In today’s blog, we are going to look at how penetration testing has changed during the pandemic. With the increase in users working from home and less reliance on a corporate network, certain aspects of penetration testing have become easier, or more likely to succeed, while others have become much more difficult. We will explore […]
Information Security can be a difficult topic for organizations to understand and communicate about for a variety of reasons, but perhaps none more prevalent than the terminology that gets thrown around. As such a dynamic and fast-moving industry, it can be hard for inside veterans to get on the same page about certain topics, much […]
Incident response tabletop exercises are a great way to mature your overall security posture. As with most mock exercises, the more thought and effort you put into the execution, the more you will ultimately get out of it. Today, we explore tips to help improve your next incident response tabletop exercise. 1. Treat it Like […]
Here at Triaxiom, we believe in giving back to the community. We have created the Triaxiom Gives Back Program to help us do just that. From day 1 of founding Triaxiom, we agreed that a portion of our profits and our time would be used each year to give back to the community. The Triaxiom […]
We get asked more than one would think about the ability to run an “automated penetration test”. Today, we discuss what can be automated vs. what can not be automated and what you should consider before subscribing for automated penetration testing. What is an “automated penetration test”? We have seen plenty of companies touting automated […]
Today, we’re going to take a closer look at how network segmentation can be used to improve your organization’s security posture. Network segmentation is, very simply, creating subdivisions of your corporate network and then intelligently restricting traffic flows between them. This can take the form of VLANing, ACLs on routers or firewalls, host-based firewalls, physical […]
In early 2020, the PSI SSC determined that remote PCI assessments would be allowed due to the COVID-19 Pandemic. They have released guidance on how these should be conducted and what it means for the assessors and entities being assessed. The first question you should ask yourself is “am I required to have a PCI […]
Penetration testing is an extremely dynamic field. There is very little standardization in the tools, processes, and techniques that different organizations leverage when performing testing. Web application penetration testing is no different, so we’re going to cover some of the most common web application penetration testing tools in our toolkit. This disparity in tools is […]
In today’s blog, we’ll discuss the differences between a CTF vs real, professional penetration testing, and the mindset required for each. We’re primarily aiming this article at aspiring and junior penetration testers, by highlighting some of the things to think about when transitioning from a CTF-style environment to that of a professional penetration testing firm. […]
At Triaxiom, we modeled our engineer training pipeline after pilot training in the Air Force. Why? Simply put, because we think it works and there are a lot of parallels. The Air Force wants to make absolutely sure a pilot is qualified to fly a plane before they allow them to hop in a multi-million […]
