Level 1 involves detailed scanning of the external address range, the identification fo systems found (operating system, applications, ports open), and identifies all weaknesses found by this method. Systems will be scanned with more than one scanning tools to ensure the correct identification of systems and weaknesses.

Level 2 - Detailed checking of weaknesses

In level 2, all weaknesses identified by a level 1 scan are further checked to determine what information is leaked to the outside world, or how these weaknesses could be exploited for further penetration of the network. All information discovered (passwords etc.) will be handed over the customer.

Level 3 - Use weaknesses to gain access to company systems

At level 3 the penetration team will attempt to use the information found in level 2 to determine exactly what a hacker could achieve by using the found information. To demonstrate to what level the penetration test actually find access to the customer network, pre arranged "calling cards" may be left on system, or example documents copied for presentation in the final report.