The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to assure the effective and efficient reduction of risks to the reliability and security of the grid. NERC develops and enforces Reliability Standards; annually assesses seasonal and long‐term reliability; monitors the bulk power system through system awareness; and educates, […]
PCI’s new Secure Software Lifecycle (SLC) assessment standard has been released. This new Secure SLC standard, released alongside the Software Security Framework (SSF) that we’ll talk about in a separate blog, provides a framework for assessing how payment software vendors develop and maintain secure payment software. Similar to the current Merchant and Service Provider PCI […]
Today’s QSA tip has the potential to save you a lot of time, effort, and cost associated with getting your organization into compliance with the PCI Data Security Standard (DSS). Triaxiom Security is a PCI QSA certified company who performs audits on a myriad of organizations trying to meet PCI standards. From large organizations who […]
There are several phases of a security incident that are important, but first and foremost, the identification that an incident occurred is your first opportunity to gather information and understand what is going on. It’s helpful to have a checklist that employees are aware of to take down some initial information that can help your […]
One of the questions we get most when at hiring events, conferences, trade shows, etc. is how can someone get into penetration testing or break into the industry as a penetration tester? There are many avenues to becoming a penetration tester, but today we will touch on a few strategies to help get your foot […]
In today’s blog, we are going to discuss three potential show stoppers for a QSA On-site Assessment. These all come from recent conversations with potential clients, and all three would have resulted in a failing Report on Compliance (RoC). So as a result, we thought a blog discussing what those are and what to do […]
As penetration testing continues to grow in popularity and more companies are either required to have it or are doing it as part of best practice, people are running into the problem of how to shop for penetration testing. But what makes a good penetration testing company and how do you compare companies? What should […]
We have clients reaching out for a penetration test with a myriad of different drivers for needing to complete the assessment. Sometimes, clients know what they need and why they need it. Other times, they are looking for coaching as to what they should get done and what that particular test will achieve. Today, we […]
For those of you who aren’t familiar, the FBI and Apple have been at odds for some time. It started back in 2016 when the FBI used the tragedy in San Bernardino to try to convince Apple to make it so that the FBI can break into Apple devices if such an incident were to […]
A common question we’ve run into over the past several months when scoping out API penetration tests is surrounding the API documentation. Specifically, the API endpoint/function definitions that list all of the available functions within a target API and the required request parameters used to interact with that function. These documents will also usually include […]
