Today, we’re going to take a closer look at how network segmentation can be used to improve your organization’s security posture. Network segmentation is, very simply, creating subdivisions of your corporate network and then intelligently restricting traffic flows between them. This can take the form of VLANing, ACLs on routers or firewalls, host-based firewalls, physical […]
In early 2020, the PSI SSC determined that remote PCI assessments would be allowed due to the COVID-19 Pandemic. They have released guidance on how these should be conducted and what it means for the assessors and entities being assessed. The first question you should ask yourself is “am I required to have a PCI […]
Penetration testing is an extremely dynamic field. There is very little standardization in the tools, processes, and techniques that different organizations leverage when performing testing. Web application penetration testing is no different, so we’re going to cover some of the most common web application penetration testing tools in our toolkit. This disparity in tools is […]
In today’s blog, we’ll discuss the differences between a CTF vs real, professional penetration testing, and the mindset required for each. We’re primarily aiming this article at aspiring and junior penetration testers, by highlighting some of the things to think about when transitioning from a CTF-style environment to that of a professional penetration testing firm. […]
At Triaxiom, we modeled our engineer training pipeline after pilot training in the Air Force. Why? Simply put, because we think it works and there are a lot of parallels. The Air Force wants to make absolutely sure a pilot is qualified to fly a plane before they allow them to hop in a multi-million […]
For all of our assessments, one of the first questions that we tend to get asked is “How long does it take?” And while, yes, “it depends” is part of the answer, we wanted to at least give you a rough idea of how long a web application penetration test takes for planning purposes. We’ll […]
