External Network Penetration Testing

External networks are often the most critical infrastructure for businesses. Since they support web, and other critical applications, external networks are an attractive target for cybercriminals. They are the most exposed systems and are, therefore, the most easily and regularly attacked. A successful compromise of an externally facing server could potentially allow an attacker a foothold into a company’s internal network.

Making use of external network penetration testing services will help ensure a company’s infrastructure is free from common security vulnerabilities, which, if exploited by cybercriminals, could have a huge impact on a business’s financial and reputational standing.

Network Penetration Testing

What is an external network penetration test?

An external network penetration test or infrastructure penetration test is a security assessment of an organisation’s perimeter systems with the intention of highlighting vulnerabilities resulting from outdated software or various misconfigurations.

There are three forms of methodologies that can be used in external penetration testing; black box, grey box, and white box. 

Black box testing is when the pen tester has no prior information about the organisation’s infrastructure or data, and starts from square one, as hackers do. 

Grey box testing (or Gray box testing) is a penetration testing technique utilised to test a software product or application with partial knowledge of the internal structure of the application.

White box testing is when the pen tester is provided with all required information, in the case of an external penetration test it would be a list of the IP addresses that the client owns and wishes to be assessed.

External network penetration testing is often white box, however there are cases where a client will ask for the pen tester to see if they can find the IP addresses they own, which would be considered a black box assessment. The tester would then need to confirm the IP addresses are correct with the client before any scanning starts. For a grey box assessment, the client might provide a range of IP addresses, and have the tester confirm which ones in the range they think are relevant. Again, the tester would then need to confirm the IP addresses are correct with the client before any scanning can commence.

What is the difference between an external penetration test and a vulnerability scan?

An external network pen test differs from a vulnerability scan as it offers the addition of manual testing. Using both disciplines minimises the potential for false positives, and covers areas that scanners are unable to discover.

For example, a scanner may note a port as being open but be unable to provide further information as it’s based on signature detection. Manual probing may allow for a penetration tester to identify a service that a scanner would have otherwise missed.

How is an external network penetration test performed?

Here at Aardwolf Security, our team of penetration testing experts have established an effective 6-step system for performing an external network penetration test.

    1. Reconnaissance

To get an idea of the client’s security level, a pen testing expert will first conduct an analysis, assessing the potential requirements, using Open Source Intelligence (OSINT).

    2. Scanning

Using automated scanners, the consultant will delve deeper into the infrastructure of the client’s servers scanning all 65535 ports, probing for services, their subsequent versions, and whether there are any associated misconfiguration.

    3. Manual assessment

This step is where most of the consultant’s time is utilised. Use a range of probing and verification techniques to delve deeper into the infrastructure, this process involves a range of specific manual penetration testing on the following areas: 

  • Authentication
  • Authorisation
  • Session management
  • Input validation and sanitisation
  • Server configuration
  • Encryption
  • Information leakage
  • Application workflow
  • Application logic

    4. Exploitation

Next, the vulnerabilities unveiled in the scanning and manual probing stages are raised to the client. Depending on the client’s business operations and the severity of the vulnerabilities, the client may give the consultant the go-ahead to subject certain issues to exploitation attempts.

    5. Reporting

After the exploitation attempts have been made, the pen testing consultant will produce a comprehensive report to highlight the impact likelihood of all system defects, and recommend solutions.

    6. Retesting

The sixth and final step of the process, offered exclusively at Aardwolf Security, is a free retesting, once the client has actioned their software system solutions, to make sure that their infrastructure weaknesses have been resolved correctly and completely.


How long does it take to perform an external network penetration test?

There are numerous factors that influence the scoping of a penetration test, such as:

  • The size of the subnet
  • Underlying infrastructure
  • Number of exposed services

How much is an external network penetration test?

An external network pen test cost is calculated by the number of days a penetration tester will take to fulfil the agreed scope. The number of days can be determined by filling out our penetration testing scoping form or messaging us through our contact form to arrange a scoping call with one of our senior penetration testers.

What are the deliverables following an external pen test assessment?

Following the completion of an external network assessment, the security consultants will produce a custom report highlighting any identified issues, their risk levels, and recommendations regarding how to remedy them.

Aardwolf Security utilise CREST accredited penetration testers for network penetration testing. With decades of collective experience in the field, SMEs all around the world put their trust in us to help them protect their business against cybercrime. 

If you’re curious as to how we could help reinforce your infrastructure, get in touch today to speak with one of our Senior Consultants, or fill out our 5-minute online quote form for a bespoke quote.