Penetration tests can range from a simple test that takes 1 day to complete up to an assessment with multiple different penetration testing services that takes weeks to complete. A project manager is a vital role during a penetration test to ensure that everything goes smoothly, timelines are met, and ultimately the client gets the […]
As with salaries in most fields, the answer here is it depends. In any field or industry there is a certain level of supply and demand that helps dictate salaries. Luckily in the field we’re discussing today, there is a pretty short supply of penetration testers out there and, therefore, the salaries we’re seeing tend […]
With the rise of working on the go and the age of constant connectivity, application developers and companies focused on software are spreading their products and supporting just about any device that has Internet connectivity. While the applications being created may look and feel the same on different devices, the underlying architecture and attack surface […]
In a lot of organizations we work with, something as simple as changing the password policy from a minimum length requirement of 8 to 14 is anything but simple. They have to get approval, organizational buy-in from top management, and then deal with hundreds of help desk tickets and frustrated employees once the change is […]
In today’s blog, we are going to take a look at how to make a better wordlist. When performing password attacks, whether online or offline, wordlists are a much better approach than a traditional brute force. Even with an offline password attack using a machine designed to crack passwords efficiently, a brute force of just […]
To cut to the chase, the answer is Yes. Triaxiom Security is a QSA company and has multiple QSA employees on staff. According to the PCI Security Standards Council, “Qualified Security Assessor (QSA) companies are independent security organizations that have been qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI […]
In September of 2018, California became the first state to pass a law requiring manufacturers to secure connected devices. The bill, TITLE 1.81.26. Security of Connected Devices, is the first of its kind for Internet of Things (IoT) devices and today we will explore some of the finer details of the law which comes into effect January […]
In our social engineering assessments, we typically utilize three different types of social engineering attacks: vishing, spear phishing, and bulk phishing. Most of our clients are familiar with phishing and spear phishing, but have questions about vishing. In this blog, we will talk about vishing, go over a typical attack, and explain why it can […]
It’s a simple question, but there are a surprising number of organizations that aren’t sure exactly where to find the answer to whether they need to be PCI compliant and how they need to demonstrate their compliance. For organizations curious about their compliance obligations when it comes to the Payment Card Industry (PCI), it can […]
As companies prepare for the January 1st, 2020 implementation of the California Consumer Privacy Act or CCPA, we have been fielding quite a few questions surrounding the new regulation and its requirement for “reasonable security”. One of the most often asked questions is “Does the CCPA require penetration testing?” Today we dive deeper into the […]
