Penetration testing, ethical hacking and vulnerability assessments
In this security testing and ethical hacking guide, you will get info on how to conduct a vulnerability assessment of your network and IT environment with penetration testing and ethical hacking tools and software, ethical hacker training and certifications.
New & Notable
Instant Download: Building an Incident Response Action Plan
77% of organizations admit they don’t have a formal cybersecurity incident response plan (CSIRP) that is applied consistently across the organization, according to IBM. If you’re one of them, here’s everything you need to know about building an efficient incident response action plan.
Penetration testing, ethical hacking and vulnerability assessments News
-
August 13, 2019
13
Aug'19
Google wants Project Zero to be part of an open alliance
After five years of running Project Zero, Google wants to expand the scope to an open alliance of vulnerability researchers all working toward the same goal to 'make 0day hard.'
-
August 08, 2019
08
Aug'19
Apple bug bounty expands to MacOS, offers $1 million iOS reward
Apple announced an expansion of its bug bounty program at Black Hat 2019, including rewards for MacOS vulnerabilities and a $1 million reward for a zero-click iOS exploit.
-
August 02, 2019
02
Aug'19
Cohesity CyberScan scans backup copies for security risks
Cohesity CyberScan uses Tenable.io to find security vulnerabilities in backup copies. Because the app is scanning backups, it doesn't affect performance of production environments.
-
May 22, 2019
22
May'19
Risk & Repeat: Cisco vulnerabilities raise backdoor concerns
This week's Risk & Repeat podcast looks at vulnerabilities in Cisco and Huawei products, which have raised concerns about backdoor access in networking equipment.
Penetration testing, ethical hacking and vulnerability assessments Get Started
Bring yourself up to speed with our introductory content
-
Penetration testing vs. red team: What's the difference?
Is penetration testing the same as red team engagement? There are similarities, but they're not the same. Understand the differences to improve your organization's cyberdefenses. Continue Reading
-
What are the benefits and challenges of cloud penetration testing?
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help inform cloud pen test strategies. Continue Reading
-
How does AttackSurfaceMapper help with attack surface mapping?
A new open source pen testing tool expedites attack surface mapping -- one of the most important aspects of any penetration testing engagement. Continue Reading
Evaluate Penetration testing, ethical hacking and vulnerability assessments Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
-
UPnP vulnerability: How is the UPnP protocol being misused?
The UPnP protocol is being misused to distribute malware through home routers. Expert Michael Cobb explains the UPnP vulnerability and how to defend against it. Continue Reading
-
Use an authenticated vulnerability scan to find system flaws
If unsafe computer systems scare the living daylights out of you, tune into this webinar on how to do authenticated vulnerability scans to avoid system damage. Continue Reading
-
Active Cyber Defense Certainty Act: Should we 'hack back'?
With the proposal of the Active Cyber Defense Certainty Act, individuals would be able to 'hack back' when information is stolen. Matt Pascucci makes the case against the bill. Continue Reading
Manage Penetration testing, ethical hacking and vulnerability assessments
Learn to apply best practices and optimize your operations.
-
Top tips for using the Kali Linux pen testing distribution
It's the best Linux distro for penetration testers' toolkits, but it's not just any Linux. Get tips on Kali Linux pen testing from project lead Jim O'Gorman. Continue Reading
-
5 enterprise patch management best practices
It might not be the most exciting of responsibilities, but the value of enterprise patch management cannot be denied. Review these best practices to build a smooth patching process. Continue Reading
-
5-step checklist for web application security testing
This five-step approach to web application security testing with documented results will help keep your organization's applications free of flaws. Continue Reading
Problem Solve Penetration testing, ethical hacking and vulnerability assessments Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
-
How to use Metasploit commands and exploits for penetration tests
These step-by-step instructions demonstrate how to use Metasploit for enterprise vulnerability and penetration testing. Continue Reading
-
What's the best way to prevent XSS attacks?
To prevent cross-site scripting attacks, software developers must validate user input and encode output. Review characters to filter out, as well as sources and sinks to avoid. Continue Reading
-
Wireshark tutorial: How to use Wireshark to sniff network traffic
Learn how to use the Wireshark packet analyzer to monitor network traffic, as well as how to use the Wireshark packet sniffer for network traffic analysis and inspection. Continue Reading