--- title: Assessment Methodology type: methodology scope: external-only url: https://proxoffensive.com/methodology --- # Assessment Methodology How we conduct External Exposure Audit Sprints. ## Core Principles - **Authorization Required:** We do not conduct any testing without explicit written authorization from the asset owner. No exceptions. - **External-Only Scope:** We focus exclusively on externally-visible attack surface. We do not attempt internal network access, social engineering, or physical security testing. - **No Exploitation:** We validate vulnerabilities through evidence collection, not exploitation. We confirm issues exist without causing damage or accessing sensitive data. - **Evidence-Based Reporting:** Every finding includes proof (screenshots, headers, DNS records, or tool output) so you can verify and reproduce results. ## Testing Approach Our methodology combines passive reconnaissance with active validation: **Phase 1: Passive Reconnaissance** DNS enumeration, certificate transparency logs, WHOIS analysis, subdomain discovery, technology fingerprinting. No direct interaction with target systems. **Phase 2: Active Validation** Port scanning, service identification, version detection, configuration analysis. Direct but non-intrusive interaction with in-scope systems. **Phase 3: Vulnerability Identification** Analysis of exposed services, outdated software, misconfigurations, sensitive data exposure, and authentication weaknesses. **Phase 4: Prioritized Reporting** Findings categorized by business risk, with clear remediation guidance and evidence for each issue. ## Notification Protocol If we discover a critical vulnerability during testing — something actively exploitable that poses immediate risk — we notify you within 24 hours, before the final report. ## Scope Boundaries External-only testing has inherent limitations. Our assessments do not include: - Internal network vulnerabilities - Application-layer logic flaws (requires authenticated testing) - Social engineering or phishing simulation - Physical security assessment - Source code review - Wireless network testing If you need coverage beyond external reconnaissance, we can discuss expanded scope or recommend appropriate partners. ## Data Handling - Assessment data is encrypted in transit and at rest - Findings are retained for 90 days post-delivery, then securely deleted - We do not share client data with third parties - NDA available upon request prior to engagement ## Contact Email: contact@proxoffensive.com All assessments require written authorization.