External pentest —modeling of penetration into the IT infrastructure
Imitation of the actions of an external intruder
Testing using the Black Box model
A complete list of vulnerabilities with recommendations for elimination
Support after the pentest
What is an external pentest
Attacks on the IT infrastructure most often occur through the external perimeter. An attacker exploiting vulnerabilities in IT infrastructure components gains access to confidential information.
Frequently Asked Questions
The external pentest consists in simulating the actions of an attacker who is trying to penetrate the IT infrastructure from the outside and gain access to protected information. In general, external penetration testing is carried out using the Black box model (the pentester completely lacks information about the composition of the Client's IT infrastructure).
When testing is needed
When checking the security of the IT infrastructure
Pentest will help you check how secure your infrastructure is not only in theory, but also in practice
When meeting the requirements from the regulators
Pentest is a mandatory requirement according to PCI DSS, 719-P, 683-P, 757-P, 742-P, 802-P and GOST R 57580
After making significant changes to the IT infrastructure
Pentest can be used to identify new vulnerabilities that have arisen after the infrastructure upgrade
What will you get
Summary
A general description of the results of the pentest without using specialized terminology, but with an assessment of the criticality of the identified vulnerabilities.
Technical Report
It contains information about the vulnerabilities found, how to reproduce them, and scenarios for their exploitation. The Report also contains detailed information on how to fix the vulnerabilities found.
Expert opinion
This section contains information on individual ways to increase the level of information security, taking into account the Client's business processes.
How to use the Pentest Report
01
Analyze the results
Carefully review the Report to understand the identified vulnerabilities, potential consequences and recommendations for their elimination.
02
Develop an action plan
Create an action plan to eliminate the identified vulnerabilities. Set deadlines and responsible persons to ensure an appropriate response to each problem.
03
Fix vulnerabilities
Take measures to eliminate the identified vulnerabilities in accordance with the developed action plan
04
Repeat testing
After fixing the vulnerabilities, repeat the pentest to make sure that the problems have been successfully fixed and the system is now protected.
05
Update policies and procedures
Based on the results of the pentest, update the security policies and procedures.
06
Staff training
Conduct employee training to increase awareness of risks and best security practices
For external pentest, we use
Nessus and Burp Suite network scanners, Nmap and many other utilities from the Kali Linux distribution
Manual testing. We apply the skills, experience and knowledge of our specialists, and not just scan the perimeter
Specialized software of our own development
Advantages ITGLOBAL.COM Security
1/5
Certificates
External pentest is performed by specialists who have international certificates: OSCP, OSCE, OSWE, CEH
2/5
Following the standards
PCI DSS, 719-P, 683-P, 757-P, 742-P, 802-P and GOST R 57580
3/5
Own testing methods
Availability of more than 30 proprietary techniques for conducting an external pentest
4/5
Support after the service is provided
We continue to advise you after the pentest to help eliminate the vulnerabilities identified during the process.
5/5
Proven experience
10 years of practical experience, real cases of our clients and all the necessary licenses of the FSB and FSTEC
Frequently Asked Questions
What is a pentest?
Pentest is a method of assessing the security of IT infrastructure or information systems, using techniques and tools similar to those that can be used by attackers
Types of pentests
Types of pentests
- External pentest is a simulation of the actions of an attacker who has illegally penetrated the IT infrastructure from the external environment
- Internal pentest is a simulation of the actions of an attacker, from the position of an internal user or employee who has access to the IT infrastructure or information systems
- A web application pentest is a simulation of an attacker's actions aimed at identifying vulnerabilities that can be used to gain unauthorized access to data, functionality, or resources of a web application.
- A mobile application pentest is a simulation of an attacker's actions aimed at identifying vulnerabilities that can be used to gain unauthorized access to data, functionality, or resources of a mobile application.
What are the methods of conducting pentests?
- White Box — mimics the actions of an employee who holds a responsible position and has specialized skills.
- Gray Box — simulates the actions of an employee with basic access to the company's infrastructure and services.
- Black Box — an attack is simulated by an attacker who knows nothing about the company's infrastructure, only its name.
How does pentest differ from security analysis and information security audit?
Security analysis allows you to find all known and unknown vulnerabilities in your IT infrastructure. Information security audit allows you to assess the current state of the Client's information security processes and get an objective assessment of their maturity. Pentest allows you to find all known and unknown vulnerabilities in your IT infrastructure and carry out attacks using them.
Our clients
External pentest.
Order a service