External Attack and Penetration Testing

Penetration Tests are an important part of any security program.

During an External Attack and Penetration assessment, SecureState will attempt to breach your organization acting as unauthorized outside user. SecureState will attempt to exploit weaknesses in both your externally facing systems and your users' security awareness with the ultimate goal being a compromise of your networks and data.


External Attack and Penetration Assessments must be conducted to achieve compliance with a multitude of regulations and standards that industries face, including the Payment Card Industry Data Security Standard (PCI DSS). Additionally, these assessments detect weaknesses in a system or network that could allow a compromise. They can also be used to test an organization’s external monitoring and Incident Response capabilities.


SecureState’s team is comprised of nationally renowned ethical hackers. We recruit heavily from military intelligence, law enforcement, big X consulting, and the financial sector. Our team works hard to stay at the forefront of penetration testing, security assessment technology, and business trends through training, education, and speaking. SecureState experts have regularly spoken at major security and hacker conferences including, Defcon, ShmooCon, OWASP, AppSec DC, Hackers on Planet Earth, DerbyCon, Toorcon, Notacon, and Black Hat USA.

Approach and Methodology

During an External Penetration Test, SecureState can take the perspective of a known or unknown external threat to your organization. SecureState can build a footprint of your organization using Open Source Intelligence (OSINT), Domain Name System (DNS) reconnaissance, and other techniques in order to identify all logical assets that belong to the organization. SecureState can then map the accessible services on each system and identify any vulnerabilities associated with them.

During the attack phase, SecureState attempts to breach your organization using the same tools and techniques employed by hackers in real world attacks. Common targets can include web applications, email and VPN solutions, and human assets through Social Engineering attacks. The end result is a highly comprehensive, realistic attack against your organization.

If successful, SecureState will then attempt to use the established foothold to compromise additional systems and networks while hunting for information sensitive to your organization. This is the most important, and yet most often overlooked, phase of a penetration test because it effectively demonstrates the impact that a breach would have on your organization. Common targets in this phase are credit card numbers, Social Security numbers and other personal information, medical information, and proprietary information to your organization (such as source code, or internal methodologies and formulas).

In the final deliverable, SecureState will provide detailed information for each vulnerability uncovered, including suggested remediation or mitigation steps. Finally, SecureState will provide a detailed step-by-step account of the breach (referred to as, "Vulnerability Linkage Theory") which explains how several less severe vulnerabilities can be linked together to achieve a complete compromise.

Get Started!