Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
I Got 99 Problems But a Log Ain’t One
1.1 IntroductionHere at TrustedSec, one of the goals of the Tactical Awareness & Countermeasures (TAC) team is to assess and enhance our partners' security…
Application Layer Encryption with Web Crypto API
OverviewIn web and mobile applications, we’ve been fortunate over the years to have such widespread use of HTTPS by way of TLS. The proliferation of HTTPS is…
Why the WAF
In my experience, most organizations are prepared to discuss the scope of penetration tests when preparing for an External or Internal Penetration Test, but…
The Necessity of Active Testing – Detection Edition
Most security teams understand the importance of log collection and building detections to provide early indicators of anomalous or potentially malicious…
How Far Should You Let Penetration Testers Go?
How far should you let penetration testers go once they have a finding or foothold on a penetration test of your organization?As far as they can!The goal is to…
Discovering Your Baud
I'm still pretty new to hardware hacking and find myself going through a lot of media (both text and moving pictures) about various techniques to interact with…
TrustedSec Achieves CREST Certification
TrustedSec has achieved CREST Certification for penetration testing, a globally recognized standard that verifies an organization's ability to conduct…
Kubernetes for Pentesters: Part 1
In the first section of this multi-part practical guide, I’ll introduce you to Kubernetes (K8s) from a penetration testing perspective, including basic…
CUI For the Rest of Us: The New Government-Wide CUI Protection Contract Clause
U.S. government contractors need to start preparing for a proposed new government-wide Controlled Unclassified Information (CUI) protection requirement.
MCP: An Introduction to Agentic Op Support
1.1 IntroductionAgents and Large Language Models (LLMs) offer a powerful combination for driving automation. In this post, we’ll explore how to implement…
Getting the Most Out of Your API Security Assessment
Tips for what you can do in advance of an API Security Assessment to help us avoid delays and ensure the process runs smoothly and benefits everyone.
PCI DSS Payment Card Data Retention
The Payment Card Industry Data Security Standard (PCI DSS) applies to and has specific requirements for retention of Account Data. In general, organizations…
I Got 99 Problems But a Log Ain’t One
1.1 IntroductionHere at TrustedSec, one of the goals of the Tactical Awareness & Countermeasures (TAC) team is to assess and enhance our partners' security…
Application Layer Encryption with Web Crypto API
OverviewIn web and mobile applications, we’ve been fortunate over the years to have such widespread use of HTTPS by way of TLS. The proliferation of HTTPS is…
Why the WAF
In my experience, most organizations are prepared to discuss the scope of penetration tests when preparing for an External or Internal Penetration Test, but…
The Necessity of Active Testing – Detection Edition
Most security teams understand the importance of log collection and building detections to provide early indicators of anomalous or potentially malicious…
How Far Should You Let Penetration Testers Go?
How far should you let penetration testers go once they have a finding or foothold on a penetration test of your organization?As far as they can!The goal is to…
Discovering Your Baud
I'm still pretty new to hardware hacking and find myself going through a lot of media (both text and moving pictures) about various techniques to interact with…
TrustedSec Achieves CREST Certification
TrustedSec has achieved CREST Certification for penetration testing, a globally recognized standard that verifies an organization's ability to conduct…
Kubernetes for Pentesters: Part 1
In the first section of this multi-part practical guide, I’ll introduce you to Kubernetes (K8s) from a penetration testing perspective, including basic…
CUI For the Rest of Us: The New Government-Wide CUI Protection Contract Clause
U.S. government contractors need to start preparing for a proposed new government-wide Controlled Unclassified Information (CUI) protection requirement.
MCP: An Introduction to Agentic Op Support
1.1 IntroductionAgents and Large Language Models (LLMs) offer a powerful combination for driving automation. In this post, we’ll explore how to implement…
Getting the Most Out of Your API Security Assessment
Tips for what you can do in advance of an API Security Assessment to help us avoid delays and ensure the process runs smoothly and benefits everyone.
PCI DSS Payment Card Data Retention
The Payment Card Industry Data Security Standard (PCI DSS) applies to and has specific requirements for retention of Account Data. In general, organizations…