Schellman's External Network Penetration Testing Methodology
Our objective is to identify potential weaknesses that can be exploited by attackers and provide recommendations for improving your security posture.
Specific facets of our external penetration process include:
We’ll scan your network to identify open ports and services that are exposed to the Internet. We’ll test all discovered TCP ports and the most common UDP ports on in-scope hosts.
An unauthenticated scan is always our first step—the scanner will not be given any authentication when it searches for vulnerabilities. We may also perform subsequent scans that include the credentials discovered.
Manual Testing and Verification
Manual attacks are those that the penetration tester performs while looking for a specific weakness, or which require continual modifications to get the expected results. Unlike a vulnerability scan, which may run for hours before yielding results, manual attacks typically provide the penetration tester instant feedback on the success or failure of an attack.
Additionally, some test cases cannot be tested adequately by automated scanning.