Penetration Testing as a Service

• What is PTaaS?

Raxis PTaaS, or Penetration Testing as a Service, combines the speed and accuracy of security scanning tools and real human powered Penetration Testing. Raxis uses state of the art automated vulnerability scans, powered by Tenable, to watch for changes and new risks from emerging threats. If something is detected, we move quickly to perform an analysis of the potential findings and subsequently a real penetration test, allowing you to focus on business while we keep an eye on your cybersecurity risk. Raxis One provides a way to check on your security posture at any time, as well as the ability to communicate in near real-time with our penetration testing engineers.

• Is PTaaS just a vulnerability scan?

At Raxis, our Pentest as a Service (PTaaS) goes beyond a simple scan. We offer a complete range of Penetration Testing services utilizing our experienced team and state-of-the-art software. Our thorough report not only includes detailed screenshots, but also provides step-by-step remediation guidance for each identified issue. On top of that, we conduct retesting and validation to ensure your complete protection. Rest assured, Raxis PTaaS delivers much more than just a standard Pentest – it’s a comprehensive solution.

• Is it possible to kick off a penetration test on-demand?

On Demand Penetration Testing is an excellent fit for organizations that are making frequent changes to their applications or network environment. By skipping the procurement process, onboarding penetration testers, and frequent kick off calls, PTaaS On Demand provides a fast way to start a Penetration Test powered by the Raxis team of professional hackers. The Raxis team will work closely with your development or network teams to help resolve security findings in near real-time, giving you a real advantage in speed to market and reduced security risk.

• Should I wait to fix known security issues before starting with PTaaS?

When it comes to keeping your company secure, it is important to establish a strong base. We acknowledge that each company has its own unique operations and may feel confident in their current security measures. Therefore, if our team discovers any weaknesses during our Penetration Testing, we will collaborate closely with you to address them and identify the most effective solutions that cater to your business needs. Additionally, we value the importance of time, which is why we offer the option to oversee these issues through our PTaaS service, saving you time and effort. With Raxis, you can rely on our unwavering dedication to safeguarding your company. Always remember, we are here to assist in whatever manner you prefer.

• Does this mean PTaaS provides unlimited penetration testing for my application?

With continuous pentesting, our team conducts frequent scans to monitor your system for any changes. We carefully look for new elements that may have emerged since our last analysis. If we find something noteworthy, we will carry out another Penetration Test to thoroughly examine this potential new attack vector. This updated information will be reflected in your Raxis One report, which will also include recommendations on how to address our findings. This process will be repeated every time we discover a new potential attack vector. As for on-demand pentesting, where you have the option to initiate a new penetration test, there are certain limitations. You are able to select the number of on-demand tests you would like per year. These tests will only be conducted upon your request and will include a full pentest, report, and retesting when you are ready.

• Does PTaaS have a Penetration Test report that I can use for my audit?

Yes. PTaaS is real penetration testing, so it meets or exceeds all penetration testing standards. This includes (but is not limited to) compliance with NIST 800-53, NIST 800-171/CMMC, PCI, HIPAA, GLBA, ISO 27001, and SOX. Our team at Raxis ensures that all of our services adhere to these standards and go above and beyond to provide top-of-the-line security for our clients. Our commitment to compliance and excellence sets us apart as a leader in the industry, giving you peace of mind and confidence in our services. Let us show you how Raxis can help you achieve your cybersecurity goals.

• Is penetration testing legal? Do you break the law?

At Raxis, our ethical and legal standards are of utmost importance to us. This is demonstrated through our use of clear and comprehensive contracts that set forth the parameters of our work. As part of our commitment to upholding these values, we adhere to a strict policy prohibiting any harm or destruction of our clients’ property. Our primary objective is not to cause damage, but rather to uncover vulnerabilities that real hackers could exploit. In addition, we offer valuable insights and imparting education to our customers, empowering them to preemptively safeguard against cyber attacks. Our agreements have the full knowledge and endorsement of company leadership, solidifying transparency and consent. Above all, we operate with honesty and always prioritize the well-being and safety of our valued clients.

• Are there rules that penetration testers follow?

As a penetration tester, it is crucial for us to follow strict protocols and protocols. Our primary goal is to keep the system up and running and safeguard the integrity of its data. Unlike malicious hackers, we prioritize avoiding any real harm. Moreover, when gathering evidence of access, we take additional precautions to conceal any confidential information. While we adhere to our clients’ parameters and regulations, we also aim to push the boundaries and challenge the effectiveness of their security protocols.

• My application is cloud hosted. How does that work for penetration testing with PTaaS?

With Raxis PTaaS, we take great pride in our comprehensive approach to conducting penetration tests. After carefully assessing the project, we collaborate closely with cloud providers to ensure they are aware of our actions. Our team of highly skilled professionals has conducted numerous tests on a variety of platforms, including Amazon AWS/EC2, Microsoft Azure, Google Cloud, Rackspace, and VMWare Cloud. We have also gained extensive experience working with widely used content delivery front ends such as CloudFlare and Akamai. Regardless of our clients’ technology stack, Raxis is committed to utilizing the most effective methods to meet their specific penetration testing needs. Our detailed reports offer valuable insights and recommendations for enhancing overall security measures.

• Why do you download and crack password hashes as part of PTaaS?

Password cracking is a vital component of Raxis’ comprehensive and meticulous penetration testing service. Our PTaaS team employs sophisticated methodologies and cutting-edge tools to evaluate the effectiveness of your organization’s password policy and the level of its execution. Additionally, our adept personnel can leverage previously compromised passwords to gain unauthorized access to other systems, enhancing the authenticity of a simulated data breach. Raxis employs robust encryption methods to safeguard all hash data, both in transit and at rest, to ensure maximum security. As part of our unyielding commitment to confidentiality and protection, after the password cracking process is finalized, we ensure the secure erasure of all password hashes. We provide a comprehensive analysis of our findings, including details on password robustness, intricacy, and examination, as part of a redacted pentest report.