Financial Penetration Testing

Achieve GLBA Compliance through Improved Security

Let's Start Hacking

Tell us how we can help improve your security.

Security Services Tailored for the Financial Sector

As expected, financial services organizations face more security threats than most others. Raxis understands the threats that face banks, credit unions, and card processors, and we have performed hundreds of penetration tests specifically in this area, often achieving customer data exfilration as well as transferring funds outside of the financial institution. We have breached ATM devices, defeated two-factor authentication (2FA) on a financial applications, and transferred funds between accounts by providing our own "supervisor" approval. If this were to happen outside of our controlled testing arrangement, a real breach could create costly compliance fines, reputation damage, and shareholder anxiety.

Female ATM bankcard user

Raxis financial customers include numerous banks and credit unions, from just a few branches in one state to hundreds across the country. We've worked extensively with our banking customers to ensure that ongoing operations are not impacted while we provide the best penetration test possible. We do not post names of our customers for security reasons, however we'd be glad to provide reference customer contact information upon request and under NDA.

Financial & GLBA Penetration Testing

GLBA Compliance Requirements

The Gramm-Leach-Bliley Act (GLBA) includes provisions to protect consumers' financial and personal information that may be stored or handled by financial institutions. These provisions require that financial organizations ensure the security and confidentiality of customer information, protect against threats to the security of this information, and protect against unauthorized access to those records. In order to enforce GLBA, the Federal Trade Commission (FTC) issued the Privacy Rule and the Safegards Rule, which require financial institutions to maintain a comprehensive information security program to protect the privacy and integrity of customer data.

Penetration Testing for Compliance

Raxis has performed hundreds of penetration tests against financial institutions and has designed a methodology that is designed specifically to meet compliance standards and protection of Personally Identifiable Informaiton (PII). In addition to GLBA, often financial organizations need to meet other standards, such as PCI or Sarbanes-Oxley (SOX). Raxis can combine the pentesting procedures from multiple compliance standards to ensure that the same penetration test meets all of these standards together. In addition to pentesting, a social engineering engagement is also used to demonstrate effectiveness of the protection and controls used by the organization to safeguard consumer PII data.

Financial Penetration Testing Features

  • Reviewing business process used by applications to ensure security and confidentiality of customer records
  • Exploiting vulnerabilities in unpatched systems to gain further system access or customer data
  • Brute forcing of available login forms such as webpages and other remote services
  • Testing malicious injections and session mismanagement on available websites
  • Work closely with your remediation team to ensure findings are addressed for compliance documentation
  • Document successful and failed attempts to access customer records for compliance use
  • And, if obtained, cracking of password hashes to be leveraged for additional access

Download our Penetration Testing Service Brief (PDF) for more information.

Transporter Remote Access

Raxis Transporter provides an easy to deploy "virtual wire" network connection to our manual penetration testers, vulnerability assessors, and R3 incident response team.

On-Site Penetration Testing

Sometimes it's necessary to be on-site to get access to internal networks or examine a breach first hand. No problem, our consultants will fly to you.

A Smarter Way to Stay Secure

Learn how hacking can help find and fix security gaps you never knew about.