We offer various types of network and infrastructure penetration tests that together cover a full range of vulnerabilities. The penetration tests are carried out by experienced security experts, accredited by the world leading standards and certifications.

External Network Penetration Tests

An external penetration test covers the assessment of security of systems exposed to the Internet. Considering that anybody who is connected to the Internet can access such services remotely, the risks of attacks are very high.

The most common external security assessment attacks include front-side attacks. A front-side attack simulation allows the assessment of the security level of systems in the DMZ. Web servers, database servers, mail servers, VPN servers and web domains are the most popular systems accessible by anybody from the Internet and their exposure to it is the cause of frequent attacks. Our security experts carry out numerous simulations of front attacks and identify the risks involved. 

Network Penetration Testing Methodology

Our penetration testing methodology encompasses a multitude of tools and skills to assess the overall health of a company’s security infrastructure. As such, all security assessments must adapt to an organization’s infrastructure, host services, and security policies so as to provide a holistic security review of their networked environment.

Our testing ensures that common best practice guidance and methodologies are covered including all components listed in the OWASP Top 10. Our approach is based around six key phases:

  1. Scoping
  2. Reconnaissance and Enumeration
  3. Mapping and Service Identification
  4. Vulnerability and Exposure Analysis
  5. Service Exploitation
  6. Pivoting

Reporting and Debrief

Finally, we document all vulnerabilities and exposures within the environment. Reports aim to quantify the exposures and identify how and why they may pose risks to the business. Remediation advice and guidance is provided in our report on how the environment should be improved. Our report consists of two parts, a management summary and a technical report.

Debriefs can either take place via conference call, through WebEx, or through face-to-face meetings. During these debrief sessions, we will walk the client through their security exposures and offer advice and guidance on how the environment should be improved.

Contact Us

Please fill in the following information and a Fast Lane representative will contact you soon.