Pentest from the Outside
binsec GmbH performs external penetration tests and Internet-facing pentests to identify and assess attack surfaces and vulnerabilities in publicly accessible systems, services and interfaces. An external penetration test simulates the perspective of an attacker attempting to gain access to your infrastructure via the Internet, for example through web applications, APIs or weak passwords.
The methodology for external penetration testing follows a structured approach consisting of multiple phases that build upon each other.
Below are the typical phases of external penetration testing, which we perform depending on customer requirements and the agreed scope.
external Pentest: Reconnaissance & OSINT (Identification of attack surface)
- Evaluation of publicly available data, e.g. domains, subdomains, DNS records and certificates
- Identification of external IP ranges and reachable systems, especially in black-box scenarios without predefined target systems
- Analysis of publicly available information and potential data leaks
external Pentest: Scanning & Enumeration
- Identification of accessible services based on open ports via TCP and UDP
- Detection of services, e.g. web applications, VPN gateways or mail servers, including versions and underlying technologies
- Analysis of interfaces, endpoints and authentication mechanisms
external Pentest: Vulnerability Assessment
- Checking patch levels and software versions for up-to-dateness
- Analysis of access restrictions and authentication mechanisms
- Identification of misconfigurations and deviations from security best practices
external Pentest: Exploitation & Proof-of-Concept (if applicable)
- Development of proof-of-concepts to exploit identified vulnerabilities
- Validation of exploitability within the agreed scope
external Pentest: Post-Exploitation / Privilege Escalation (if applicable)
- Investigation of possible privilege escalation
- Analysis of lateral movement within the infrastructure
- Evaluation of further attack vectors, e.g. data access
Social Engineering / Phishing (optional)
The execution of social engineering or phishing activities is only carried out if these services are explicitly commissioned.
- Execution of simulated phishing campaigns to assess employee awareness
- Analysis of user behavior and potential credential disclosure
- Evaluation of organizational and technical defenses against social engineering attacks
Example Report
Our service in a nutshell:
Conducting Penetration Testing (Pentest)
Since 2013 our certified penetration tester team conduct pentest for IT infrastructures, web applications, mobile APPs (iOS/Android) and other targets while every time using a structured approach based on all relevant publications. As a pentest service provider evaluate the identified and exploited vulnerabilities based on the associated business risk and compiling it into a report that contains a summary for the IT management and the technical details of the vulnerabilities identified. After you fix the vulnerabilities, we usually perform a retest without any additional charge.
Contact usMore than 10 years of practical experience in penetration testing
No subcontractors or external freelancers
Direct communication with the responsible senior penetration tester
Structured, documented, and reproducible testing methodology based on PTDoc
Fully controlled in-house pentesting infrastructure, no cloud services used
Identification of technical and business-relevant security risks
Risk-weighted vulnerability assessment or CVSS based scoring
Report including executive summary and detailed technical section
Retesting of identified vulnerabilities included
Our service in a nutshell:
Conducting Penetration Testing (Pentest)
Since 2013 our certified penetration tester team conduct pentest for IT infrastructures, web applications, mobile APPs (iOS/Android) and other targets while every time using a structured approach based on all relevant publications. As a pentest service provider evaluate the identified and exploited vulnerabilities based on the associated business risk and compiling it into a report that contains a summary for the IT management and the technical details of the vulnerabilities identified. After you fix the vulnerabilities, we usually perform a retest without any additional charge.
Contact usMore than 10 years of practical experience in penetration testing
No subcontractors or external freelancers
Direct communication with the responsible senior penetration tester
Structured, documented, and reproducible testing methodology based on PTDoc
Fully controlled in-house pentesting infrastructure, no cloud services used
Identification of technical and business-relevant security risks
Risk-weighted vulnerability assessment or CVSS based scoring
Report including executive summary and detailed technical section
Retesting of identified vulnerabilities included
Pentest-Methodology
Pentest use the same tools and techniques that real attackers would use to break into a system. It includes the use of security tools and carrying out manual tests to uncover vulnerabilities. Thus is it not a automatic vulnerability assessment. On the contrary, as a service provider for penetration testing we are using the same tools and techniques that real attackers would use to break into a system. But while a real attacker only needs to find and exploit one vulnerability, a penetration tester checks all relevant attack vectors.
Having a structured approach is one of the most important factors to achive this in order to provide a professional pentesting service. This is also important when performing a External pentest. Our approach is based on all relevant standards and publications.
Offer for External Pentest
Pentest are always a compromise between effort and cost, to get a reasonable price. Successful pentest offer a good balance between these criteria to facilitate the testing of all relevant attacks and attack vectors. The cost of such a test always depends on the time the penetration tester spends and on the extent and complexity of the IT system or web applications. While a penetration test for a small application takes only some days, it can take several weeks for a large network or complex application.
For a pentest offers we do require prior information about the systems and applications that are to be examined. It is important that we get an initial impression of the target. For web applications, for example, test access can be helpful. Any additional information, e.g. the framework etc., can make it easier for us to draft a suitable offer for you. If you need us to pentest an IT system, we will need the corresponding network addresses in advance. In this particular case, we will first perform a non-invasive network scan to get a first look at your network. We will provide a detailed offer once we can estimate the effort required.
binsec GmbH is a german pentest company for professional penetration testing. Get in touch with us for your External pentest offer - get your pentest today!
Contact us
Pentesting
for specific standards and requirements
There are a lot of standards or legal requirements worldwide, that require conducting of a penetration test.
binsec GmbH for professional Penetration Testing
External
pentest
binsec GmbH is the german professional penetration testing company for your External pentest. Get a pentest offer without typical sales nonsense. Talk to experts instead to pre sales consultants. Better pentesting. No nonsense. As a professional penetration test provider we do some things differently than other pentest provider: As a penetration test firm, we do not sell vulnerability scans as pentest. We do also focus on business security risks. You are looking for a professionally conducted penetration tests? Get the binsec team for your External pentest!
Contact us
Frequently Asked Questions
It is difficult to give an generalized answer to this question, since the toolset used basically depends on the respective test object. Of course, we use tools such as nmap to check IT infrastructures or the Burp Suite Professional in the case of web applications.
However, we believe that publishing a tool list is mere window dressing, as each target system should be tested individually. However, you are welcome to ask us about the tools we used after the pentest.
Hosting critical business applications on a cloud provider such as Amazon AWS, Microsoft Azure, Google Cloud or Hetzner Cloud is becoming increasingly common.
Of course we perform penetration tests for applications hosted in the cloud. This also applies to penetration testing of cloud-based IT infrastructures, provided that the virtual machines are not managed directly by the cloud provider.
We perform penetration tests for almost any IT environment, system, application or network – right down to protocol fuzzing. Only the analysis of hardware chips under a microscope is something we leave to others.
Typical targets of our penetration tests include:
Web Applications and APIs
Mobile Applications
Servers, Platforms and Infrastructure
- Webserver Pentesting
- Network Pentesting
- Firewalls Pentesting
- WiFi / WLAN Pentesting
- Active Directory (AD) Pentesting
- RDP Server / Remote Desktop Pentesting
- OT Pentesting
Containers and DevOps
Identity and Authentication
+49 692475607-0