The scope of a penetration test is one of the most important parameters that will define whether the test meets your expectation. The scope of an assessment is usually comprised of a detailed listing of targets. The scope of a penetration test may be represented by the number of systems that are to be tested, […]
The United States government now has an official cybersecurity agency with the creation of the Cybersecurity and Infrastructure Security Agency (CISA). The bill that Trump signed into law on November 16th, 2018 changes the National Protection and Programs Directorate (NPPD) into a standalone agency, moving it out from under the Department of Homeland Security (DHS). […]
It’s hard to believe we are closing in on the end of 2018. We want to take this time to reflect with a look back at the 2018 cybersecurity year in review, and a look ahead to what next year may hold. Key Themes Continued Improvement, But Still Not Enough While firms are starting to […]
A physical penetration test emulates an attacker trying to physically break into your organization and steal sensitive information or gain access to the internal network. If you haven’t already seen it, check out our blog on the top 3 ways we gain access to your environment during a physical penetration test. While you are at it, you […]
A wireless penetration test is a holistic review of your wireless environment and the risk it presents to your organization as a whole. This assessment includes tactical testing that determines whether an attacker in the parking lot can gain access to your corporate network through your wireless signal. However, in contrast to other penetration tests, […]
We’ve talked in a previous post about how host compliance audits are a great way to get a low-level, detailed understanding of your hardening practices and security on a system-by-system basis. But it may not be clear exactly how this type of analysis is done and what your testing team would need to perform a […]
Over the past few months, we have had several customers ask us about when is the right time to penetration test a new application in their environment. Right off the bat, we like this question, because it recognizes the fact that a new application needs a penetration test. You never want to roll a new […]
We’ve talked previously about why an incident response tabletop exercise can be a useful tool for your security program. But taking a step back, let’s take a closer look at what makes an incident response tabletop exercise successful. While a tabletop exercise can be a great way to step through your incident response process on […]
In this blog, we are going to talk about some of the disadvantages of a bug bounty program compared to a penetration test. Don’t get us wrong, there are many advantages of a bug bounty program, in fact, we just did an entire blog dedicated to the subject. While Triaxiom Security is a company founded […]
On the journey to building a security program, or evolving the one you’ve currently got in place for your organization, there are a number of controls you’ve got to consider. Some of those controls, like the ones we talk about here, are either contingent upon other controls already being in place or require a significant […]
