• Français
  • English

External Pentest

Do you want to assess the security of your online assets by impersonating an attacker in possession of limited information on your environment: IP addresses (Black box mode) and user account(s) on accessible services (Grey box mode)?

Talk to our experts

Main challenges

Numerous services other than web applications can be proposed and made accessible online: VPN accesses, administration platforms, email servers, file storage services, even databases. Hence various threats exist: taking control of a server, theft of a customer database, intrusion on the company internal network… and putting in place relevant protections may be challenging, for example:
  • Making sure only the selected services are accessible online: IP filtering, FW rules, initial authentication…
  • Making sure the exposed services are up to date and cannot be easily compromised
  • Using a robust enough configuration to avoid specific attacks on those services
  • Checking the authentication mechanisms and prevent intrusions caused by the use of weak passwords
  • Detecting potential attacks: Exploitation, brut force…

Our solutions

Quarkslab external pentests enable to address the different challenges exposed here, particularly by:
  • targeting network, system and applicative levels
  • using dedicated tools in addition to manual tests and to our permanent technology watch to identify vulnerabilities exposed
  • establishing combined attack scenarios
  • complement our external assets discovery offer in order for you to have a global vision of your level of online exposure and protection

Resources

Ready to secure
your assets?

To access the main works
realized by our teams