Tune into our first episode of Tool Talk: a how-to series for hackers. REGISTER ›

Bishop Fox External Penetration Testing Methodology

Overview of Bishop Fox’s methodology for external penetration testing.

Bishop Fox External Penetration Testing Methodology F

Identify security vulnerabilities by simulating the real-world threat of an attacker.

Bishop Fox identifies security vulnerabilities by simulating the real-world threat of an attacker attempting to exploit target networks and applications.

These zero-, partial-, or full-knowledge assessments begin with the discovery of externally identifiable systems and the footprinting of designated networks and applications. Next, using a combination of manual and automated techniques, the assessment team enumerates systems and services for potential attack vectors. The team also enumerates the access control lists (ACLs) of firewalls and other perimeter security devices to pinpoint potential security exposures. Exposed applications are scanned and tested by combining automated tools and manual techniques.

Finally, the team performs further manual identification and exploitation of any vulnerabilities in an attempt to penetrate the targets and gain access to sensitive data, critical functionality, and the underlying infrastructure.

This Methodology document provides an overview of the following external penetration testing phases:

  • Pre-assessment
  • Network Discovery and Network Pen Testing
  • Analysis and Reporting

Extend Your Knowledge

Check out these related resources.

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.