External vulnerability assessment is the best fit for assets exposed over public networks hosting public services. It is done from outside the target network and thus helps simulate the actual scenario of a real attacker attacking the target. The primary intent behind conducting the external vulnerability assessment is to uncover potential weaknesses in the security of the target system, as illustrated in the following diagram:

An external vulnerability assessment is mainly focused on the servers, infrastructure, and the underlying software components related to the target. This type of testing will involve in-depth analysis of publicly available information about the target, a network enumeration phase where all active target hosts are identified and analyzed, and the behavior of intermediate security screening devices such as firewalls. Vulnerabilities are then identified, verified, and the impact gets assessed. It is the most traditional approach to vulnerability assessment.