Back to Penetration Testing main page
What Areas are Tested in an External Pen Test?
An external penetration test, also known as a "white-hat" hack, simulates a cyber attack on your company's network and systems from an external source. During the external pen test, several areas are checked to identify security vulnerabilities that could be exploited by a hacker. These areas include:
- Network infrastructure: This deals with your routers, firewalls, switches, and other network devices that control access to your company's internal systems. The devices are checked for vulnerabilities that might allow an attacker to bypass security controls and access your internal business systems.
- Web applications: This includes any web-facing applications, such as online portals or e-commerce sites, that are accessible from the internet. These applications are checked for weaknesses against attacks such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF)
- Remote access: This includes checking for vulnerabilities in virtual private networks (VPNs), remote desktop protocols (RDPs), and other remote access technologies that allow your employees to connect to your internal network from outside the office. This is especially relevant to today's working practices.
- Email systems: You need to check email servers, email clients, and web-based email systems that could allow an attacker to steal sensitive information or install malware.
- Social Engineering: Your own staff are tested against common social engineering techniques, such as phishing emails, social network messaging, etc. Without proper training staff can unconsciously allow hackers access.
- Wireless Network: This includes checking for poor security in wireless networks, such as weak encryption or easily crackable passwords.
- Cloud Services: Your cloud-based services are scanned for misconfigurations or weak access controls.
The goal of an external pen test is to identify cyber threats that your business is vulnerable to before they can be exploited by malicious hackers. You can then take steps to close the holes in your cyber security.
Start Truly Securing your Business
Take control of your businesses cybersecurity.