We’ve recently seen an uptick in vendor security assessment questionnaires (VSAQs) that are requiring organizations to do white box application penetration testing. Obviously this may be anecdotal, but we thought it would be a good opportunity to discuss what is being asked of you when it comes to white box or clear box testing, and […]
In the past, we have explored how to find penetration testing Requests For Proposals or RFPs. Today, we are going to explore how to effectively write a penetration testing RFP. Often times, government entities or commercial industry companies are forced to leverage an RFP process to ensure a fair and objective assessment of vendors for […]
One of the most helpful things an organization can do when it comes to security is understanding what needs to be protected. An asset inventory is a great starting point, as it should include all of our hardware and the software you’re running. But perhaps more importantly, you really need to know where your sensitive […]
This blog is intended to help merchants understand the various roles in PCI compliance. Specifically, we are going to look at perhaps the most important role: the role of your acquiring bank. Simply put, your acquiring bank is the judge and jury when it comes to meeting PCI compliance. Let’s discuss. Who is My Acquiring […]
In light of COVID-19 and the toll it is taking on the business community, today we will discuss the types of remote security assessments that can be performed and some alternative tweaks to assessments to ensure your security program is still evaluated and working properly. Unfortunately with all of the chaos, attackers know that they […]
In today’s blog, we’ll be taking a look at Palo Alto Traps, how it compares to traditional signature-based endpoint security, and how Triaxiom fared against it during a recent engagement. Limitations of traditional endpoint security Every piece of malware has what’s known as a ‘digital signature’ (i.e. a digital footprint) and traditional antivirus (AV) products […]
