External IT Infrastructure Penetration Test
Diese Seite ist auch auf Deutsch verfügbar.
An External IT Infrastructure Penetration Test assesses your internet-facing systems (servers, VPNs, mail, remote access) for exploitable vulnerabilities and exposure that an attacker could use to gain a foothold.
If your system is exposed to the internet, it could potentially be hacked by anyone. Okay, I exaggerate a bit, but I think you understand. Vulnerabilities in your external infrastructure can lead to very bad press and threaten your customers’ personal information. So, it’s better to check once more.
Scope
This test can focus on a range of externally accessible IPs. Another approach is to collect information about your external attack surface, meaning what information can an attacker find out about your company and which services are exposed (that you might not even know about). These are the main focus points of the test:
- Detection of vulnerabilities in your external infrastructure
- Identification of outdated software and used libraries
- Check for missing hardening measures that can protect you in case there is a vulnerability
- Publicly exposed sensitive information
- Insecure configuration of services
Why
- Do you even know all the services that are exposed to the internet?
- Are you sure you are not unintentionally leaking sensitive data?
- Did you apply all the additional security measures that can prevent attacks?
- Are all your services configured according to best practices?
Why VidraSec 🦦
I have over 6 years of experience in penetration testing and red teaming. In this time, I have seen many different systems and found a lot of vulnerabilities. Fun fact: in all this time, there have been worse and better systems, but there has never been a system without any vulnerabilities. Let’s improve your security together!
Typical Duration
2+ days of testing (heavily scope-dependent — depends on the number of IPs and services in scope). Reporting takes roughly 30–50% of the test time on top.
Typical Price
from 4,200 €
The final price depends on the scope of the project and the maturity level of your IT security. It is calculated individually based on the required effort.
Deliverables
Every engagement includes:
- Written findings report with all vulnerabilities, prioritized by severity, with remediation steps
- Management summary tailored to your audience (technical or executive)
- Live debriefing to walk through findings and answer questions
- Retesting after remediation available on request
See example reports for what a VidraSec report looks like.
Compliance
Directly relevant for NIS2 (Article 21), ISO 27001, and GDPR — exposure of internet-facing services can directly risk customer personal data.
Frequently asked questions
What is the difference between an external and an internal penetration test?
An external penetration test attacks your perimeter from the internet, the way an outside attacker would. An internal penetration test simulates an attacker who already has a foothold inside the network. Many organizations combine both to cover the full attack chain.Will the test affect our live systems?
Testing is conducted carefully to avoid disruption. Potentially intrusive checks are coordinated with you in advance, and a contact is kept available during testing so anything unexpected can be paused immediately.How long does an external penetration test take?
From around 2 days, heavily dependent on the number of IPs and services in scope, plus roughly 30 to 50 percent of that time for reporting.How much does an external penetration test cost?
From 4,200 euros. The final price depends on the number of systems in scope and is calculated individually based on the required effort.martin@vidrasec.com | +43 670 3081275 | +43 670 3081275 | Book appointment |