Our external penetration testing methodology identifies security vulnerabilities by simulating the real-world threat of an attacker attempting to exploit target networks and applications. These zero, partial, or full knowledge assessments begin with the discovery of externally identifiable systems and footprinting of designated networks and applications. Next, vulnerability scans are conducted using automated tools and the findings are manually verified. The team also enumerates the access control lists of firewalls and other perimeter security devices in order to pinpoint potential security exposures. Exposed applications are scanned and tested using a combination of automated tools and manual techniques. Finally, the team performs further manual identification and exploitation of any vulnerabilities in an attempt to penetrate the targets and gain access to sensitive data, critical functionality, and the underlying infrastructure.