External network penetration testing

Many attackers enter the company via the external network. An external penetration test uncovers vulnerabilities and helps you to close them.

Perimeter security is a top priority at DSecured. We are experts in this field and find every security gap. You will receive the result in a detailed report.

Penetration testing
Damian Strobel

Damian Strobel

Founder and CEO

"The external attack surface offers attackers completely different challenges than, for example, a company's internal network."

What is a pentest of the external network?

The external network is the part of your network that is accessible from the outside - also known as the perimeter. An internet user has access to it. This is why many companies focus their cybersecurity efforts on the publicly accessible network. This means that an external penetration test is a search for vulnerabilities in this part of your network. A big part of a good external penetration test is the search for Shadow IT. This involves searching the entire Internet for assets that are connected to your company but are not managed by you. These could be old domains, subdomains or IP addresses, for example. A good service provider for external penetration tests therefore tries to find various types of vulnerabilities that could be exploited by hackers.

Who should perform an external pentest particularly?

Every company that is active in the digital space and operates or rents servers should consider this type of penetration test. External systems with particularly high protection requirements include SaaS platforms, online stores and generally servers with databases that store sensitive information. A good example of this is, of course, large corporations, some of which have thousands of portals and services on the internet. Each of these services is a potential gateway for hackers. A digital agency that builds websites, APIs and other software products for customers, for example, is also an interesting target and often has a large external infrastructure in the form of many IP addresses, domains and subdomains. Do you have an ASN (Autonomous System Number) and operate your own data center? Then an external pentest is an absolute must and sometimes even mandatory.

Do you want to find out whether there are security gaps in your externally accessible network?

Why we should carry out your external pentest

Experienced team

Most of our employees come from a bug bounty hunting background and know nothing other than attacking the external attack surface. We have worked for many well-known companies and know how hackers think.

Outstanding report

Our reports contain a classic summary for management, technical details for the IT department and detailed instructions on how to rectify the weaknesses found. You also get insights into your shadow IT - free of charge.

Maximum creativity

Hacking is a creative process - especially in the perimeter area. Small things - combined - can become big problems. We are experts at finding exactly that.

Effective risk minimization

The more you know about your external network, the less likely you are to be hacked. We are happy to help you find out what should be tested - and what should not.

Communication

Sometimes things have to happen quickly. If necessary, we share information as soon as we find it. We are flexible when it comes to communication.

Long term partnership

When it comes to the perimeter of your business, we offer a variety of complementary services to further minimize risk.

How much does an external penetration test cost?

The costs of an external pentest depend primarily on the size of the scope, the depth of the test and other factors. We always recommend requesting a quote in advance - give us some information and we will make you a firm offer. As a rule, a pentest of the external network involves checking a defined number of IP addresses. DSecured specializes in manual penetration tests, which are better and usually find significantly more vulnerabilities. However, it is also possible to run the test completely automatically (vulnerability assessment). In this case, software is released onto the IP addresses and searches for known vulnerabilities. A combination is also possible - talk to us about this.

The price of tests of this type starts at 3,000 euros. There is no upper limit - depending on the size of the scope and the depth of the test, an external pentest can cost 50,000 euros or more.

External Network Penetration Test

Let us detect all the weak points in your external network.

Common findings in external penetration tests

In larger networks or companies that have a relatively large team of IT staff, we now very often see “forgotten” services running on atypical ports. Sometimes these are well protected - sometimes not at all. The classic Shadow IT also goes in this direction - here we see forgotten servers in the Amazon AWS or Microsoft Azure cloud again and again. You can find everything there - quickly cobbled together websites, APIs and databases. These services are often inadequately protected or not protected at all.

Sensitive files are also very common - these include document files, backup files and log files. Findings of this type can sometimes have no impact and sometimes be capable of paralyzing the entire company. We've seen it all before. It becomes particularly critical when a dotenv file contains the access data for the infrastructure.

Security vulnerabilities of all kinds are also an integral part of the results list of external penetration tests. These are classic vulnerabilities such as SQL injections, cross-site scripting or directory traversal.

Some companies we have been able to help

Grab
PayPal
BMW
Goldman Sachs
Starbucks
ATT
TikTok
Hilton

Further questions and answers on the subject
"External network penetration testing"

What does a penetration test of the external network at DSecured involve?

It depends on what is required. As a rule, we use a combination of automated and manual tests to identify vulnerabilities in your external network. You specify which assets are to be tested. Alternatively, we search for them ourselves and take care of everything - just like a real attacker.

How long does a typical penetration test of the external network take?

Most of the companies we work with are SMEs. The external networks are relatively small (less than 10 assets) - this scale can easily be tested within a few days. Larger companies with hundreds of assets require more time.

How often should a penetration test of the external network be carried out?

In our experience, it makes sense to test the external network every few months - if there are not many changes. If there are a lot of changes in the network, we clearly recommend something like our External Attack Surface Monitoring Argos - this permanently monitors your network and scans every few days and alerts us if something is strange.

Can service interruptions occur during the test process?

This should not happen. We adapt our tests so that they should not cause any problems. The tests can also take place outside regular operating hours.

Is there a follow-up check after the initial penetration test?

If required, this is not a problem at all. We can also switch to a mode that we call “continuous penetration testing”. Talk to us!

What results can I expect after a penetration test of the external network?

You receive a report from us that focuses on all findings that have a certain impact and should be closed. Your management receives a summary. If required, we can also issue a certificate proving that you have carried out a penetration test.

How can you continuously monitor the external network?

We use Argos External Attack Surface Management to capture and scan the entire perimeter. We then use the data to decide what to look at manually and how. Argos is able to automatically enumerate the entire public infrastructure in seconds. All services running on the servers are shown. Portscans and filescans are the starting point for getting a good picture of external IT security. We often find problems - such as backup archives, weak access data, known security gaps or anomalies that could be security-relevant.

Contact DSecured

Request a quote