New & Notable
Security Testing and Ethical Hacking News
October 10, 2014
News roundup: Colleges across the country are offering courses in offensive hacking, but are they ethical? Plus: Why the first 'online murder' may happen in 2014; Palo Alto and NSS Labs make up; numerous Android security issues surface.
October 03, 2014
News roundup: Palo Alto's next-generation firewall fared poorly in a recent NSS Labs report, leading to a testy back-and-forth about NGFW testing. Plus: Mitnick selling zero days; EMET bypassed, again; iThemes stored plaintext passwords.
June 18, 2014
Third-party vendors are enabling bug bounty programs for organizations of all sizes, experts say, by handling triage and payment duties.
March 05, 2013
Is offensive security or 'hacking back' a viable cyberdefense tactic? RSA Conference 2013 experts struggled to define the terms, never mind the role they play.
Security Testing and Ethical Hacking Get Started
Bring yourself up to speed with our introductory content
Metasploit attacks may not be sexy, but they can stab through enterprise defenses. Learn how basic security controls can thwart Metasploit hacking. Continue Reading
The PCI DSS penetration testing requirement becomes more rigorous with the release of PCI 3.0. Expert Mike Chapple details the change. Continue Reading
A bug bounty program, also called a hacker bounty program or vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for finding a software bug and reporting it to the organization offering a monetary reward. Continue Reading
Evaluate Security Testing and Ethical Hacking Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most endeavors humans devise, the impulse to automate the pen test is seemingly irresistible. But is it a good... Continue Reading
Expert Michael Cobb discusses numerous open source and low-cost Web application security testing options for enterprises on a budget. Continue Reading
To combat social engineering techniques, know thy data and how to protect it against exfiltration by malicious actors. Continue Reading
Product ReviewsPowered by IT Central Station
The FortiGate security appliances. UTM security in a single device, good administrative interface and performances.Powered by IT Central Station
First things first Talking about FortiGate from Fortinet we are talking about a family of UTM (Unified Threat Management) appliances. This...Continue Reading
For price criteria, Fortinet wins over competitors. That being said, certain areas of the product need improvementPowered by IT Central Station
Use Of Solution: 4.5 years Valuable Features:...Continue Reading
Powered by IT Central Station
Cisco ASA has better application granularity, a more flexible means of policy creation, and easier to use controls and more powerful reports ...Continue Reading
Manage Security Testing and Ethical Hacking
Learn to apply best practices and optimize your operations.
In this excerpt of Hacking with Kali: Practical Penetration Testing Techniques, authors James Broad and Andrew Bindner outline the five phases of the penetration testing lifecycle. Continue Reading
Expert Nick Lewis explains how to keep call center employees from getting duped by social engineering scams and pretexting. Continue Reading
Voodoo Security founder Dave Shackleford details how enterprises can make penetration test results more meaningful than a compliance exercise. Continue Reading
Problem Solve Security Testing and Ethical Hacking Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
Adopting cloud-based applications can be a security headache. Michael Cobb explains how to perform tests that validate cloud app security. Continue Reading
The open source Metasploit Framework is an essential tool to help enterprises detect new vulnerabilities. Michael Cobb explains why. Continue Reading
Should an enterprise opt for subscription-based services or conduct their pen testing in-house? Network security expert Brad Casey discusses. Continue Reading