External Penetration Test

The Service

Most institutions scan their perimeter and internal networks for vulnerabilities to see what may be exploitable from the outside. However, today’s cyber-threats are multi-faceted.  Determined attackers utilize all means at their disposal, including social engineering methods like targeted phishing emails, pretext calling, and even physical penetration attempts. Most incidents begin with phishing emails that exploit internal systems when clicked, and the breach spreads from there. How would your network defenses and security team identify and respond to such an attack?

Our External Penetration Test simulates a “real-world” cyberattack on your institution that challenges your team’s monitoring and alerting controls, and provides an opportunity to fine-tune your incident response program.

We perform a “Black-Box Assessment,” which means our security engineer does not have advance knowledge of your infrastructure at the start of the test. Our test mirrors how actual attacks occur, but without the real-world stress or liability. Our Red Team employs the same cutting-edge techniques and strategies used by today’s bad guys to detect and evaluate your security controls.

A Penetration Test does not replace Internal Vulnerability, External Vulnerability, or Social Engineering Assessments, but complements them by enabling you to assess how your layered security controls hold up to a complex and persistent attack.


The Scope of Work

Our External Penetration Test may target any and all of your assets for weak links, which could include any of the following:

  • Email Phishing
  • Phone Calls (Vishing)
  • Cross-site Scripting
  • SQL Injection
  • Internally-developed Applications

Man jumping canyon
Sailor at helm


The 10-D Security Difference
  • We specialize in testing the critical, sensitive infrastructures of financial institutions.
  • Our proprietary tools capture and review key data in a fraction of the time.
  • Our experience with the critical and sensitive infrastructures of financial institutions and other clients gives us the unique knowledge necessary to safely and efficiently maneuver in these environments.
  • We have both Red Team (attacker) and Blue Team (defender) experience, allowing for a more thorough evaluation and more meaningful results.
You would benefit from a 10-D
External Penetration Test if
  • You are ready to test your incident response plan.
  • Your management values a proactive evaluation and the preemptive assurance this test brings.
  • Your incident response team has a “bring it on” attitude and is ready to showcase their razor-sharp detection and defense skills.

Keep your institution off the evening news.


Contact Us