Have you ever wondered how hackers see your external network? What is visible from the outside? Are they able to find vulnerable points? The answer for these questions is an external vulnerability assessment with a Black-box approach.

The Black-box assessment is a sufficient approach from the outside

The Black-box approach in the external vulnerability assessment means that the system is assessed without any prior knowledge, the test uses only the returned values from the target system.

Our first step is usually the network reconnaissance: we map the network based on the information available on the Internet. Whois, domain registration, forums, free databases are the basis of the search.

The next step is to detect the network entry points and to identify the services running there. It is essential here to identify the version numbers and to detect all default installations.

The result of the external vulnerability assessment is an inventory in which we make a thorough list of the vulnerabilities of the external hosts. Important part of our reports are the recommendations we make how to fix or at least mitigate the detected vulnerabilities.

It is advised to carry out external vulnerability assessments on a regular basis, at least once a year. You might also want to consider an assessment when installing a new firewall, VPN, or any other network devices. We always make sure to check all findings manually after using automated tools to obtain a more accurate picture of the network.

The Black-box approach can not only be used in external vulnerability assessments, it is also a good approach for web applications and mobile applications.

Sometimes it is a good idea to complete the external vulnerability assessment with a penetration test, where we not only map but also exploit the vulnerabilities we had found and we also attempt to compromise the systems. We only perform a penetration test if the contract allows it.

Although we do our best to avoid causing downtime, these tests may result overload or other problems in the operation of poorly configured systems. This is the reason why do not charge extra for doing the test at nigh or during weekends, so our clients can select which time of the day or the week they want the test to be performed.