles icon

Mapped network perimeter

Known and unknown internet-facing assets identified

Setting Green Logo

Out-of-date & misconfigured services

Finds all services set up incorrectly and not maintained

Mouse Icon

Unsupported software

Identifies software that is no longer supported by vendors

Information Green Logo

Artifacts left during deployment

Files leftover from set up that expose configurations or credentials are found

Browser Logo

Default settings

Deployed services that have not had their settings changes after release

Frequently asked questions

If you have any further questions, get in touch with our team of security experts

Can you work out of hours?

We can work out of hours for an additional charge. If part of your infrastructure is in a time zone that is in our normal working business hours then we won’t charge.

What happens if you find a critical vulnerability?

Our testers will contact you immediately by phone, email, and the dedicated Slack channel that we will use with you during the testing process.

Will brute forcing our user accounts block access to our systems?

There is a possibility that this could occur. Let us know which systems are sensitive and they’ll be avoided.

Do you test for Denial of Service (DoS)?

This isn’t something we actively test for and we wouldn’t recommend testing for this. However, we will highlight vulnerabilities that could lead to a Denial of Service.

What is network penetration testing?

A network penetration test is a type of security assessment designed to identify cyber-security vulnerabilities that could be used by hackers to compromise on premise and cloud environments.

What are the 5 stages of network penetration testing?

The network penetration testing process typically consists of five phases:

  1. Planning and Reconnaissance. The goal of this phase is to plan to simulate an attack. Understanding your company’s tech stack and systems is key.
  2. This refers to the investigation stage, where penetration testers use scanning tools, explore your systems and identify vulnerabilities of the network.
  3. Gaining Access. Having identified network vulnerabilities, the penetration testers use these security vulnerabilities to gain access to your business network. The pen testers then use these vulnerabilities to exploit your system.
  4. Persistent Access. After successfully gaining access to your system, the pen tester will maintain access long enough to accomplish the typical malicious hackers’ goals.
  5. Security Assessment Report. After the Network Penetration test, a report is prepared discussing the process itself together with the analysis. The report will outline the security vulnerabilities found and how to prevent future attacks.

Why you should perform a penetration test on your network?

It’s crucial to find out how vulnerable your network is before an attack happens. You can use the information collected to fix potential security flaws and keep your data safe from hackers.