Identify security vulnerabilities by simulating the real-world threat of an attacker.

Bishop Fox External Penetration Testing identifies security vulnerabilities by simulating the real-world threat of an attacker attempting to exploit target networks and applications.

These zero-, partial-, or full-knowledge assessments begin with the discovery of externally identifiable systems and the footprinting of designated networks and applications. Next, using a combination of manual and automated techniques, the assessment team enumerates systems and services for potential attack vectors. The team also enumerates the access control lists (ACLs) of firewalls and other perimeter security devices to pinpoint potential security exposures. Exposed applications are scanned and tested by combining automated tools and manual techniques.

Finally, the team performs further manual identification and exploitation of any vulnerabilities in an attempt to penetrate the targets and gain access to sensitive data, critical functionality, and the underlying infrastructure.

This Methodology document provides an overview of the following external penetration testing phases:

• Pre-assessment
• Network Discovery and Network Pen Testing
• Analysis and Reporting