Share

External Vulnerability Assessment & Penetration Testing

External Vulnerability Assessment & Penetration Testing

Securing your public-facing assets and network perimeter

Vulnerability assessments identify security weaknesses in networks, systems, and applications. Vulnerabilities can stem from an unpatched application or operating system, a small misconfiguration in a firewall or router, or unknowingly providing excessive access to a system or a portion of your network.

Adversaries are always looking for easy targets that can be exploited. The impact can be significant and damaging to your business. To ensure your public-facing assets are secure and protected, Canary Trap can undertake an external vulnerability assessment and penetration test of your in-scope assets.

An external vulnerability assessment and penetration test can identify how an adversary can cause harm to your IT systems from outside of your network. Canary Trap will assess the security hygiene of your outward presence, including your perimeter devices, servers, applications and encryption technology. We can target anything that is accessible from the Internet for potential security vulnerabilities. Our external vulnerability assessment and penetration test will shed light on security vulnerabilities and gaps that are in need of remediation.

Canary Trap’s unique approach combines human expertise with automated tools, artificial and threat intelligence to ensure that we take a thorough, in-depth approach to solving this problem.

For more information, please complete our Scoping Questionnaire or give us a call.

Download the Service Brief

Web & Mobile Application Penetration Testing.

  • This field is for validation purposes and should be left unchanged.

The Canary Trap approach

Scope the engagement

Complete the Scoping Questionnaire as a precursor to facilitating a scoping call with one of Canary Trap’s security experts. Canary Trap will draft a fully customized Statement of Work for each engagement. The Statement of Work will articulate our unique Approach and Methodology, In-scope Work Items, Key Deliverables, Roles, Responsibilities, Cost(s) and Timeline associated with undertaking the work effort.

Project kick-off

Upon receiving the signed Statement of Work and corresponding Purchase Order, Canary Trap will move to assign a dedicated Project Manager who will organize the project kick-off call. The project kick-off call will serve to introduce key business stakeholders and set timelines for project milestones. Any outstanding questions will be answered and Canary Trap and the customer will agree to commence testing in full conformance with client requirements and expectations.

Commence testing

 

Canary Trap’s security experts will undertake an external vulnerability assessment and penetration test against in-scope targets. Human expertise is combined with automated penetration testing tools, artificial and threat intelligence to ensure that we take a thorough, in-depth approach to identifying vulnerabilities and security gaps.

We operate in full transparency. You can expect to receive regular status updates and advise on any notable vulnerabilities that present a true and present risk. With Canary Trap, the left hand will always know what the right hand is doing.

Report on findings

 

After testing has been completed, Canary Trap will deliver a Executive Report that includes our detailed findings and any calls to action. We will illustrate exactly how our findings were discovered, how they can be reproduced and recommendations on how to remediate any uncovered issues. Once the identified vulnerabilities have been remediated, Canary Trap can be engaged to retest.

Retest

 

Once the identified vulnerabilities have been remediated you can engage Canary Trap to retest. A retest will ensure that remediation efforts have been effective in resolving any security vulnerabilities and, as such, offer the necessary business assurance.

Upon validating that the identified vulnerabilities have been successfully remediated, Canary Trap will issue a Security Certificate to your organization as proof of your commitment to the security of public-facing asset(s) and network perimeter.

Methodology, tools & certifications

The threat landscape is constantly changing. For every vulnerability identified there exists a multitude of vulnerabilities that remain unknown and lurking. One of the best ways for the enterprise to defend itself from vulnerability exploits is to undertake regular penetration testing of critical networks and assets.

In order for any penetration test to be successful, the security expert(s) must posses the relevant tools and credentials while maintaining a clear understanding of the procedures used to discover any unknown weaknesses in the target environment.

Canary Trap has developed it’s own unique security testing methodology that’s aligned to industry best practices. We come armed with the tools, techniques and expertise to deliver a high quality engagement.

Tools

  • Port Scanners
  • Network-based Vulnerability Scanners
  • Host-based Vulnerability Scanners
  • Application Scanners
  • Web Application Assessment Proxy
  • NMAP
  • Metasploit
  • Wireshark
  • W3AF
  • John the Ripper (JTR)
  • Threat Intelligence

Certifications

  • Certified Security Analyst (ECSA)
  • Certified Network Defender (CND)
  • Offensive Security Wireless Professional (OSWP)
  • Offensive Security Certified Professional (OSCP)
  • Certified Ethical Hacker (CEH)
  • Web Penetration Tester (EWPT)
  • Scrum Master Certified (SMC)
  • Pentest+
  • Comptia Advanced Security Practitioner (CASP+)
  • Cybersecurity Analyst (CYSA+)
  • Security+

The benefits of security testing

There are numerous benefits of employing security testing:

 

1.) Detect and remediate security gaps

A penetration test aims to identify how an adversary can successfully attack and compromise your organizations applications, networks, users and endpoints from exploiting unknown internal and external vulnerabilities. A penetration test can identify unknown vulnerabilities that can be exploited to break your security controls in order for the adversary to achieve privileged or unapproved access to your mission and business critical assets. The results emanating from security testing will either confirm that there exists a legitimate threat posed by particular security vulnerabilities or faulty processes -or- conversely determine that no such gaps exist. When vulnerabilities are identified, IT management and security experts can begin to undertake remediation efforts. Organizations can more efficiently anticipate emergent security threats and avoid unauthorized access to crucial information and critical systems through executing regular and complete penetration testing.

2.)  Meet audit and compliance requirements 

IT departments are often asked to address the overall audit and compliance requirements presented by regulations such as HIPAA and PCI-DSS and report testing outcomes to the appropriate authority. The executive report produced by Canary Trap at the end of every penetration testing engagement can assist organizations in evading substantial penalties for non-compliance. Regular penetration testing will illustrate ongoing due diligence and commitment to best practice security by maintaining required security controls and presenting them to assessors, auditors, business partners and clients.

3.) Circumvent the time and cost associated with loss of business continuity

Recuperating from a security breach can be time consuming and expensive. Recuperation may include IT remediation efforts, retention programs, customer protection, legal activities, reduced revenues, dropped employee output and loss of brand reputation. Penetration testing supports an organization to evade these financial setbacks by proactively detecting and addressing threats before security breaches or attacks take place.

4.) Protect customer loyalty and company image

Even a single occurrence of compromised customer data can destroy a company’s brand and negatively impact its bottom line. Penetration testing helps an organization avoid data incidents that may put the company’s reputation and reliability at stake.

5.) Service disruption and security breaches are expensive

Security faults and any associated disruptions in the performance of applications or services may cause debilitating financial harm, damage an organization’s reputation, irrevocably damage customer loyalties, generate negative press, and incur unanticipated fines and penalties. A regular cadence of penetration testing mitigates the risk of such events.

Ready to get started?

We’ve made it easy!

Contact us today by sending us a quick note or get a head start by submitting our online Scoping Questionnaire.

  • This field is for validation purposes and should be left unchanged.

Submit the External Vulnerability Assessment & Penetration Testing Questionnaire