External Network Penetration Testing
Spider Sec Ltd offers External Network Penetration Testing services which are designed to provide assurances that your Internet facing infrastructure has been designed and configured in line with industry best security practices.
What is External Network Penetration Testing?
An External Network Penetration Testing identifies and addresses vulnerabilities which may be present in an organisations external-facing servers, workstations, mails servers, virtual environments and network devices.
Brief Overview of a standard Test:
- Discover missing OS and software patches.
- Check for SSL and other encryption technology misconfigurations.
- Discover insecure authentication methods, including weak credentials in use.
- Check for insecure Firewall rules.
- Discover host Information leakages.
- Check implementations of services or system administrative tools facing the internet.
- Check weak security controls.
Key Benefits Of A External Network Penetration Test?
Using our skills in offensive security we will simulate a genuine attack on your external infrastructure. During the test, we will ensure there are no common or publicly known vulnerabilities in the target system at the time of the test. Alongside this, our consultant will also perform checks to ensure your external infrastructure is following best security practice.
A External Network Penetration Test will help our clients:
- Comply with GDPR and other regulatory bodies which require regular penetration testing.
- Provide evidence to your clients or supply chain that your organisation take proactive steps towards securing your data.
- Develop in house security awareness of common vulnerabilities for system admins. Making them proactive in securing the network and raise awareness of possible areas where vulnerabilities can be introduced.
- Reduce the risk of being successfully attacked by cyber criminals.
Our methodology
Our consultants are all certified with at least Check Team Member or OSCP certificate. We follow the industry-standard OSSTMM methodology. Alongside this, we use our own in-house methodologies which have been tried and tested during our own careers.
Penetration Testing Engagement Process
Scoping
Spider Sec has tried to make the scoping process as easy as possible. We have created a quoting form which will price your project based on your requirements. If you are happy with the quote, send it to us and we will send over our authorisation forms and SOW to be filled out. Then we will schedule the engagement and ensure all prerequisites are in order.
Engagement
On the scheduled date you will receive an email before the penetration test begins. During the engagement, if any high or critical risk vulnerabilities are discovered you will be informed ASAP.
Reporting
Once the engagement is completed we will write up our discoveries into an easy to digest report with remediation steps and risk ratings.
Retest
After you have digested the report if you wish to book a retest please let us know. We are happy to retest high and critical risk vulnerabilities for free.
Vulnerability Disclosures
Multiple Authenticated Stored XSS in NinjaForms Settings Page (Version 3.4.22 )
Authenticated Stored XSS in NinjaForms Settings Page (Version 3.4.22 ) Background A consultant at Spider Sec Ltd identified a critical vulnerability […]
Read MoreRegistration Magic Multiple Unauthenticated XSS Vulnerabilities (Version 4.6.0.0)
Registration Magic Version 4.6.0.0 (Multiple XSS Vulnerabilities) Background After discovering two new WordPress Plugin vulnerabilities on a recent web application penetration test […]
Read MoreRegistration Magic Authenticated Blind SQL Injection inside URL
(Version 4.6.0.0)
Registration Magic Version 4.6.0.0 Authenticated Blind SQL Injection in URL Background If you still haven’t read the preface to this discovery […]
Read MoreCalculated Fields Form WP Plugin (Version <= 1.0.353) Authenticated Stored XSS
Calculated Fields Form WP Plugin (Version <= 1.0.353) Multiple Authenticated Stored XSS Background The Calculated Fields Form plugin through 1.0.353 for WordPress […]
Read More