Securing business data

External Penetration Testing

Penetration Testing Experts

At CNS we're experts in performing and managing external penetration testing on behalf of our clients. We help evaluate and manage the risk of external attacks through a simple, clearly defined process.


The External Penetration Testing Experts

Manual Infrastructure Testing

Virtually all organisations will have at least one internet connection, often several and they will usually be running services on them such as VPNs, email, webmail, webservers etc. All of these are attractive targets to attackers. It is important to understand that organisations are constantly under attack. 

Though it should be noted that it might not specifically be the organisation that is targeted. Many attackers will simply scan the internet to identify vulnerable targets and attack them, rather than specific targeted attacks against an organisation (though this still occurs particularly for high profile organisations).

It is vital that organisations understand the level of risk they are exposed to, reduce it where possible and manage the required risks. CNS can help evaluate and manage this risk through an external penetration test.

Service Description

An external infrastructure penetration test involves a full port scan of TCP and UDP ports of public IP addresses from one of CNS Group's servers. This is followed up by a vulnerability scan of services found to be running on open ports. Vulnerability scans will be first performed with specialist scanners, however if certain services are discovered, other tools and scripts will be applied that are more specific to that service. The scanners we use are capable of finding a number of common vulnerabilities, such as version numbers displaying in services, default passwords, and insecure protocols.

Once all IP addresses are scanned and services identified, CNS testers will manually connect to each service and test for further vulnerabilities. For instance, if an FTP server is discovered, a tester will attempt a limited brute-force of username / password combinations, based on commonly used values or those relating to the client name. In the case of a web application being discovered, the tester will conduct a small unauthenticated Web Application Test for common vulnerabilities such as SQL Injection of Cross-site Scripting.


Download our External Penetration Testing process overview by completing this form...

call us

Get in touch

Talk to our experts today +44 (0) 20 7592 8800

Send us a message

We'll get back to you Send us a message

Connect with us

See what we're saying elsewhere