External Penetration Testing Services

Assess your organisation’s public facing infrastructure, including web servers, firewalls, and cloud services with our external infrastructure penetration testing services.

Our UK-based team of certified ethical hackers use a combination of automated tools and manual techniques to simulate real-world attacks, ensuring that your systems are secure against evolving cyber threats.

What Our External Testing Includes

External penetration testing involves an assessment of your organisation’s public facing infrastructure, including web servers, firewalls, and cloud services. This type of testing is crucial for identifying vulnerabilities that could be exploited by attackers who are attempting to gain access to your systems from the outside.

Asset Discovery and Enumeration

We enumerate and discover your public facing assets, including servers, firewalls, and cloud services.

To achieve this we use a combination of automated tools and manual techniques to ensure the breadth and depth of coverage you deserve.
!Font Awesome Free v7.1.0 by @fontawesome – https://fontawesome.com License – https://fontawesome.com/license/free Copyright 2025 Fonticons, Inc.

Vulnerability Detection and Analysis

We perform manual vulnerability enumeration, supplemented with automated vulnerability scans to identify weaknesses in your infrastructure components.

This includes identifying outdated software, misconfiguration, and other common security issues that could be exploited by attackers.
!Font Awesome Free v7.1.0 by @fontawesome – https://fontawesome.com License – https://fontawesome.com/license/free Copyright 2025 Fonticons, Inc.

Exploitation and Lateral Movement

We attempt to exploit discovered vulnerabilities to validate their existence and assess the real-world impact.

This includes testing for privilege escalation pathways and lateral movement opportunities within your network.

Manual Testing

We perform manual probing and analysis of exposed services, including web services, DNS, mail, and any other services that are detected during testing.

With each service we identify the version of the software and perform further analysis to identify vulnerabilities and potential exploits.
!Font Awesome Free v7.1.0 by @fontawesome – https://fontawesome.com License – https://fontawesome.com/license/free Copyright 2025 Fonticons, Inc.

Unauthorised Access

Where services are exposed that provide authentication functionality we can perform brute force or credential-stuffing attacks to identify potential weak, default, or reused authentication credentials.

Through this we can determine if there are any weaknesses with brute force mitigation controls.

Detailed Reporting

We provide detailed executive and technical reports that include a summary of findings, technical details, and actionable recommendations for remediation.

Our reports are tailored to both technical and non-technical stakeholders, ensuring clarity and understanding.

Pricing

From

£1900

excl VAT

We offer straightforward packages for common requirements and flexible day-rate pricing for bespoke or complex work.

Our packages can provide price certainty and fast scheduling; bespoke engagements (from £950/day) are available to allow us to tailor resource and depth to match your risk profile. Final quotes are provided following a short scoping call and discussion of your requirements.

Standard External Pentest

For organisations with smaller attack surfaces.

Ideal for:

Up to 50 public IPs / cloud assets
Single perimeter environment (e.g., one cloud tenant or DC)
Manually-driven service enumeration and exploitation attempts
Ideal for organisations with a modest but real attack surface

Advanced External Pentest

For larger attack surfaces

Ideal for:

Up to 150 public IPs or mixed cloud/on‑prem footprint
Multiple domains, cloud services, or exposed admin interfaces
Manual exploitation of externally reachable services
Threat-led testing targeting foothold opportunities
Ideal for companies with distributed or cloud-integrated infrastructure

Enterprise External Pentest

For enterprise-level attack surfaces with diverse assets

Ideal for:

More than 150 public IPs, multi-tenant cloud presence, multiple environments
Deep manual inspection of exposed services, authentication flows, and proprietary interfaces
Targeted exploitation to achieve an external foothold
Ideal for enterprises with complex, sprawling external estates
Can include cloud IAM attack surface review (Azure AD / AWS IAM)

Request a free quote

Our team are on hand to discuss your security requirements and provide an engagement scope that meets your needs.
Speak with our security team directly
Experts in providing thorough coverage
Professional services you can trust

Collaborative Vulnerability Remediation

Gain complementary access to the Attack Surface Center platform with your penetration test to manage your vulnerabilities, assets, and track remediation progress.

  • Asset Discovery & Vulnerability Management
  • Automated Vulnerability Scanning
  • Custom and AI-Powered Reporting
  • Risk Management
  • AWS, Slack, GitHub and many more Integrations