An external network pen test is designed to test the effectiveness of perimeter security controls to prevent and identify attacks as well as weaknesses in assets that are internet facing. This is included but not limited to web servers, file servers, mail servers, proxy servers, virtual servers that are internet accessible.
Steps For Infrastructure Penetration Testing
Our experienced analysts will test the area(s) the client requires, using a combination of toolsets and techniques to identify vulnerabilities, information disclosure, misconfiguration, and various other attack vectors to compromise the host or network infrastructure. The analysts conduct high-level reconnaissance of all networking infrastructure and attempt to identify any critical infrastructure for the testing phase. All information identified throughout the reconnaissance stage is actioned, and the tester(s) conduct complete enumeration and, if required and approved, exploitation of target(s) to attempt to gain access to hosts, move laterally throughout the network and privilege escalate. The CYBX Team will employ the use of industry standard tools such as Nmap, Burp Suite, Nessus and techniques used by real-world hackers to evaluate your security and simulate a breach in a safe, controlled environment.
All infrastructure engagements are finalised with a report detailing findings scored on a Low, Medium, High, Critical or CVSS v3, depending on preference. The reporting phase will outline all identified vulnerabilities and the remediation actions necessary to fix security weaknesses.