Call to Learn About Our Security Services
(888) 435-3023

External Penetration Testing

IT Security various compliance guidelines and regulations (PCI, HIPAA, GLBA, etc.) require organizations to conduct independent testing of their Information Security Policy, to identify vulnerabilities that could result in a breach leading to illegal disclosure, misuse, alteration, or destruction of confidential information, including protected and private personal information. Internet facing systems (website, email servers, etc.) of your organization’s network are constantly exposed to threats from hackers. Millions of personal records, including credit cards, have been compromised due to security breaches. The vast majority of these breaches were the result of hackers.


Businesses that store or pass private data, as a matter of best practice or requirement, should perform quarterly external penetration testing in addition to regular security assessments to monitor and maintain the security of their internal and external network. External penetration testing differs from a vulnerability assessment in that it actually exploits the vulnerabilities to determine what information is actually exposed to the outside world. An external penetration test mimics the actions of att

acker exploiting weaknesses in network security and recording the issue..

True Defense’s external penetration testing follows documented best practices security testing methodology which includes:

  • External Network Scanning
  • Port Scanning
  • Services Probing
  • Vulnerability Testing
  • System Fingerprinting
  • Firewall and ACL Testing
  • Intrusion Detection Testing
  • Password Policy Testing

Internal Penetration Test

As with the external penetration testing, IT Security compliance guidelines and regulations (PCI, HIPAA, GLBA, etc.) require organizations to conduct regular testing of their Information Security Policy to identify vulnerabilities that are out of policy (and compliance) that could result in a security breach. The internal network (file servers, workstations, etc.) of the organization are exposed to threats such as external intruders breaching perimeter defenses or malicious internal users attempting to access or damage sensitive information or IT resources.


While similar to external testing, this test examines internal IT systems for weakness that could be used to disrupt the integrity and availability of the network, thereby allowing the business to address each weakness. True Defense can perform this testing both onsite and/or remotely.



True Defense’s internal penetration test includes:

  • Internal Network Scanning
  • Administrator Privileges Testing
  • Password Aging and Strength Testing
  • Network Equipment Configuration Testing
  • Database Security Controls Testing
  • Known Trojan/Hacker Ports
  • Device Configuration Testing
  • Port Scanning
  • System Fingerprinting
  • Services Probing
  • Vulnerability Testing
  • Configuration Weakness
  • Application Layer Testing
  • Firewall and ACL Testing