At Teceze, we rely on our expertise to perform and manage all aspects of external penetration testing for our clients. We use a process that is clear and simple in order to identify and manage the risk or all external attacks. We are the experts in External Penetration Testing.
Manual Infrastructure Testing
A huge number of organisations will have some form of internet connection and in some cases, they will have several connections that host services such as email, webmail and web servers. These services are potential targets for attackers and so, understanding that the organisations are continuously under attack is important.
Attackers, in most cases, are not out to attack the business but they are actively seeking vulnerable targets across the internet. When they find vulnerable targets they will then attack them until they break through to the network. It is crucial that organisations are made aware of the potential risks, while they need to reduce and manage them through active external penetration testing.
Using one of TECEZE Group’s servers, we carry out a full external infrastructure penetration test that includes a full port scan of TCP and UDP ports of public IP addresses. We then seek out services that are running on open ports by carrying out a vulnerability scan. This is completed using specialist scanners to begin with, but if specific services are not identified,
we call on other tools and scripts that are applied that are closely linked to those services. We can identify common vulnerabilities including version number displaying in services, insecure protocols and default passwords using our specialist scanners.
Following a thorough scan of all IP addresses and identification of all services, our expert testers then connect manually to each individual service and then look for any additional vulnerabilities. An example of this would be the discovery of an FTP server, whereby a tester will attempt a number of username and password combinations using limited-brute force, using common values that are linked to the name of the client. Should a web application be iscovered, the tested will then carry out a small-unauthenticated Web Application Test to identify common vulnerabilities such as SQL injection of Cross-site Scripting.