This blog outlines Triaxiom Security’s methodology for conducting mobile application penetration tests. A mobile application penetration test emulates an attack specifically targeting a custom mobile application (iOS and/or Android) and aims to enumerate all vulnerabilities within an app, ranging from binary compile issues and improper sensitive data storage to more traditional application-based issues such as […]
This blog outlines Triaxiom Security’s methodology for conducting Application Programming Interface (API) penetration tests. An API penetration test emulates an external attacker or malicious insider specifically targeting a custom set of API endpoints and attempting to undermine the security in order to impact the confidentiality, integrity, or availability of an organization’s resources. This document outlines […]
This blog outlines Triaxiom Security’s social engineering methodology, which is used to guide our engineers during these types of engagements. Social engineering engagements are designed to target and take advantage of the human-element to gain access to your network. During the engagement, a variety of methods are used to get an employee to click on […]
Before you hire someone to physically break into your organization, it is probably a good idea to understand what steps they are going to take. In this blog, we will review our physical penetration testing methodology, which is the basic outline for any physical penetration test we perform. If you haven’t already, it might be […]
A firewall configuration review might seem like a pretty straightforward process. And truth be told, it is as far as security assessments go. But that being said, it can help to understand exactly what’s going on during this type of assessment, what the process includes, and what type of results you can expect. We’ve covered […]
Let’s say that your organization has had a potential security incident and needs help. Triaxiom offers incident response services centered around investigating how it happened (so you can prevent it from happening again), what the attacker had access to, and whether the attacker is still present on the network. For more information on what our […]
The following blog will provide an overview of our wireless penetration testing methodology. A wireless penetration test emulates an attacker trying to gain access to the internal network through the wireless network, but also includes some elements of an audit, ensuring your wireless network is in-line with industry standards. This document outlines the standards, tools, […]
Tactical security assessments are great, with a focused scope that produces specific output aimed at improving the security of one particular aspect of your organization, whether it be your e-commerce website, your network perimeter, or your employee’s security awareness. But sometimes, it’s helpful to figure out what your organization’s strategic security posture looks like, and […]
Internal penetration testing takes the perspective of a malicious individual that is connected to your organization’s corporate network. This style of penetration testing has a similar goal to external penetration testing (find sensitive data, take administrative control of the network, etc.), but provides a completely different attack surface for the assessment team to analyze. This […]
One of the primary questions we get from customers considering our services is about our external penetration testing methodology. This is a great question, and usually is an indication that our potential customer is doing their due diligence. After all, you are about to let someone hack your perimeter, it would probably be good to […]
