-->

EXTERNAL PENETRATION TESTING





_




Approach


Our External Penetration Tests are conducted from the perspective of an external malicious black-hat hacker. We methodically follow the following steps:

Scoping: Our testing experts will engage in discovery activities, such as external penetration test security needs and requirements, existing SLAs, risks potential vulnerability exposures and defining the scope. Other aspects succh complexity, tailoring possibilities and threat intelligence focus will also analyzed.

Reconnaissance: We will conduct reconnaissance & Footprinting to gather intelligence about your network environment and identify all external network assets belonging to your company. This will be followed up by scanning & enumeration to discover services and applications and map externally visible services to their associated vulnerabilities.

Exploitation: During this phase we will perform the actual attacks and compromise network targets such as your web applications, email and VPN services, and public websites or portals. WE will also conduct a access & exfiltration test to extract sensitive data belonging to your company, such as personal information, source code, internal methods/procedures, credit card numbers, etc., and thus demonstrate the impact of an actual attack.

Remediation Verification: Our testers will perform a follow-up assessment to ensure that the exploitation phase’s remediation and mitigation steps have been accurately implemented. This also enables the testers to confirm that the customer’s security posture is aligned with industry best practices.

Delivery: Cleanup, document analysis, report creation and report presentation to stakeholders to easily benchmark security level of each process based on the results of penetration tests and implementation of countermeasures if requested by the customer.

   

Methodology


Our methodology differs from project to project. We use well-known methods such as OWASP, PTES, ISSAF, and NIST and blend them with Agility, Scrum, and DevOps methodologies to deliver the best results.

Continuous Pentesting methodology is our primary approach. This involves performing integral and incremental pentests at every stage of the development process, allowing us to detect and fix vulnerabilities promptly. Our integral pentest establishes a baseline of current security status, while our incremental pentest verifies security-related changes in line with your development methodology and release cycle. However, even though penetration testing should be done early, that's not always the case since most companies are not interested in performing a penetration test before it's too late. Yes, we can optimize our methods to test ancient systems. At Vuntie, nothing is impossible!

At Vuntie, we use only the most reliable and practical tools for penetration testing, including Kali Linux, Metasploit, Nmap, Aircrack-ng, Burp Suite, OWASP ZAP, and John the Ripper. Our commitment to using the best tools guarantees accurate and comprehensive results for our clients.

   
External penetration testing

Vulnerabilities covered in our external test

Our External Penetration Tests cover the industry-agreed most critical external network and software vulnerabilities, for example the following but also a lot more!

Buffer Overflows
Code injections
Authentication
DNS Spoofing
Credentials
Evasion attacks
Bad configuration
Weak encryption
Unpatched systems
Software flaws
Bad firewalls
Security controls