External Penetration Test
Our External Penetration Test simulates a real-world attack against your internet-facing infrastructure. Testing follows PTES, NIST SP 800-115, and OSSTMM v3 methodologies.
Testing Phases
- Reconnaissance & OSINT — DNS enumeration, subdomain discovery, certificate transparency analysis, network mapping, exposed credentials search
- Vulnerability Assessment & Exploitation — CVE-based vulnerability identification, deprecated protocol detection (TLS 1.0/1.1, weak ciphers), VPN gateway testing, mail server security (SPF, DKIM, DMARC), cloud misconfigurations, subdomain takeover
- Post-Exploitation — Privilege escalation, pivoting, data exfiltration scenarios
Deliverables
- Technical report with CVSS v4.0 ratings
- Network topology diagram
- Executive summary
- Remediation roadmap
- Free retest within 30 days
Meets requirements under PCI DSS v4.0, NIS2, ISO 27001, SOC 2, and DORA.
Duration: 3-5 days | Price: Based on scope — contact us