AWS has deprecated S3 SSE-C encryption, and in April AWS will disable the ability to use S3 SSE-C (Server-Side Encryption using Customer-Managed Keys). Below are steps to query Amazon S3 and confirm whether any objects use SSE-C encryption, along with steps to prevent SSE-C usage and recommended alternative solutions. Here is the official announcement from […]
Yesterday (1/15/2026), Wiz published research detailing a vulnerability they named CodeBreach, and to say it was a close call is putting it mildly. This may sound dramatic, but this had the potential to be devastating. This vulnerability struck at the system that distributes code to the AWS Console itself, and if it had fallen into […]
Cloud security is no longer just a subset of IT, it’s a set of integrated backbone services that determines whether organizations maintain continuity, trust and compliance. Cloud customers expect performance and protection. Executives expect stability and optimization. Attackers expect misconfigurations. Reality favors whoever prepares early. This guide provides an overview of recurring problems we see […]
User enumeration is a common vulnerability found across many applications; however, it is typically missed by automated testing and only discovered with hands on keyboard testing. During an external penetration test, Triaxiom performs a series of automated scans for both discovery purposes (port mapping, discovery of assets, etc.), and vulnerability enumeration. Once those are complete, […]
The reality is simple: modern security leadership requires expertise across a wide range of disciplines, and no single person can be an expert in all of them. If you’ve ever looked at a CISO mind map, like the well-known version created by Rafeeq Rehman, you’ve likely noticed the overwhelming spread of responsibilities falling under the […]
Uncertainty in the cloud demands attention. This article presents a set of strategic questions that cut through the noise and guide discovery for securing your cloud environments. Executives and business leaders often assume that once systems are deployed to the cloud, they are secure. That is, until an incident exposes security gaps no one knew […]
The cloud has become the backbone of modern infrastructure to deploy software. It offers organizations abilities to efficiently run applications far beyond the capabilities of traditional on-premises infrastructure. However, cloud technology also brings an increase in security risks, and that traditional on-premises security assessments simply cannot address. At Triaxiom Security, our certified cloud security experts […]
When it comes to penetration testing, assessing web applications is pretty unique compared to the other sorts of testing. We’ve already written about web application penetration testing in general, geared to helping you understand the point of testing, the associated costs, some of the challenges, etc. So go back and read that if you’re looking […]
It’s 2025, and an external penetration test continues to be a foundational element of assessing organizational cybersecurity effectiveness across the globe. An external penetration test is a type of cybersecurity assessment focused on evaluating the strength of the security controls applied to your organization’s Internet-facing systems. Simulating real-world attack scenarios helps determine how well your […]
The primary reason you need to prepare for a penetration test is simple: the tests are time-boxed. Testers have a limited window to investigate and attempt to compromise as many systems as possible. By proactively hardening your environment, you reduce the low-hanging fruit, allowing the testers to go deeper and focus on the most critical […]
