Penentration testing is a service that focuses hard on your system security posture, tests your configuration management processes, and validates your controls are operational.

Customer Benefits

• Penetration Tests are often used to document compliance with regulatory programs that require Penetration Tests as part of their certification process
• Get an attacker's view of your network
• See actual exploitation results as they would occur if your network was under attack
• Test both your operational and technical defenses

Overview

Penetration testing is a component of a full security audit and is also known as Black Box or White Box testing, Red Team Testing, or ethical hacking. Although a good practice to follow with any system, generally these types of tests are performed as required by regulatory standards such as the Payment Card Industry Data Security Standard (PCI-DSS). PCI-DSS requires annual and ongoing penetration testing after system changes.

Raxis bases procedures on the OSSTMM specification when performing penetration tests. We'll work with you to determine the right steps, scope, and deliverables that are necessary to fit your needs. The common testing types defined by OSSTMM and supported by Raxis are Blind, Double Blind (aka Black Box), Gray Box, Double Gray Box (aka White Box), Tandem, and Reversal.

All details available to the penetration tester will be made avaialble in the report, including screen shots, steps taken to gain access, and a demontration on how to recreate any attacks if necessary. Our goal is to give you a clear understanding as to exactly what level of risk that any observed threats may have.

Please note that the results summarized in the Raxis penetration testing document are based upon a collection of technical methodologies and manual tests interacting at a single point in time with technology that is continually changing and becoming ever more complex. Any projection to the future based upon the findings contained within the final document is subject to the risk that, because of change, they may no longer portray the system or environment in existence at that time. The information gathered is subject to inherent limitations and, accordingly, weaknesses, errors or irregularities that may occur and not be detected.

Experience

What sets us apart is our experience with performing security penetration tests and security audits of some of the largest most complex companies. Due to customer confidentiality we are unable to publish company names on our website. However Raxis has worked with some of the largest Fortune 500 companies, several in the top 50, and has now performed over 400 risk assessments and penetration tests since inception in 2005 for companies all across the United States.

Contact us to find out more about Penetration Testing services for your business.