Penetration testing, ethical hacking and vulnerability assessments

In this security testing and ethical hacking guide, you will get info on how to conduct a vulnerability assessment of your network and IT environment with penetration testing and ethical hacking tools and software, ethical hacker training and certifications.

April 08, 2021 08 Apr'21
Unpatched applications threaten SAP security

Cyberattacks are a significant threat to unpatched, unprotected SAP applications, according to a new threat intelligence report from SAP and Onapsis.
April 05, 2021 05 Apr'21
CISA: APTs exploiting Fortinet FortiOS vulnerabilities

Three Fortinet FortiOS vulnerabilities that have been fully patched since last summer are being exploited by advanced persistent threat actors, according to the FBI and CISA.
February 24, 2021 24 Feb'21
Dragos: ICS security threats grew threefold in 2020

A new report highlights the challenges facing ICS vendors today, including practices that are geared toward traditional IT and not designed for ICS security.
February 02, 2021 02 Feb'21
SonicWall confirms zero-day vulnerability on SMA 100 series

After testing NCC Group's findings, SonicWall 'confirmed their submission as a critical zero-day in the SMA 100 series 10.x code, and are tracking it as SNWLID-2021-0001.'

Bring yourself up to speed with our introductory content

5 steps to conduct network penetration testing

Enterprises that want to ensure competent network security strategies should look at how they can implement penetration testing, considering red teams and physical pen tests. Continue Reading
honeypot (computing)

A honeypot is a network-attached system set up as a decoy to lure cyber attackers and detect, deflect and study hacking attempts to gain unauthorized access to information systems. Continue Reading
SolarWinds supply chain attack explained: Need-to-know info

The SolarWinds supply chain breach is the talk of the town -- and will be for months and years to come. Get informed and be part of the conversation with our guide. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

How to perform a cybersecurity risk assessment, step by step

This five-step framework for performing a cybersecurity risk assessment will help your organization prevent and reduce costly security incidents and avoid compliance issues. Continue Reading
Editor's picks: Top cybersecurity articles of 2020

As the year no one could have predicted comes to a close, SearchSecurity takes a 30,000-foot view of the cybersecurity trends and challenges that defined the last 12 months. Continue Reading
Cyber insurance explained, from selection to post-purchase

Before you sign on the dotted line, make sure you understand what cyber insurance can and can't do -- and what type of policy will do the most for you. Continue Reading

Learn to apply best practices and optimize your operations.

Why developers should consider automated threat modeling

Traditional threat modeling is hard. Can automated threat modeling make development and security teams' lives easier? Continue Reading
Introducing development teams to threat modeling in SDLC

Enterprises can improve their security posture by educating development teams on threat modeling so they can work alongside security teams and everyone knows a common language. Continue Reading
The enterprise case for implementing live-fire cyber skilling

Companies continue to grapple with the cybersecurity skills gap, but Adi Dar offers a way to ensure security teams are properly trained through the use of live exercises. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

5 cybersecurity lessons from the SolarWinds breach

Ransomware attack simulations, accessing enterprise logs and pen testing software code are among the best practices cybersecurity pros suggest following the SolarWinds breach. Continue Reading
Hands-on guide to S3 bucket penetration testing

Attention AWS pen testers: The trick to understanding the indicators of AWS S3 bucket vulnerabilities is setting up an insecure bucket. Learn how in this actionable guide. Continue Reading
How to handle Amazon S3 bucket pen testing complexity

Security researcher Benjamin Caudill shares details from his book, 'Hands-On AWS Penetration Testing with Kali Linux,' and advice on Amazon S3 bucket pen testing for ethical hackers. Continue Reading