The very first phase of each system pentest project that we recommend to companies with one or more physical locations is to let us familiarize ourselves with how they appear to the world from outside.
The external vulnerability assessment primarily focuses on how an attack could be carried out from the outside inwards, most commonly reaching down from a seemingly harmless company website to a database server. There are also other types of external connections that fall within the scope of the external assessment, such as leased lines or other private solutions.
The process contains several phases that are typically firmly linked to each other, as in collecting general and technical information on the customer’s networking infrastructure, its installed hardware and software components, system services, network traffic analysis which is followed by an automated vulnerability assessment with specialized targeted software also used by fraudulent hackers. There are always things that are not subject to automation due to their nature, here manual assessments and penetration attempts are made, which we – by the way – love and value the most.