If you run web-facing platforms — such as SaaS, mail and Login Portals — there are a number of ways bad actors could strike. Whether it’s exploiting a security flaw in the service or capitalizing on your lack of multi-factor authentication, all a cyber criminal needs is one foot in the door to compromise your entire system.
That’s why any company running a web-based network service(s) needs to put their externally-facing security to the test. With an annual evaluation of your technical defenses, you can rest assured knowing you’re doing your part to improve the safety of your web-exposed servers and workstations.
The problem is, other pentesting companies stop at the automated scan— running a software program to screen for vulnerabilities and handing you a generated report. When it comes to external network pentesting, you can’t rely on the automated scans alone. You need a team who takes it a few steps further, one who checks for false positives with manual review and pursues the vulnerabilities they find…
If it has an IP address, our team at Mitnick Security can test it. And if we find a vulnerability, we can breach it and offer solutions to prevent compromise in the future.
These annual pentests usually begin with an introductory chat to discuss your goals. During this meeting, we’ll come to an agreement on your most valuable data so our pentesters know where to shoot for the bullseye. We’ll define a scope and determine the test’s length (typically anywhere from 3-6 weeks, depending on your company size and the complexity of the engagement).
This is also where we’ll settle on some dos and don’ts of the pentest, defining clear rules for what types of attacks and disruption are okay while we work. For instance, we may agree that a certain server or DDoS attacks are off-limits.
After we settle on the start date and your scope, it’s go-time.
Our pentesters will start by pursuing technical means of entry, looking for outdated services, weak credentials, etc. to find blind spots in your technology. Once revealed, we’ll take it a step further than other pentesters by exploiting the vulnerabilities we find, showing you what we can get our hands on in the process.
In an external network pentest, we’ll look for vulnerabilities in your web, mail and Login Portals. Web applications, however, are a scope all their own. Web app pentests focus extensively on one (often complex) application as a sole means of entry. If your company developed its own web or mobile application, this would be the test for you.