External security assessments focus on the security of your systems and services which are publicly facing and internet accessible. These systems can present a potential access point into your internal network and also may form the online face of your company. Ensuring their security from the latest threats is therefore of critical importance to any organisation.


External Infrastructure can be the subject of a large number of automated and manual attacks, targeting any services which are configured to be publicly accessible.

Remote authentication services could be subject to brute force password guessing attacks and unpatched systems could be compromised. There are a variety of ways which your External assets may come under attack and so ensuring a robust security posture is of upmost importance.

As part of our approach, our Penetration Testers use a combination of the most effective automated tools and manual exploitation techniques to identify vulnerabilities across your external estate. Our extensive reports provide a thorough assessment of each vulnerability and provide business context alongside each finding.

This is supplemented by technical and non-technical descriptions including evidence of exploitation to assist in prompt remediation activities and provide a thorough understanding of each issue.

An External Network Assessment will allow your organisation to:

  • Receive assurance around your organisation’s publicly facing systems and services
  • Understand each risk which may be present within your current implementation
  • Make ongoing improvements to your external security via specialist support, advice and consultancy.
  • Gain access to a dedicated team of specialist CREST Registered penetration testers who use the latest tools and techniques to accurately assess and identify emerging threats


1. What is the difference between an External Penetration Test and an Application Test?

An External Penetration Test is focused around underlying infrastructure and specific hosts rather than on the Web Applications residing on these hosts. Web Application security is a specific skill and requires a fully qualified consultant who understands the software architecture in order to provide a thorough assessment.

2. Why do I need an External Security Assessment?

Externally facing systems and services can be the first assets which come under attack by either an automated or targeted attacker.

The compromise of these systems may lead to the direct exposure of sensitive company data or provide access to further systems and so ensuring their security is of critical business importance.

3. Which External assets should be tested?

Any assets which are accessible publicly should be incorporated into a security testing schedule. Scanning tools are continually searching the internet for accessible systems to exploit, targeting unpatched systems and login portals for compromise.

Excluding any systems from a security assessment can leave a potential security hole in your organisation which can be exploited over the internet.

4. What will I receive after the test has been completed?

The deliverable from any External Network Assessment is a complete report, detailing and contextualising each identified vulnerability against your business and relaying the risks that each issue poses to your systems and services.

The report provides a complete description of what each identified issue is, specific remediation advice on how to address the issue, and detailed evidence, wherever necessary to verify the issues impact.