New & Notable
Security Testing and Ethical Hacking News
June 18, 2014
Third-party vendors are enabling bug bounty programs for organizations of all sizes, experts say, by handling triage and payment duties.
March 05, 2013
Is offensive security or 'hacking back' a viable cyberdefense tactic? RSA Conference 2013 experts struggled to define the terms, never mind the role they play.
February 26, 2013
At Security B-Sides San Francisco, Brett Hardin asked why organizations hire penetration testers and assessed the value of penetration testing.
December 04, 2012
Secure software development training is having an impact on vulnerability submissions, according to Brian Gorenc of HP TippingPoint DVLabs.
Security Testing and Ethical Hacking Get Started
Bring yourself up to speed with our introductory content
Metasploit attacks may not be sexy, but they can stab through enterprise defenses. Learn how basic security controls can thwart Metasploit hacking. Continue Reading
The PCI DSS penetration testing requirement becomes more rigorous with the release of PCI 3.0. Expert Mike Chapple details the change. Continue Reading
A bug bounty program, also called a hacker bounty program or vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for finding a software bug and reporting it to the organization offering a monetary reward. Continue Reading
Evaluate Security Testing and Ethical Hacking Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
Expert Michael Cobb discusses numerous open source and low-cost Web application security testing options for enterprises on a budget. Continue Reading
To combat social engineering techniques, know thy data and how to protect it against exfiltration by malicious actors. Continue Reading
Should an enterprise opt for subscription-based services or conduct their pen testing in-house? Network security expert Brad Casey discusses. Continue Reading
Manage Security Testing and Ethical Hacking
Learn to apply best practices and optimize your operations.
Expert Nick Lewis explains how to keep call center employees from getting duped by social engineering scams and pretexting. Continue Reading
Voodoo Security founder Dave Shackleford details how enterprises can make penetration test results more meaningful than a compliance exercise. Continue Reading
Not only is modern malware getting more prevalent and sophisticated, it's also now focusing on a broader array of targets. Attackers would still love to break into top-level enterprise systems, but now they're also aiming low, taking advantage of ... Continue Reading
Problem Solve Security Testing and Ethical Hacking Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
Adopting cloud-based applications can be a security headache. Michael Cobb explains how to perform tests that validate cloud app security. Continue Reading
The open source Metasploit Framework is an essential tool to help enterprises detect new vulnerabilities. Michael Cobb explains why. Continue Reading
PCI DSS version 3.0 isn't a wholesale revision, but longtime PCI expert Ed Moyle says merchants' transitions must start now to avoid problems later. Continue Reading