Updates6/10/20268 min read
Did Someone Just Email Me... From My Own Email Address?
A True Story About a Client Who Almost Got Hacked by Himself
A
AXUM SECAXUM Perspectives
Research, analysis, and practical security commentary.
Explore technical articles, field notes, and strategic updates from the team.
Layout
Latest Articles
Read more
Hardware security 6/3/202612 min read
Securing the Fast Lane: An In-Depth Technical Guide to RFID ETC System Security
Every time you drive through a toll gantry at highway speeds, a silent, complex cryptographic handshake occurs in milliseconds. Your vehicle's RFID tag and the roadside reader exchange encrypted messages, verify identities, and authorize a financial transaction—all before you've had time to blink. This seamless experience masks a sophisticated security infrastructure designed to protect both your privacy and the toll authority's revenue. This guide explores RFID Electronic Toll Collection (ETC) security from the ground up—starting with the basic components that make it work, then diving deep into the cryptographic protocols, standards, and countermeasures that secure billions of annual transactions worldwide.
A
AXUM SEC HARDWARE SECURITY TEAM
DevSecOps5/13/20269 min read
"Panic at the End" to "Security by Default" – A Technical Deep Dive into the Secure Development Lifecycle
Stop chasing vulnerabilities after deployment. This guide walks you from the basic "why" of secure development to the technical "how" of SAST, DAST, threat modeling, and pipeline automation—reducing risk while accelerating delivery.
A
AXUM SEC Team
Pentesting5/11/20268 min read
Mobile App Security in the Age of Continuous Threats: A Hands-On Guide to Pentesting with Axum SEC PTaaS
Your company just shipped a new mobile banking app. It passed QA. It looks beautiful. It's live on the App Store and Google Play. But when was the last time someone actually tried to break it?
API Security5/11/20268 min read
API Security Testing 101: How to Find Vulnerabilities Before Attackers Do
APIs are the #1 attack target. Learn how to test for BOLA, broken authentication, rate limiting, and injection flaws with actionable techniques and tools. Based on Axum's research across 10,000+ APIs.