Today, we’re going to take a closer look at how network segmentation can be used to improve your organization’s security posture. Network segmentation is, very simply, creating subdivisions of your corporate network and then intelligently restricting traffic flows between them. This can take the form of VLANing, ACLs on routers or firewalls, host-based firewalls, physical […]
In early 2020, the PSI SSC determined that remote PCI assessments would be allowed due to the COVID-19 Pandemic. They have released guidance on how these should be conducted and what it means for the assessors and entities being assessed. The first question you should ask yourself is “am I required to have a PCI […]
Penetration testing is an extremely dynamic field. There is very little standardization in the tools, processes, and techniques that different organizations leverage when performing testing. Web application penetration testing is no different, so we’re going to cover some of the most common web application penetration testing tools in our toolkit. This disparity in tools is […]
In today’s blog, we’ll discuss the differences between a CTF vs real, professional penetration testing, and the mindset required for each. We’re primarily aiming this article at aspiring and junior penetration testers, by highlighting some of the things to think about when transitioning from a CTF-style environment to that of a professional penetration testing firm. […]
At Triaxiom, we modeled our engineer training pipeline after pilot training in the Air Force. Why? Simply put, because we think it works and there are a lot of parallels. The Air Force wants to make absolutely sure a pilot is qualified to fly a plane before they allow them to hop in a multi-million […]
For all of our assessments, one of the first questions that we tend to get asked is “How long does it take?” And while, yes, “it depends” is part of the answer, we wanted to at least give you a rough idea of how long a web application penetration test takes for planning purposes. We’ll […]
Picking the brain of a seasoned penetration tester is always fun. Getting insights into what makes them tick, what keeps them up at night, their craziest find on a penetration test, and much more. Below is a Q&A with a senior engineer at Triaxiom Security. Q: How did you get into penetration testing?A: I started […]
Just for the fun of it, I am going to do a series of blogs talking about some of the physical penetration tests I have done. War stories, if you will. Of course we will keep the clients anonymous throughout and hopefully they have fixed these items by now anyway, as it has been some […]
Unfortunately, there is no cut and dry answer to the question of “when is the best time for a penetration test“. As with many nuanced areas of life, the answer is “it depends”. There are many scenarios that could warrant the need for a penetration test and organization-specific situations that could change your needs. Let’s […]
Creating secure web applications is hard. There are a number of reasons for this, but one contributing factor is language-specific oddities. Specifically, different programming languages handle data differently and, in some cases, these differences can have a significant impact on security. Let’s take a look at one somewhat-exotic example of a language-specific idiosyncrasy within PHP, […]
