Top Mistakes CISOs Make When it Comes to Penetration Testing
In this blog, we are going to look into a few of the top mistakes CISOs make when it comes to penetration testing and how your organization can avoid them.
Education
Everything You Need to Know About an Internal Penetration Test
When most people think about penetration testing, or securing their network in general, they tend to focus on their external perimeter that is exposed to the Internet. But as an organization matures from a security perspective and wants to truly understand their risk, they have to look at their network from other angles. The next […]
Why Security Programs Fail
At Triaxiom Security, we have the distinct advantage of working with hundreds of clients across a variety of different verticals. One week, I may be conducting a penetration test for a Fortune 300 retail organization, and the next week I may be doing an audit for a hospital. This wealth of experience gives us the […]
But That System Isn’t On My Domain! Non-Domain-Joined System Security
In today’s blog, we are going to consider non-domain-joined system security. For most organization’s we test, this can include things like medical devices, systems in kiosk mode in public spaces, IoT devices, or other systems that were forgotten. If these systems are not on the domain, do we care? If so, why? How can an […]
5 Myths of Penetration Tests
In the world of penetration testing, there are a lot of myths and misnomers surrounding the types of penetration tests, how penetration tests are conducted, etc. Today, we look to debunk 5 common myths of penetration tests and help you maximize the value from your next penetration test. Common Myths of Penetration Tests “We guarantee […]
What is the Penetration Testing Execution Standard?
The Penetration Testing Execution Standard or “PTES” is a standard consisting of 7 stages covering every key part of a penetration test. The standard was originally invented by information security experts in order to form a baseline as to what is required for an effective penetration test. While this methodology is fairly dated and has […]
OSWP Course Review
Having recently passed the OSCP, I was looking for my next certification. I spent several weeks weighing the different options. Should I look to take my overall penetration testing skills to the next level and pursue Offensive Security’s new OSEP (Offensive Security Experienced Penetration Tester) course or pursue a more specialized path i.e. one dedicated […]
What’s The Difference Between a Gap Analysis and a Penetration Test?
There are a variety of ways to test the maturity of your security program, including a gap analysis and a penetration test. However, it can be overwhelming to hear about these different types of security assessments and try to make an informed decision about what is right for your organization and your budget. The different […]
What is Authentication?
A common term used in many different industries is authentication. In information security specifically, authentication is the process of determining if a person is who they say they are. Usually, this process is completed prior to giving that person access to something, so you can envision authentication as a guarded gate before a person is […]
What is a VAPT?
Recently, we were asked by a client what VAPT meant. VAPT is an acronym for Vulnerability Assessment and Penetration Testing. This is a broad term which can refer to many different types of security testing, so we’ll dig a bit deeper into different services that could be referred to as VAPT, with the goal of […]