The Exploit

Notes from the Front Lines of Penetration Testing

Category: Security Recommendations

Get actionable cybersecurity advice from Raxis experts. Explore best practices, tips, and recommendations to strengthen your organization’s security.
  • Password Length: More than Just a Question of Compliance
    Password Length: More than Just a Question of Compliance

    By

    Brian Tant
    Password length requirements are a key part of password security, but, with PCI, NIST, OWASP, and CIS offering different recommendations, what length is best?
    Read More
  • SOC 2 Compliance
    SOC 2 Compliance: Is it Right for Your Organization?

    By

    Bonnie Smyre
    SOC 2 is a compliance and privacy standard that outlines how to manage customer data & related systems to ensure confidentiality, integrity, and availability.
    Read More
  • Raxis Achieves SOC 2 Type 2 Compliance
    Raxis Achieves SOC 2 Type 2 Compliance

    By

    Mark Puckett
    We are thrilled to announce that Raxis has successfully achieved SOC 2 Type 2 compliance, providing assurance to our clients that their data is handled securely
    Read More
  • You See a Wireless Mouse. We see an easy way in.
    What to Expect with a Raxis Wireless Penetration Test

    By

    Scottie Cole
    Wireless attacks are typically low-risk, high-reward opportunities that don’t often require direct interaction. See more about a wireless penetration test.
    Read More
  • Simultaneous Sessions
    Why We Take Simultaneous Sessions Seriously on Penetration Tests

    By

    Raxis Research Team
    Raxis Lead Penetration Tester Matt Dunn explains why you simultaneous sessions is a significant finding on a penetration test.
    Read More
  • CIS vs. NIST
    CIS vs. NIST: Understanding Cybersecurity Standards and Frameworks

    By

    Brian Tant
    Raxis’ CTO Brian Tant discusses two important gap analysis tools security professionals use to assess cyber defenses: CIS 18 and NIST 800-53.
    Read More
  • Why they're not the same: Vulnerability Scans and Pentests
    Chained Attacks and How a Scan Can Leave You Vulnerable

    By

    Tim Semchenko
    Vulnerability scans are useful tools for protecting your network. Find out why you shouldn’t rely on them exclusively.
    Read More
  • Metasploit Module: Azure AD Login Scanner
    New Metasploit Module for Penetration Testing: Azure AD Login Scanner

    By

    Raxis Research Team
    Raxis’ Matt Dunn has published another Metasploit module, this one describing a vulnerability in Azure’s Active Directory Seamless Single Sign-on. Learn more here.
    Read More
  • Introduction to Cross-Site Scripting
    Introduction to Cross-Site Scripting

    By

    Raxis Research Team
    This video covers the basics of cross-site scripting, including reflected, stored, and DOM-based XSS as well as remediation to protect against these attacks.
    Read More
  • Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156
    Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156

    By

    Raxis Research Team
    Nagios is open-source network and system monitoring software. Raxis’ Matt Dunn has discovered a cross-site scripting vulnerability that could leave users open to attack.
    Read More
  • Cookie Jar
    Keep Your Cookies in the Cookie Jar: HttpOnly and Secure Flags

    By

    Raxis Research Team
    How can cookies be used against you? And how do you keep that from happening? Raxis’ Matt Dunn explains.
    Read More
  • Scottie in 2004 on Navarre Beach in the wake of the Hurricane Ivan
    Hurricane Ida: Limiting the Damage

    By

    Scottie Cole
    Lead penetration tester Scottie Cole is a Gulf Coast resident and former first responder. Read his tips for avoiding hackers and scams that can be as costly as a natural disaster.
    Read More