White Papers and Guides
Here is a consolidated view of all of our white papers available for download.
Curious about why your organization should consider red teaming? This guide explains how red teaming fits in as part of a holistic cybersecurity program and whether your organization is ready to implement it.
How do small security errors lead to huge headaches for a variety of organizations? This organization and joint case study with Timehop discuss the most common cybersecurity errors as well as how to best defend against them.
This guide by Bishop Fox's Gerben Kleijn details how organizations can avoid the pitfalls posed by lackadaisical AWS S3 buckets security and keep their environments secure.
Your Mac systems and software might be safe – until they connect to the Internet. Here are some tips for securing Firefox in OS X.
Attackers are increasingly using a simple method for finding flaws in websites and applications: they Google them. Using Google code search, hackers can identify crucial vulnerabilities in application code strings, providing the entry point they need to break through application security. Sound scary? It is, but there is good news: You can use these same methods to find flaws before the bad guys do.
Rob Ragan and Vincent Liu author The Challenges of Automated Application Assessments in a Web 2.0 World, which discusses the difficulties of properly auditing modern Web 2.0 applications.
Given the choice, every organization would want secure Web sites and applications from the Web application development phase all the way through the software development life cycle. But why is that such a challenge to attain? The answer is in the processes (or lack thereof) that they have in place.
Once you've completed a security assessment as a part of your web application development, it's time to go down the path of remediating all of the security problems you uncovered.
If an organization isn't taking a systematic and proactive approach to web security, and to running a web application vulnerability assessment in particular, then that organization isn't defended against the most rapidly increasing class of attacks.
Most people attempt to define penetration testing as a network attack against an Internet DMZ with the goal of breaking into the internal network. Fundamentally, however, penetration testing is properly defined as the simulation of an attack against a target network or application, encompassing a wide range of activities and variations.
Forensic investigations start at the end. Think of it: You wouldn’t start using science and technology to establish facts (that’s the dictionary definition of forensics) unless you had some reason to establish facts in the first place. But by that time, the crime has already happened. So while requisite, forensics is ultimately unrewarding.