At Teceze, we rely on our cyber security expertise to perform and manage all aspects of external penetration testing for our clients. We use a process that is clear and simple to identify and manage the risk or all external attacks. We are the experts in External Penetration Testing.
Many organisations have several connections that host services such as email, webmail, and web servers. These services are potential targets for attackers. Understanding that the organisations are continuously under attack, is important.
Attackers are actively seeking vulnerable targets across the internet.
When they find vulnerable targets, they will attack them until they break through to the network.
It is crucial that organisations are made aware of the potential risks, while they need to reduce and manage them by active external penetration testing.
When the penetration tester demonstrates a multi-dimensional approach and holds a greater sense of understanding of the website and application's technological and business use case aspects, manual infrastructure testing will provide high efficiency.
Using one of Teceze Group’s servers, we carry out a full external infrastructure penetration testing that includes a full Port Scan of TCP and UDP ports of Public IP addresses. We seek out services that are running on open ports by carrying out a vulnerability scan.
This is completed using specialist scanners, to begin with, but if specific services are not identified, we call on other tools and scripts that are applied that are closely linked to those services. We can identify common vulnerabilities including version number displaying in services, insecure protocols, and default passwords using our specialist scanners.
An external penetration testing is typically conducted on a Black Box methodology. This implies that the penetration testers will not be provided with any privileged information such as an application or/and user credentials, infrastructure designs, source code, etc. It would be a replica or stimulation of a cybercriminal or hacker's perspective of attacking your organization once they have found a list of your IPs and domains.
Following a thorough scan of all IP addresses and identification of all services, our expert testers then connect manually to each individual service and then look for any additional vulnerabilities.
An example of this would be the discovery of an FTP server, whereby a tester will attempt a number of username and password combinations using limited-brute force, using common values that are linked to the name of the client. Should a web application be discovered, the tester will then carry out a small-unauthenticated Web Application Test to identify common vulnerabilities such as SQL injection or Cross-site Scripting.
Reducing the risk of non-compliance.
Boosts reliability and brand image.
Detects known security flaws and identifying unexploited security vulnerabilities to access privileged data.
Evite any financial damage.
Identify known and unknown vulnerabilities.
Reduce danger to continuity of business.
Get autonomous security checks.
Our CREST certified penetration testers follow a proven methodology mainly based on the OSSTMM (Open Source Security Testing Methodology Manual). This method emulates the tactics used by the attackers using many of the same readily available tools.
Scoping - Before a test our account management team will address the network/infrastructure evaluation criteria to determine the test scope.
Reconnaissance - Teceze will list your network assets and find any vulnerabilities in your networks that might break in by malicious actors.
Evaluation - Using the information found during the reconnaissance process, we search for possible vulnerabilities for the found hosts.
Reporting - The findings will be evaluated thoroughly by a tester accredited to Teceze. A comprehensive report will be prepared which describes the scope of the test and the methodology used along with the defined risks. This will give the company the opportunity to generate a detailed threat and risk assessment.
Re-test - To help and expedite the remediation, we will provide access to our testers and the raw test data. We can also re-test the systems so you can be confident that all the issues have been resolved successfully.
