Raxis Penetration Testing
Raxis performs over 300 penetration tests a year by making an actual hack attempt against your systems using manual testing techniques, including code exploitation and exfiltration of data. While we use a variety of tools and custom scripts in the course of our work, Raxis only performs manual penetration testing using a highly qualified US based penetration tester. Our penetration testing reports are manually written and screenshots provided are from actual evidence.
External manual penetration testing performs actual hacking attacks against your internet presence to the highest level of detail, including every application and port.
Internal manual penetration testing attacks your internal defenses as a rogue employee, contractor, or other third party.
Raxis provides extreme focus on hacking your web application to determine if there are coding errors that could cause privilege escalation or a data breach.
Raxis will attempt to breach your wireless network controls, including the setup of a cloned access point to obtain user password hashes.
Raxis performs extensive manual testing of web service calls using real-world hacking techniques to ensure input controls are operating as they should.
Using the developer API, rooted devices, and MITM proxies, Raxis will attempt to abuse and extract critical data from your mobile application.
How does Raxis perform a Penetration Test?
Raxis only performs fully manual penetration testing. We apply the same hacking concepts, custom tools, and professional grade software used by the adversarial hackers located across the globe. By using the same formula, Raxis is able to achieve similar results as to what would be found by an actual unethical hacking group. This includes breaching multiple machines through a series of pivots and subsequently gaining access to critical data for exfiltration.
"Raxis obtained Domain Admin, cracked most of the hashes in our domain, and even transferred funds in our banking application. Unbelievable."
-CISO, Undisclosed Financial Institution
While it is not possible to guarantee we will breach your network, Raxis has an 85% success rate for internal penetration testing. In addition, Raxis still has the same 85% success rate when combining the External Penetration test with Social Engineering. Configuration errors are the main reason that Raxis gains unauthorized access to at least one system in nearly every engagement.
Penetration testing is a vital component of a full security audit and is also known as Pentesting, Red Team Testing, or ethical hacking. Although a good practice to follow with any system, generally these types of tests are performed as required by regulatory standards such as the Payment Card Industry Data Security Standard (PCI-DSS). PCI-DSS requires annual and ongoing penetration testing after system changes. We'll work with you to determine the right steps, scope, and deliverables that are necessary to fit your needs.
A solid report is certainly the goal, and a Raxis report will prove to be invaluable in remediation of the findings with your staff.
Remediation of elements found in your penetration test is actually easier with a Raxis report. Using the risk ratings, it will be simple to determine what order should be taken in applying the fix. A step by step guide that will be applicable to your exact environment is provided for each finding. This will not only save you time, but also will ensure that the issues are remediated correctly.
Remote Penetration Testing
Raxis Transporter provides an easy to deploy (and remove) connection to our manual penetration testers and incident response team.