Security Analysis and Penetration Testing

Are your company's servers, systems and products secure? You have valuable intellectual property and resources that hackers would like to steal, sell or leverage for their own purposes. New vulnerabilities are being found daily, and the only chance you have of staying a step ahead of the hackers is to have regular vulnerability assessments and penetration tests.

We specialize in hacking IoT and infrastructure devices and systems, reverse-engineering hardware and software, and using compromised devices to further test your network.

Our Typical Pen Testing Process

We simulate the process and attacks that malicious actors follow:

  1. We conduct open source intelligence (OSINT) gathering in order to learn as much as possible about your company, software, employees, vendors, partners and your systems before we connect to any of your systems or contact any of your personnel.

  2. Once we know everything that we can about your company and your network, we then scan your network to determine your attack surface and verify our OSINT gathering results.

  3. We then launch vulnerability scans using multiple vulnerability scanners, and investigate the findings to determine if any known exploits are available for those exploits. We then prioritize our attacks based on the importance of the system to your business.

  4. Our exploitation team then crafts exploits and tests them against your systems at every level (OS, service, application, web application, etc.) in order to verify that the vulnerabilities that we discovered are actually exploitable. We also build custom exploits against systems based on our experience and industry knowledge, focusing primarily on the SANS Top 25 and OWASP Top 10 lists for classes of software defects.

  5. If we can exploit a system, we evaluate the impact of the exploit on the confidentiality, integrity and availability of the system, data, and your business processes.

  6. We then attempt to leverage additional vulnerabilities in order to escalate an attack in order to increase its effectiveness or impact.

  7. Finally, we report our findings to you, complete with a risk ranking in accordance with NIST 800-30 Rev. 1 "Guide for Conducting Risk Assessments". The risk assessment describes the risk, how it is exploited, what the effect is, and how significant the risk is to your business. The risk ranking allows you to quickly identify which vulnerabilities are the most critical so that you can prioritize fixing the most critical ones first.

Albuquerque Software's Red Team consists of cybersecurity and security research experts and industry-certified ethical hackers who stay up-to-date on the most recent attack vectors, vulnerabilities, and exploits. We take part in engagements as short as 1 week or on continual contract to augment your internal IT staff.

(ISC)2 Certified Information System Security Professional

(ISC)2 Certified Information System Security Professional

EC-Council Certified Ethical Hacker (CEH)

EC-Council Certified Ethical Hacker

Certified EC-Council Instructor (CEI)

Certified EC-Council Instructor

Would you like to know more? Please contact our sales team at (505) 720-4939 or sales@abqsoft.com.