Picking the brain of a seasoned penetration tester is always fun. Getting insights into what makes them tick, what keeps them up at night, their craziest find on a penetration test, and much more. Below is a Q&A with a senior engineer at Triaxiom Security. Q: How did you get into penetration testing?A: I started […]
Just for the fun of it, I am going to do a series of blogs talking about some of the physical penetration tests I have done. War stories, if you will. Of course we will keep the clients anonymous throughout and hopefully they have fixed these items by now anyway, as it has been some […]
Unfortunately, there is no cut and dry answer to the question of “when is the best time for a penetration test“. As with many nuanced areas of life, the answer is “it depends”. There are many scenarios that could warrant the need for a penetration test and organization-specific situations that could change your needs. Let’s […]
Creating secure web applications is hard. There are a number of reasons for this, but one contributing factor is language-specific oddities. Specifically, different programming languages handle data differently and, in some cases, these differences can have a significant impact on security. Let’s take a look at one somewhat-exotic example of a language-specific idiosyncrasy within PHP, […]
In this blog, let’s take a look at what is sure to be one of the biggest information security events of 2020: The Twitter Hack. While it is still very early and details are still coming out, lets take a quick look at what we know so far and some lessons we should learn from […]
Let’s say you just received a penetration test report from a company and you are working with your internal IT team or development team to triage and fix the issues raised. Someone on your team is of the mindset that fixing the medium/low priority issues in report isn’t even worth the amount of resources it […]
