External pentest
It is an external pentest, on all or part of your Information System exposed to the Internet. This audit is usually carried out as a « blackbox » assessment.
- Customer-owned open services (SSH, RDP, MySQL, Bucket S3, ElasticSearch, etc.)
- Webserver security (Apache, Nginx, IIS…)
- Exploitation of configuration defects
- Search for vulnerabilities on components (exploitation of known vulnerabilities or 0day)
The audit is carried out in several phases
Passive reconnaissance (consolidation of the attack surface, information gathering)
Active reconnaissance (identification of accessible services)
Identification and exploitation of vulnerabilities
Determination of the real impact of flaws
Deliverables writing
In which cases to choose the external intrusion test?
Have the same vision as an external attacker.
Ensure filtering and external access policies are implemented and robust.
Test the security of the Information System against a motivated external attacker (manual analysis).
Discover the adventures of Jean le pentester on an external intrusion test for a more colorful description.
Mission organization
An initiation meeting makes it possible to identify the needs and scope of the mission, as well as any constraints.
A legal mandate between the different parties is published in order to supervise DSecBypass‘s audit service.
The consultant in charge of the mission can be reached at any time during its execution and informs the customer in the event of a critical discovery.
Penetration test results
The deliverables of the mission include a report as well as two optional restitutions.
The report includes a summary of the results as well as the details of the identified vulnerabilities and recommendations.
The technical restitution is an opportunity for the consultant to present his approach and his results in an interactive way, and to discuss with the client and his teams on the action plan. Managerial restitution makes it possible to address an executive audience.
