External Network Penetration Test

What is an External Network Penetration Test?


An External Network Penetration Test aims to assess your Internet-facing network for vulnerabilities and security issues in servers, hosts, devices and network services from across the Internet.

The end goal is to identify any attack paths via vulnerable hosts or services that could be leveraged by an attacker to gain access to internal resources from across the globe.

It is important to understand that penetration testing is different from vulnerability scanning. A vulnerability scan is used to identify, rank, and report vulnerabilities. A penetration test is an authorised cyberattack on computer systems using the same tools as real cybercriminals to exploit vulnerabilities or otherwise actively defeat the security controls and features of a network or system. As a result, vulnerabilities and misconfigurations that are identified during the External Network Penetration Test should be thought of as those that an unauthorised intruder could discover and take advantage of.


Did You Know?

  • 96% of External Network Penetration Tests identify at least one vulnerability exposed to attackers.

  • 21% of External Network Penetration Tests result in the consultant gaining internal network access from across the Internet.

  • In more than 20% of cases, unauthorised access is obtained due to an inadequate password policy being enforced in the organisation.

  • Not all External Network Penetration Tests are equal — engagements where the testing scope is not restricted are more likely to result in some method of unauthorised access. Remember that a real attacker does not have a limited scope.

Why Choose BlackBug?


The Internet-facing assets of any organisation are those most vulnerable to attack from malicious third-parties. Our External Network Penetration Tests provide you with an independent perspective on your organisation's public presence, and provide benefits including:

  • Identification and assessment of all Internet-facing assets an attacker could use as potential entry points into your network
  • Assessing the effectiveness of your firewalls and other intrusion-prevention systems
  • Identification and detailed listing of any patches that need to be installed
  • Identification of current encryption protocols and suggestion for implementation of more secure protocols
  • A feeling of confidence that your external network can stand up to current threats and attacks employed by malicious individuals, once any weak points have been remediated.