Here at Triaxiom, we believe in giving back to the community. We have created the Triaxiom Gives Back Program to help us do just that. From day 1 of founding Triaxiom, we agreed that a portion of our profits and our time would be used each year to give back to the community. The Triaxiom […]
We get asked more than one would think about the ability to run an “automated penetration test”. Today, we discuss what can be automated vs. what can not be automated and what you should consider before subscribing for automated penetration testing. What is an “automated penetration test”? We have seen plenty of companies touting automated […]
Today, we’re going to take a closer look at how network segmentation can be used to improve your organization’s security posture. Network segmentation is, very simply, creating subdivisions of your corporate network and then intelligently restricting traffic flows between them. This can take the form of VLANing, ACLs on routers or firewalls, host-based firewalls, physical […]
In early 2020, the PSI SSC determined that remote PCI assessments would be allowed due to the COVID-19 Pandemic. They have released guidance on how these should be conducted and what it means for the assessors and entities being assessed. The first question you should ask yourself is “am I required to have a PCI […]
Penetration testing is an extremely dynamic field. There is very little standardization in the tools, processes, and techniques that different organizations leverage when performing testing. Web application penetration testing is no different, so we’re going to cover some of the most common web application penetration testing tools in our toolkit. This disparity in tools is […]
In today’s blog, we’ll discuss the differences between a CTF vs real, professional penetration testing, and the mindset required for each. We’re primarily aiming this article at aspiring and junior penetration testers, by highlighting some of the things to think about when transitioning from a CTF-style environment to that of a professional penetration testing firm. […]
At Triaxiom, we modeled our engineer training pipeline after pilot training in the Air Force. Why? Simply put, because we think it works and there are a lot of parallels. The Air Force wants to make absolutely sure a pilot is qualified to fly a plane before they allow them to hop in a multi-million […]
For all of our assessments, one of the first questions that we tend to get asked is “How long does it take?” And while, yes, “it depends” is part of the answer, we wanted to at least give you a rough idea of how long a web application penetration test takes for planning purposes. We’ll […]
Picking the brain of a seasoned penetration tester is always fun. Getting insights into what makes them tick, what keeps them up at night, their craziest find on a penetration test, and much more. Below is a Q&A with a senior engineer at Triaxiom Security. Q: How did you get into penetration testing?A: I started […]
Just for the fun of it, I am going to do a series of blogs talking about some of the physical penetration tests I have done. War stories, if you will. Of course we will keep the clients anonymous throughout and hopefully they have fixed these items by now anyway, as it has been some […]
