External Penetration Testing is the traditional approach to penetration testing.
Focused on servers, infrastructure and underlying software, such testing may be performed with varying degrees of knowledge or access, these would typically include:
- No prior knowledge of target site
- Limited Access – such as that given to potential 3rd parties
- Full disclosure of topology and environment.
This type of target testing should typically involve:
- A complete analysis of publicly available information
- Network enumeration to establish target topology, host identification and analysis
- Monitored activity of security devices.
Vulnerabilities within the target hosts should then be identified, verified and their potential implications assessed.