Was wird bei einem externen Pentest getestet?

Bei einem externen Penetrationstest testen wir alle aus dem Internet erreichbaren Systeme und Dienste: Webserver, VPN-Gateways, E-Mail-Infrastruktur, DNS-Konfigurationen, Cloud-Dienste und Remote-Access-Portale. Wir gehen dabei vor wie ein echter Angreifer und nutzen sowohl automatisierte Tools als auch manuelle Techniken.

Brauchen wir eine Genehmigung für den Pentest?

Ja, ein Penetrationstest darf nur mit schriftlicher Genehmigung des Systemeigentümers durchgeführt werden. Wir stellen Ihnen eine Vorlage für die Autorisierung bereit. Bei gehosteten Systemen oder Cloud-Diensten müssen ggf. auch die Nutzungsbedingungen des Providers geprüft werden – dabei unterstützen wir Sie.

Wie unterscheidet sich ein externer Pentest von einem Vulnerability Scan?

Ein Vulnerability Scan ist ein automatisierter Prozess, der bekannte Schwachstellen identifiziert. Ein externer Penetrationstest geht deutlich weiter: Unsere Spezialisten versuchen aktiv, Schwachstellen auszunutzen, Angriffsketten zu bilden und das tatsächliche Risiko zu validieren. Der Pentest findet auch Logikfehler und Fehlkonfigurationen, die kein Scanner erkennt.

External Penetration Test

Test your attack surface from a hacker's perspective

In an external penetration test, we analyze your internet-exposed systems and services from the perspective of an external attacker. The goal is to identify and exploit vulnerabilities before a real attacker does.

What is an External Penetration Test?

An external penetration test simulates a realistic attack on your internet-facing systems. Our specialists proceed just like a real attacker: we first identify all exposed services and systems, analyze their configuration, and systematically search for exploitable vulnerabilities. Unlike an automated vulnerability scan, we rely on manual techniques to uncover complex attack paths and logical flaws.

Every organization with an internet presence has an external attack surface. Whether web servers, VPN gateways, email systems, or cloud services -- every exposed service is a potential entry point for attackers. An external pentest shows you which vulnerabilities are actually exploitable and what risk they pose to your organization.

Regular external penetration tests are also an important foundation for meeting regulatory requirements such as the nFADP, ISO 27001, or industry-specific standards. You receive not only an overview of your current security posture but also concrete recommendations for improving your external defenses.

Who Is This For?

IT Managers & CISOs: Validate the security posture of external infrastructure
Compliance Officers: Meet regulatory requirements (ISO 27001, FINMA, nDSG, NIS2)
Pre-audit organizations: Test external attack surface before certification or client audits

Our Methodology

01

Scoping & Reconnaissance

Defining the test scope and identifying all exposed systems, services, and subdomains.

02

Vulnerability Discovery

Targeted search for vulnerabilities through manual testing and specialized tools.

03

Exploitation & Validation

Controlled exploitation of discovered vulnerabilities to confirm the actual risk.

04

Reporting & Debrief

Detailed report with risk ratings, evidence, and recommendations, followed by a joint debrief of the findings.

What We Test

Exposed Web Servers

Web applications, content management systems, and portals accessible from the internet.

VPN Gateways

VPN endpoints and remote access solutions for vulnerabilities and misconfigurations.

Email Infrastructure

Mail server configuration, SPF, DKIM, DMARC, and protection against spoofing and phishing.

DNS Configuration

DNS zones, subdomains, zone transfers, and potential takeover of dangling DNS records.

Cloud Services

Exposed cloud resources such as storage buckets, APIs, and management interfaces.

Remote Access Portals

Citrix, RDP gateways, webmail, and other externally accessible login portals.

From Our Engagements

Anonymized engagement example

A Swiss trading company. 8 hosts. Access to the internal network within 24 hours.

All critical vulnerabilities closed within two weeks. Retest confirms: no external access to the internal network possible. The major client accepts the result.

Three critical vulnerabilities Internal access demonstrated Fixed in two weeks

Industry: Trading company

Scope: 8 public hosts

Duration: 5 days

A Swiss SME needs an external pentest because a major client requires it as a prerequisite for collaboration. Previous automated vulnerability scans found no critical issues.

Key Findings

Critical Exposed admin panel with default credentials allows access to internal management interface
High Outdated VPN gateway with known vulnerability allows remote code execution without authentication
Medium TLS misconfiguration on mail server allows downgrade attacks

Your Deliverables

Management Summary

A clear summary of the findings for executives and decision-makers, including an overall risk assessment and strategic recommendations.

Technical Report

Detailed documentation of every discovered vulnerability with evidence (screenshots, payloads), technical description, and steps to reproduce.

Risk Ratings

Each vulnerability is rated by severity (CVSS) and business risk, so you can prioritize remediation efforts.

Remediation Guidance

Concrete, actionable recommendations for fixing each vulnerability, prioritized by risk and effort.

from CHF 4,500

Typical duration: 5–10 days

Inquire Now

Why Manual Testing?

✓ 20x More Vulnerabilities: Manual testing finds up to 20x more vulnerabilities than automated scanners.
✓ Business Logic Flaws: Application logic errors that no tool can detect.
✓ Regulatory Requirements: DORA, NIS2, PCI DSS 4.0 explicitly require manual validation.
✓ Zero False Positives: Only confirmed, exploitable vulnerabilities — no noise.