In today’s blog, we’ll be taking a look at Palo Alto Traps, how it compares to traditional signature-based endpoint security, and how Triaxiom fared against it during a recent engagement. Limitations of traditional endpoint security Every piece of malware has what’s known as a ‘digital signature’ (i.e. a digital footprint) and traditional antivirus (AV) products […]
This is officially blog number 300! Just to have some fun and learn a few lessons, let’s look at the movie ‘300’ and see if there are any lessons learned we can apply to information security. While this is more of a fun blog than anything else, there a few nuggets we can take away […]
Today’s security quick tip is brought to you by some API penetration tests I’ve completed over the past few weeks. One of the things I’ve noticed more and more as organizations are developing and implementing APIs as part of their overall application infrastructure is the presence of “greedy” or overly verbose JSON objects in HTTP […]
Back in September, we wrote a blog on the importance of using two separate accounts for administrators, one user-level and one administrative. If you haven’t read it yet, it does a great job of explaining why it is necessary and why it’s a security best practice. The lower-level user account should have limited permission and […]
Today we’re going to put a bow on our series covering different checklists for things you should be thinking about during each of the 5 primary phases of security incident response. We started with the identification phase and how to adequately capture information about a potential security incident to launch an investigation. We then covered […]
Continuing in our key security concept series, this blog will look at the CIA Triad. If you haven’t been following, check out the other blogs in this series on nonrepudiation and dual control. The CIA Triad is one of the most important concepts in information security, as it should drive the actions we take. This […]
Prior to stay at home orders from COVID-19, the 800 million active TikTok users (out of the over 1 billion subscribed users) spent an average of 52 minutes per day on the app. The average user on this social media platform is between the ages of 16-24, and with all these teens stuck at home […]
We are approaching the end of our series of blogs that touch on some important items that your organization should consider for each of the phases of the incident response process, including identification, eradication, and containment. This week we touch on the recovery process following an incident, once everything has been contained and eradicated. This […]
This blog is a continuation of our key security concept blog series. If you have not already, check out our first blog from this series, which discusses nonrepudiation. In today’s blog, we are going to look at another important, but rarely discussed concept, dual control. Simply put, dual control is defined as requiring two or […]
Perhaps the most important part of a penetration test, aside from the execution of the test, is the quality assurance or QA of the results and documentation. At the end of the day, the results and the final reports are what you are paying for with a penetration test. Technical Quality Assurance There is nothing […]
