TrollEye Security

Menu

Our process

We arm you with a clear perspective on the risks facing your organization, so you can more effectively tailor your cyber security program, optimize your technology, and plan future investments to address cyber security risk successfully.

Our process is simple; you continue to build and manage applications and infrastructure while we leverage the Four Pillars of Cyber Risk Management to provide you with continuous cybersecurity.

As we find vulnerabilities, our team of expert Penetration Testers analyze and exploit these vulnerabilities in a controlled manner. As soon as a Penetration Tester opens a finding, you are immediately notified via your preferred communication channel.

Process

HOW IT WORKS

  • Identify external points of access to your networks, in the same manner as a real- world attacker would.
  • Identify vulnerabilities in the scoped systems and applications.
  • Utilize cutting edge tools and techniques to validate discovered vulnerabilities and determine their overall impact.
  • Identify potential vulnerabilities in network and application access controls, firewalls, routers, and the designed network topology, even if they do not immediately provide access to the internal network.
  • Determine if it is possible to exploit the identified vulnerabilities and the network design and topology to gain access to sensitive data within your systems and applications.
  • Partner with your team to make sure every application is built with a strong foiundation in security.
  • Depending on your organization's needs, use on or all four pillars to identify, and mititgate vulnerabilities for the best Cyber Risk Management.

What to Expect

The major steps of the vulnerability and penetration assessment are:

  • Information gathering
  • Vulnerability assessment
  • System penetration
  • Expansion of penetration(Pivoting to other systems – when applicable in scope)

In some cases, vulnerabilities of one or more components may be exploited to provide stepping-stones to exploit other components. In this way, it can be determined if two or more minor vulnerabilities can be combined to create a much greater risk of intrusion.

Though the specific tests vary based on the topology and exposed systems making up a gateway network, the overall methodology is described in the following sections.