External Penetration Testing
back to our services...
An external vulnerability scan combined with basic web application testing involves a thorough assessment of an organization's external-facing IT infrastructure to identify potential security vulnerabilities.
This type of external vulnerability scan and web application testing is crucial for organizations to understand and mitigate risks posed by external threats, which are the most prevalent.
It helps in identifying weaknesses that could be exploited by attackers, thereby aiding in enhancing the security posture of the organization’s external-facing infrastructure.
A lot of web applications are built using Content Management Systems and other Off-The-Shelf components and dependencies. In these cases, the application components can be fingerprinted and corelated to known vulnerabilities.
This type of penetration test typically includes the following steps:
Network Vulnerability Scanning:
- Scanning external IP addresses to identify open ports and services.
- Detecting vulnerabilities in exposed network services and devices.
Basic Web Application Testing:
- Testing web applications for common vulnerabilities such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
- Evaluating authentication and session management controls.
- Checking for security misconfigurations in web servers and applications.
SSL/TLS Configuration Assessment:
- Reviewing SSL/TLS settings of web servers for compliance with best practices.
- Identifying outdated or vulnerable encryption protocols and ciphers.
DNS Configuration and Domain Analysis:
- Examining DNS settings for potential vulnerabilities or misconfigurations, such as subdomain takeover opportunities.
Checking for known vulnerabilities
- Checking for vulnerabilities in plugins or extensions.
- Evaluating the update status and security configurations of CMS installations.
- Identifying insecure includes and deprecated libraries.
Email Server Analysis:
- Assessing the security of email servers and protocols.
- Testing for vulnerabilities like open relays or misconfigured SPF records.
Remote Access Evaluation (RDP, SSH, VPN):
- Testing remote access protocols for security vulnerabilities.
- Assessing the configuration and security of RDP, SSH, and VPN endpoints.
- Checking for weak authentication mechanisms and potential brute-force vulnerabilities.
Download a sample report here
Want to learn more?
WHAT OUR CLIENTS SAY
Our internal IT team were in need of expert consultancy to help us strengthen our cybersecurity measures and protect our sensitive data.
We engaged the services of Punk Security and were thoroughly impressed with the level of professionalism and knowledge they brought to the table.
The team was able to provide valuable insights and recommendations, and their guidance helped us implement effective security protocols that have greatly enhanced our overall security posture.
We originally sought Punk’s services to support us with a potential cyber-attack. The team responded immediately, out of hours, and calmly and professionally walked us through the necessary steps to determine that our environment hadn’t been compromised.
Since then, we have engaged Punk to carry out a third party audit of our cloud environment and a gap analysis against the Cyber Essentials and ISO270001 criteria. The team provided a thorough report with recommendations and are now working with us to improve our processes and systems.
I feel assured that we are walking towards best practice security operations.
Having attended a live hack demo held at C4DI we approached Punk Security to help sure-up our cyber security and DevOps processes. Punk not only completed this audit but passed on valuable gained knowledge to our team to broaden their skills and insight in this area.
We have since continued to work in partnership with Punk to implement a WAF and frequently consult their expertise in DevOps in relation to our application so we can all learn and grow in a collaborative way.
Punk are approachable, knowledgeable and also adept at explaining in layman’s terms for the less technical! We look forward to continuing our fruitful working relationship.
Our team at Illumio recently participated in a custom CTF event hosted by Punk Security, and it was a great experience! The CTF was not only challenging but also immensely educational, especially in the realm of cloud security principles.
The challenges presented during the CTF were designed to cover a broad spectrum of cloud security topics. This approach allowed our team to dive deep into practical scenarios that tested our skills and pushed us to explore new strategies and technologies. The balance between difficulty and learning outcomes was perfectly struck, ensuring that each team member, regardless of their prior level of expertise, found the event to be rewarding.
Punk Security were happy to perform external scans pro bono due to our status as an NGO.
The team also spent meeting time on two separate occasions to discuss our requirements and provide advice without any commitment or expectation. I’ll certainly be coming to Punk Security again in future should we need further security services
We initially reached out to Punk Security to help us out with our hosting architecture and were impressed with their breadth of knowledge.
With their expertise we were able to implement additional controls into AWS and successfully scale our systems. When we needed to gain more performance insights, their engineers configured our datadog platform end to end.
We’ve found that they really take the time to understand our problem and then put forward a great solution.