Penetration testing, ethical hacking and vulnerability assessments news, help and research

Penetration testing, ethical hacking and vulnerability assessments News

January 14, 2021 14 Jan'21
Tenable: Vulnerability disclosures skyrocketed over last 5 years

New research from Tenable shows a dramatic increase in vulnerability disclosures since 2015, as well as concerning data about data breaches, ransomware threats and unpatched bugs.
December 23, 2020 23 Dec'20
Security measures critical for COVID-19 vaccine distribution

The COVID-19 vaccine supply chain is already under attack, which comes as no surprise to experts. The biggest potential threats, however, are still to come.
November 04, 2020 04 Nov'20
SaltStack discloses critical vulnerabilities, urges patching

The SaltStack vulnerabilities, disclosed Tuesday, allow remote attackers to execute arbitrary code on affected installations of the popular open source software.
September 23, 2020 23 Sep'20
ConnectWise launches bug bounty program to boost security

ConnectWise, which provides remote management software to MSPs, partnered with HackerOne in its first bug bounty program, which is part of a larger strategy to improve security.

Bring yourself up to speed with our introductory content

Explore benefits and challenges of cloud penetration testing

Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help inform cloud pen test strategies. Continue Reading
Practice Certified Ethical Hacker exam questions

Preparing for your Certified Ethical Hacker certification? Assess your knowledge of topics on the CEH exam with these practice test questions. Continue Reading
Ethical hacker career path advice: Getting started

Matt Walker, author of a Certified Ethical Hacker exam guide and practice exam book, offers advice to career hopefuls on the profession, CEH certification and more. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

How to perform a cybersecurity risk assessment, step by step

This five-step framework for performing a cybersecurity risk assessment will help your organization prevent and reduce costly security incidents and avoid compliance issues. Continue Reading
Editor's picks: Top cybersecurity articles of 2020

As the year no one could have predicted comes to a close, SearchSecurity takes a 30,000-foot view of the cybersecurity trends and challenges that defined the last 12 months. Continue Reading
Cyber insurance explained, from selection to post-purchase

Before you sign on the dotted line, make sure you understand what cyber insurance can and can't do -- and what type of policy will do the most for you. Continue Reading

Learn to apply best practices and optimize your operations.

The enterprise case for implementing live-fire cyber skilling

Companies continue to grapple with the cybersecurity skills gap, but Adi Dar offers a way to ensure security teams are properly trained through the use of live exercises. Continue Reading
Pair cyber insurance, risk mitigation to manage cyber-risk

The role of cyber insurance may come after a breach, but it remains a useful element in an organization's vulnerability management strategy. Continue Reading
Red team vs. blue team vs. purple team: What's the difference?

Red team-blue team exercises simulate attacks on enterprise networks. What does each team do? Where do purple teams fit in? Find out here. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

Hands-on guide to S3 bucket penetration testing

Attention AWS pen testers: The trick to understanding the indicators of AWS S3 bucket vulnerabilities is setting up an insecure bucket. Learn how in this actionable guide. Continue Reading
How to handle Amazon S3 bucket pen testing complexity

Security researcher Benjamin Caudill shares details from his book, 'Hands-On AWS Penetration Testing with Kali Linux,' and advice on Amazon S3 bucket pen testing for ethical hackers. Continue Reading
How can companies identify IT infrastructure vulnerabilities?

New, sophisticated technology is available to help infosec pros find IT infrastructure vulnerabilities. Automated pen testing and outsourcing threat intelligence services can help. Continue Reading