Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Understanding External Network Penetration Testing

Penetration Testing

Published: Jun 23, 2022

Last Updated: May 5, 2025

 

Penetration tests are security assessments designed to discover and identify security weaknesses in your organization's defenses by simulating real-world attacks. One of the most common types is the external penetration test, which focuses on what an attacker might do from the internet.  

Specifically, an external network pen test examines all your systems that are accessible from the public internet, looking for vulnerabilities that could allow an attacker access. When you work with a security team for this type of test, they act like an attacker, attempting to exploit weaknesses to get in.  

As highly experienced penetration testers who offer this service among others, we’ll provide a full explanation of external network penetration testing, including the methodology, timeline, cost, and tips to prepare ahead of your test. That way, you can be sure that an external network penetration test is the right move for your firm among the other options available. 

What is an External Network Penetration Test? 

When you engage a team to perform an external network penetration test, they’ll act as an attacker on the open Internet and attempt to breach those web-facing assets you have. 

Using different techniques such as port scans and vulnerability scans, they’ll identify where they can push through security vulnerabilities and misconfigurations in all in-scope hosts so as to gain access to your supporting infrastructure or service. 

But that's the extent of it—if the penetration testers do happen to gain access to the internal network, no further action will be taken to pivot deeper. The goal is to identify the entry point and demonstrate the risk, not to fully compromise your systems. 

What Are the Different Types of Penetration Tests? 

Let's clarify how external tests fit into the bigger picture as compared to some of the other pen test options available:  

How Long Does an External Pen Test Take?  

 

Generally, an external network penetration test takes about 1 week if you have fewer than 1,000 systems in scope. The timeline extends as you add more systems to be tested.  

How Much Does an External Pen Test Cost?   

Every organization is unique, so costs vary depending on size and complexity. Key factors influencing the price include:  

  • Scope and complexity: The size of your internet-facing infrastructure, such as the IP address space. 
  • Organization size: The number of active systems or live hosts. 
  • Team experience: The expertise of the security team performing the test. 
  • Test type: Whether it's a Black Box, Grey Box, or other approach (explained below). 

Where to Start: Choosing the Right Assessment Type  

f you are ready to understand where your defenses might need improvement, then deciding on your assessment type is your first key consideration.

There are two different assessment type options that are commonly requested: 

  • Grey Box Assessment: 
    • You provide a list of your systems (public IP addresses or domain names). The tester focuses only on those approved systems/in-scope hosts.
    • We recommend this approach. It’s more efficient and delivers better results for your investment. 
  • Black Box Assessment: 
    • The tester discovers your internet-facing assets on their own through reconnaissance. They then give you a list to approve before testing begins. 
    • This method takes more time, as you need to verify the accuracy of the discovered systems before active testing can begin.  

Regardless of the type, we don't recommend restricting the scope. Limiting the test could lead to vulnerabilities being missed which would require additional assessments later. 

External Penetration Testing Methodology  

A successful external network penetration test follows a structured approach to maximize efficiency. Most teams will follow these steps:  

  • Pre-Engagement: Define the goals and desired outcomes of the test with your team. 
  • Defining Scope: Determine which systems and assets will be included in the test. 
  • Exploitation: The team works to identify and exploit security weaknesses. 
  • Reporting & Remediation: You receive documentation of the procedures and findings, and you begin addressing any identified issues. 
  • Retesting: The test is repeated to verify that the fixes you implemented as a result of the previous assessment are effective. 

Key Considerations for a Smooth External Pen Test  

Here are two tips to make the most of your experience:  

  • Don't keep it a secret. 
    • Let your internal security team (Security Operations Center (SOC) or Network Operations Center (NOC)) know about the test and provide the public IP addresses the team will be using. This helps them understand the activity and avoid unnecessary alerts. 
  • Prepare your security controls. 
    • If you have Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) in place, temporarily allow the tester's traffic to pass. 
    • While real-world attackers have time to bypass these controls, a pen test is limited to a specific timeframe and as such, a limited-time test should focus on identifying as many issues as possible with the time they have. 

How Schellman Can Help with Your External Network Pen Test 

If you're considering Schellman for your external network penetration test, here's what to expect:  

  • We do not perform Distributed Denial of Service (DDoS) attacks. If we find vulnerabilities that could lead to a Denial of Service (DoS) condition, we'll verify them without fully exploiting them. 
  • Only manually verified findings will be included in our report. No false positives. 

Next Steps in Your External Network Pen Test Journey 

An external network penetration test can be hugely beneficial in assessing your current cybersecurity defenses. An internal network penetration test can be equally as helpful in identifying and addressing security vulnerabilities. By simulating a real-world attacker, your security team can uncover weaknesses and help you strengthen your overall security posture.  

However, internal and external tests only find vulnerabilities in internet-facing systems. You may also want to consider additional types of penetration tests:  

If you have additional questions about the process or if you’re ready to explore your pen test options, contact us today. Our team at Schellman would be happy to discuss your environment and answer any questions you have regarding the different types of pen test options available. 

About Josh Tomkiel

Josh Tomkiel is a Managing Director on Schellman’s Penetration Testing Team based in the Greater Philadelphia area with over a decade of experience within the Information Security field. He has a deep background in all facets of penetration testing and works closely with all of Schellman's service lines to ensure that any penetration testing requirements are met. Having been a penetration tester himself, he knows what it takes to have a successful assessment. Additionally, Josh understands the importance of a positive client experience and takes great care to ensure that expectations are not only met but exceeded.