New & Notable
Security Testing and Ethical Hacking News
November 21, 2014
News roundup: As the industry responds to growing demand for end-to-end Internet encryption, some fear unintended consequences. Plus: Black hats wanted; Windows Phone survives Pwn2Own; webcam spying resurgence.
October 10, 2014
News roundup: Colleges across the country are offering courses in offensive hacking, but are they ethical? Plus: Why the first 'online murder' may happen in 2014; Palo Alto and NSS Labs make up; numerous Android security issues surface.
October 03, 2014
News roundup: Palo Alto's next-generation firewall fared poorly in a recent NSS Labs report, leading to a testy back-and-forth about NGFW testing. Plus: Mitnick selling zero days; EMET bypassed, again; iThemes stored plaintext passwords.
June 18, 2014
Third-party vendors are enabling bug bounty programs for organizations of all sizes, experts say, by handling triage and payment duties.
Security Testing and Ethical Hacking Get Started
Bring yourself up to speed with our introductory content
An ethical hacker is a computer and networking expert who systematically attempts to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could potentially exploit. Continue Reading
In this exploratory article, expert Mike Chapple explains what automated penetration testing is, why it is useful and how to start building an enterprise penetration tester toolkit. Continue Reading
Automated penetration testing can play a pivotal role in improving the pen testing process while reducing the resources required, yet without the proper approach it may be a complete waste of time. Expert Kevin Beaver explains. Continue Reading
Evaluate Security Testing and Ethical Hacking Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
The increasing popularity of bug bounty programs leaves many wondering if they can improve enterprise software security. Expert Michael Cobb discusses the ins and outs of such programs. Continue Reading
For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most endeavors humans devise, the impulse to automate the pen test is seemingly irresistible. But is it a good... Continue Reading
Expert Michael Cobb discusses numerous open source and low-cost Web application security testing options for enterprises on a budget. Continue Reading
Product ReviewsPowered by IT Central Station
The FortiGate security appliances. UTM security in a single device, good administrative interface and performances.Powered by IT Central Station
First things first Talking about FortiGate from Fortinet we are talking about a family of UTM (Unified Threat Management) appliances. This...Continue Reading
For price criteria, Fortinet wins over competitors. That being said, certain areas of the product need improvementPowered by IT Central Station
Valuable Features: <ul> <li>Performances</li> <li>VDOM</li> <li>UTM</li> <li>Consolidated...Continue Reading
Powered by IT Central Station
Cisco ASA has better application granularity, a more flexible means of policy creation, and easier to use controls and more powerful reports ...Continue Reading
Manage Security Testing and Ethical Hacking
Learn to apply best practices and optimize your operations.
In this excerpt of Hacking with Kali: Practical Penetration Testing Techniques, authors James Broad and Andrew Bindner outline the five phases of the penetration testing lifecycle. Continue Reading
Expert Nick Lewis explains how to keep call center employees from getting duped by social engineering scams and pretexting. Continue Reading
Voodoo Security founder Dave Shackleford details how enterprises can make penetration test results more meaningful than a compliance exercise. Continue Reading
Problem Solve Security Testing and Ethical Hacking Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
Adopting cloud-based applications can be a security headache. Michael Cobb explains how to perform tests that validate cloud app security. Continue Reading
The open source Metasploit Framework is an essential tool to help enterprises detect new vulnerabilities. Michael Cobb explains why. Continue Reading
Should an enterprise opt for subscription-based services or conduct their pen testing in-house? Network security expert Brad Casey discusses. Continue Reading