We attack your public-facing systems the same way a real threat actor would, from the internet, with no inside information. Manual exploitation. Findings you can act on.
An external penetration test starts from the same position a real attacker does: outside your network, on the internet, with nothing but what's publicly visible. We look for every way in that a threat actor could exploit.
This isn't automated scanning with a report attached. We use tools to find targets, then we manually attempt to exploit what we find. Vulnerabilities that scanners flag but can't confirm as exploitable, we test by hand. The report reflects what we could actually do, not what a tool guessed might be possible.
Typical turnaround is 5 to 10 business days from testing start to report delivery, depending on scope.
If your business can be reached from the internet, an attacker can try to get in. External testing tells you what they'd find.
Starting price covers a standard scope: up to 5 external IP addresses or domains, or one web application. We confirm exact scope and pricing on the scoping call before any work begins.
Larger scopes, web application testing across multiple applications, or compliance-formatted report requirements affect final pricing. We'll tell you exactly what to expect before you commit.
Not sure if you need a full pentest? A vulnerability scan starts at $1,000.
Request a quote and we'll follow up within one business day to confirm scope, answer questions, and get your engagement scheduled.