Systems on the external network often undergo attacks from both live and automated systems every day, and therefore requiring the most extensive testing. Live-fire attacks are performed against your internet facing systems in order to gain a foothold into your internal resources. These attacks will be followed by attempts pivot into other critical servers to attain private data. Simulated data exfiltration will be demonstrated as a proof of concept.
The internal network pentest acts as a malicious insider and will examine your corporate network for various vulnerabilities such as issues stemming from unpatched systems to misconfigurations such as default and null credentials. If hashes are obtained, a crack attempt and full password analysis is included. Data exfiltration will be simulated to demonstrate the impact of an internal breach.
Wireless pentesting will help you understand the potential security risks that your systems may be exposed to. Techniques include gathering and cracking Pre-Shared Keys (PSK), creating rogue access points, and exploiting insecure technologies such as WEP and WPA/WPA2. Raxis pentesters will map out your network and inform you of rogue access points that are already in place. Raxis will also test your guest wireless network for segmentation to ensure that your internal network is protected.
A specialized test will be conducted against web application acting as a nefarious attacker. We’ve worked extensively with languages from Node.js to Java frameworks such as Struts and with databases from MongoDB and MySQL to Oracle. Raxis has been successful in performing privilege escalation, information disclosure, and database compromise on multiple past projects. In past tests we have discovered private customer and system information using vectors such as SQL injection, file path traversal and cross-site scripting.
SOAP & REST API
REST (Representational State Transfer) and SOAP calls for both mobile and traditional web applications can potentially expose data or the underlying systems. We’ll test each type of call and are able to operate with or without provided documentation. Raxis has been successful in performing privilege escalation, information disclosure, and database compromise on multiple past projects.
Mobile applications are more popular than ever, and they are not without risk. Raxis will extensively test the application for security exposure of the servers behind the scenes and internally stored data. Raxis has been successful in performing privilege escalation, information disclosure, and database compromise on Apple iOS and Android devices..
IoT & Embedded
Raxis has extensive experience with embedded systems and has performed penetration testing against the latest IoT technology for global manufacturers, including power generation, water treatment, oil drilling, and cable TV boxes. We'll study the system in great detail and perform fuzzing techniques against the system to find any security vulnerabilities, ultimately to assist you in quickly remediating them.
Similar to any externally facing system, Cloud systems require extensive security testing. Raxis works with cloud providers such as AWS, RackSpace, and Microsoft Azure to ensure your test is thorough and encompasses any additional functionality that the cloud providers may offer.