Features

Features

Penetration testing, ethical hacking and vulnerability assessments

• Words to go: Types of phishing scams

  IT teams must take proactive measures to address security awareness when it comes to email. Learn about the types of phishing scams to mitigate risk.  Continue Reading

• Security testing web applications and systems in the modern enterprise

  Security testing web apps with little budget and poor documentation is difficult. Ric Messier discusses building a security testing lab in the DevSecOps, cloud and automation age.  Continue Reading

• Software security testing and software stress testing basics

  In this excerpt from Ric Messier's book, learn why software security testing and stress testing are critical components of an enterprise infosec program.  Continue Reading

• On a penetration tester career path, flexibility and curiosity are key

  Becoming a pen tester takes more than passing an exam. Learn the qualities ethical hackers should embrace to achieve success on their penetration tester career path.  Continue Reading

• Top tips for using the Kali Linux pen testing distribution

  It's the best Linux distro for penetration testers' toolkits, but it's not just any Linux. Get tips on Kali Linux pen testing from project lead Jim O'Gorman.  Continue Reading

• How does AttackSurfaceMapper help with attack surface mapping?

  A new open source pen testing tool expedites attack surface mapping -- one of the most important aspects of any penetration testing engagement.  Continue Reading

• Bugcrowd CTO explains crowdsourced security benefits and challenges

  In part two of this interview, Bugcrowd founder and CTO Casey Ellis discusses the value of crowdsourced vulnerability research, as well as some of the challenges.  Continue Reading

• Bugcrowd CTO on the need for responsible disclosure policy, 'good faith'

  Bugcrowd founder and CTO Casey Ellis talks about his concerns that the era of 'good faith' between security researchers and enterprises is in jeopardy.  Continue Reading

• The vulnerability management process after Equifax

  Cataclysmic security incidents highlight the importance of a vulnerability management program versus a patch management system. Here's how to implement a risk-based approach.  Continue Reading

• Passive Python Network Mapping

  In this excerpt from chapter two of Passive Python Network Mapping, author Chet Hosmer discusses securing your devices against network security threats.  Continue Reading

• When to take a bug bounty program public -- and how to do it

  Bug-finding programs are valuable to enterprises, but they require a lot of planning and effort to be effective. Sean Martin looks at what goes into taking a bug bounty program public.  Continue Reading

• Automated Security Analysis of Android and iOS Applications

  In this excerpt of Automated Security Analysis of Android and iOS Applications with Mobile Security Framework, authors Ajin Abraham and Henry Dalziel discuss mobile application penetration testing.  Continue Reading

• Information security book excerpts and reviews

  Visit the Information Security Bookshelf for book reviews and free chapter downloads.  Continue Reading

• Bug bounty programs narrow the crowd

  Data shows that more companies are moving away from crowdsourcing and adopting invitation-only awards programs. Do higher-quality submissions result?  Continue Reading

• Comparing the top vulnerability management tools

  Expert Ed Tittel compares how the top-rated vulnerability management tools measure up against each other so you can select the right one for your organization.  Continue Reading

• Seven criteria for buying vulnerability management tools

  Expert contributor Ed Tittel describes purchasing criteria for full-featured vulnerability management tools for small organizations to large enterprises.  Continue Reading

• The business case for vulnerability management tools

  Expert Ed Tittel describes business use cases for vulnerability management tools and examines how organizations of all sizes benefit from these products.  Continue Reading

• Introduction to vulnerability management tools

  Expert Ed Tittel explores how vulnerability management tools can help organizations of all sizes uncover defense weaknesses and close security gaps before they are exploited by attackers.  Continue Reading

• Hacking and Penetration Testing with Low Power Devices

  In this excerpt of Hacking and Penetration Testing with Low Power Devices, author Philip Polstra describes "The Deck" -- a custom Linux distribution -- that breaks the traditional penetration model by providing pen testers an OS that runs on ...  Continue Reading

• Choose the best vulnerability assessment tools

  This Buyer's Essentials guide helps InfoSec pros assess vulnerability management products by explaining how they work and by highlighting key features corporate buyers should look for so they can evaluate vendor offerings.  Continue Reading

• App security: Surviving the merger and acquisition process

  Some companies are trying to head off information security glitches before they sign on the dotted line, with help from security officers.  Continue Reading

• New scrutiny on bug bounties: Is there strength in numbers?

  Bug bounty programs are a cool idea and often work, so why haven't they taken off for non-tech companies?  Continue Reading

• Social engineering attacks: Is security focused on the wrong problem?

  To combat social engineering techniques, know thy data and how to protect it against exfiltration by malicious actors.  Continue Reading

• Metasploit Review: Ten Years Later, Are We Any More Secure?

  Some say the pen testing framework is a critical tool for improving enterprise security, while others say it helps attackers.  Continue Reading

• Protection Mechanisms

   Continue Reading

• The Protection Process

   Continue Reading

• Technical Security Architecture

   Continue Reading

• Using control change management to improve attack resistance

  Learn how control change management can free your enterprise from the "widget mentality" -- and ensure better attack resistance.  Continue Reading

• Frank Abagnale preaches the dangers of hacking

  A penitent Frank Abagnale Jr. shuns white-collar crime and fraud, and helps others understand how to guard against the dangers of hacking.  Continue Reading

• Test center: CORE IMPACT 3.1 automated pen testing tool

  Numerous mistakes tarnish the benefits of CORE Security's CORE IMPACT 3.1 automated pen testing tool.  Continue Reading

• Four steps to sound security vulnerability management

  If you're bedeviled by swarms of alerts, you can take control by practicing good security vulnerability management with these four steps.  Continue Reading

• Gateway filtering and server hardening: Security sans user complaints

  Incremental changes, including gateway filtering and server hardening, will lead to a tighter security model without provoking too much user backlash.  Continue Reading