Skip to content
Raxis
  • Home
  • Services
      Red Team Penetration Testing
    • Red Team
    • Breach and Attack Simulation
    • Phishing and Spear Phishing
    • Physical Penetration Testing
      • Penetration Testing
    • Penetration Testing Services
    • Raxis Attack: Penetration Testing as a Service
    • Web Application Penetration Testing
    • API Security
    • Salesforce Applications
    • Internal Networks, Cloud, and VPC
    • External Networks and Internet
    • Wireless Networks
    • Mobile Applications
      • Cybersecurity Services
    • Elite Cybersecurity Services
    • Attack Surface Management
    • Cybersecurity Code Review
  • Industries
      Critical Infrastructure
    • Energy
    • Communications
    • Transportation
    • Water
      • Compliance Driven
    • Credit Card Industry (PCI)
    • Healthcare (HIPAA, FDA)
    • SOC 2
    • Education
    • Finance and Banking
    • GLBA Safeguards Rule
    • Government Agencies
    • Manufacturing
      • Technology
    • Technology and Software Development
    • Blockchain and Cryptocurrency
    • Media and Entertainment
    • Social Media
  • Resources
      Company Information
    • About Raxis
    • Become a Raxis Partner
    • Careers
    • Certifications
    • Meet Our Team
    • Signup for Raxis News
      • Resources
    • The Exploit Blog
    • Raxis One
    • Red, Blue, and Purple Teams
    • Penetration Test Glossary
    • Transporter Remote Pentesting
    • What is a Penetration Test?
  • The Exploit Blog
  • About Us
Contact Raxis Login
Raxis
Contact RaxisIcon Link to Contact Raxis
  • Home
  • Services
      Red Team Penetration Testing
    • Red Team
    • Breach and Attack Simulation
    • Phishing and Spear Phishing
    • Physical Penetration Testing
      • Penetration Testing
    • Penetration Testing Services
    • Raxis Attack: Penetration Testing as a Service
    • Web Application Penetration Testing
    • API Security
    • Salesforce Applications
    • Internal Networks, Cloud, and VPC
    • External Networks and Internet
    • Wireless Networks
    • Mobile Applications
      • Cybersecurity Services
    • Elite Cybersecurity Services
    • Attack Surface Management
    • Cybersecurity Code Review
  • Industries
      Critical Infrastructure
    • Energy
    • Communications
    • Transportation
    • Water
      • Compliance Driven
    • Credit Card Industry (PCI)
    • Healthcare (HIPAA, FDA)
    • SOC 2
    • Education
    • Finance and Banking
    • GLBA Safeguards Rule
    • Government Agencies
    • Manufacturing
      • Technology
    • Technology and Software Development
    • Blockchain and Cryptocurrency
    • Media and Entertainment
    • Social Media
  • Resources
      Company Information
    • About Raxis
    • Become a Raxis Partner
    • Careers
    • Certifications
    • Meet Our Team
    • Signup for Raxis News
      • Resources
    • The Exploit Blog
    • Raxis One
    • Red, Blue, and Purple Teams
    • Penetration Test Glossary
    • Transporter Remote Pentesting
    • What is a Penetration Test?
  • The Exploit Blog
  • About Us

Cybersecurity Insights From The Frontlines

  • The Growing Threat: Attackers Using GitHub Repositories as Malware Staging Mechanisms
    Exploits | In The News | Security Recommendations | Web Apps

    The Growing Threat: Attackers Using GitHub Repositories as Malware Staging Mechanisms

    ByBrian Tant January 21, 2026January 13, 2026

    Recent attacks, including GitVenom and Lumma Stealer, underscore the threat of Attackers using GitHub repositories as malware staging mechanisms.

    Read More The Growing Threat: Attackers Using GitHub Repositories as Malware Staging MechanismsContinue

  • Cross-Site Scripting (XSS): Cookie Theft - Advanced Payloads
    Exploits | How To | Web Apps

    Cross-Site Scripting (XSS): Cookie Theft – Advanced Payloads

    ByRaxis Research Team December 18, 2025November 21, 2025

    We reached into our vaults to bring you the final video in our cross-site scripting (XSS) series. Learn about cookie theft, website defacement, and CSRF attacks.

    Read More Cross-Site Scripting (XSS): Cookie Theft – Advanced PayloadsContinue

  • OWASP Top 10
    In The News | Web Apps

    OWASP Top 10 for 2025: What’s New in Web Application Security

    ByRaxis Research Team November 20, 2025November 14, 2025

    The OWASP Top 10 2025 for web applications release candidate was released last week. Take a look at which categories have moved as well as one new category.

    Read More OWASP Top 10 for 2025: What’s New in Web Application SecurityContinue

  • HTTP/1.1 Security News: What You Can Do Now
    In The News | Web Apps

    HTTP/1.1 Security News: What You Can Do Now

    ByJason Taylor September 16, 2025November 25, 2025

    A recent Portswigger white paper on HTTP/1.1 highlights critical security issues. If you use old products that still require it, here’s what you can do.

    Read More HTTP/1.1 Security News: What You Can Do NowContinue

  • Dangers of Storing Sensitive Data in Web Storage: 5 Real Attack Scenarios
    Exploits | Penetration Testing | Security Recommendations | Web Apps

    Dangers of Storing Sensitive Data in Web Storage: 5 Real Attack Scenarios

    ByRyan Chaplin August 26, 2025July 11, 2025

    Lead Penetration Tester Ryan Chaplin walks us through 5 real-world attack scenarios used in real-world penetration tests by Raxis.

    Read More Dangers of Storing Sensitive Data in Web Storage: 5 Real Attack ScenariosContinue

  • OWASP Top 10 for LLM Applications
    AI | Exploits | Penetration Testing | Web Apps

    OWASP Top 10 for LLM Applications Penetration Testing

    ByJason Taylor July 15, 2025November 10, 2025

    Lead Penetration Tester Jason Taylor looks at OWASP’s Top 10 list for LLM applications for penetration testing as AI machine learning becomes prevalent.

    Read More OWASP Top 10 for LLM Applications Penetration TestingContinue

  • OWASP Top 10
    Penetration Testing | Web Apps

    OWASP Top 10: The Bedrock of an Application Penetration Test

    ByAdam Fernandez April 23, 2024

    When performing web app, mobile app, and API penetration tests, we refer to the OWASP Top 10. Here we’ll discuss what that means and why it’s helpful.

    Read More OWASP Top 10: The Bedrock of an Application Penetration TestContinue

  • Submit Button
    Exploits | How To | Injection Attacks | Web Apps

    Hackers See Opportunity Where You See Only a Button

    ByBrad Herring April 1, 2022June 3, 2025

    In this post, Raxis VP Brad Herring explains how web proxy tools can turn even simple buttons and check-boxes into avenues for an attack.

    Read More Hackers See Opportunity Where You See Only a ButtonContinue

  • Web App Testing: Part Two
    Web Apps

    What is Web App Pentesting? (Part Two)

    ByRaxis Research Team March 4, 2022August 22, 2025

    Lead penetration tester Matt Dunn continues his discussion about web application testing. In Part Two, Matt explains testing as an authenticated user vs. as an unauthenticated user.

    Read More What is Web App Pentesting? (Part Two)Continue

  • Web App Testing: Part One
    Web Apps

    What is Web Application Penetration Testing?

    ByRaxis Research Team February 18, 2022June 3, 2025

    Learn how Raxis approaches web application testing and how it differs from network penetration testing. Lead penetration tester Matt Dunn explains in this post.

    Read More What is Web Application Penetration Testing?Continue

Page navigation

1 2 Next PageNext

2870 Peachtree Road
Suite #915-8924
Atlanta, GA 30305 USA

+1 678.421.4544

Contact us online for faster response

About Raxis

  • About Raxis
  • Careers
  • Terms and Conditions
  • Privacy Policy
  • Penetration Testing Partner Program

Resources

  • The Exploit Blog
  • Transporter Remote Penetration Testing
  • Penetration Test Glossary
  • What is a Penetration Test?
Facebook X Instagram Linkedin YouTube