White Papers and Guides
Here is a consolidated view of all of our white papers available for download.
If you're a newcomer to the world of AWS cloud security, this Bishop Fox guide can help you determine where to start and what best practices to embrace to ensure a strong security posture for your organization.
Passwords have suffered from numerous flaws throughout the history of time. In this guide, we examine what's gone wrong in the past and how we can change - for the better - going forward.
Curious about why your organization should consider red teaming? This guide explains how red teaming fits in as part of a holistic cybersecurity program and whether your organization is ready to implement it.
How do small security errors lead to huge headaches for a variety of organizations? This organization and joint case study with Timehop discuss the most common cybersecurity errors as well as how to best defend against them.
This guide by Bishop Fox's Gerben Kleijn details how organizations can avoid the pitfalls posed by lackadaisical AWS S3 buckets security and keep their environments secure.
Rob Ragan and Vincent Liu author The Challenges of Automated Application Assessments in a Web 2.0 World, which discusses the difficulties of properly auditing modern Web 2.0 applications.
Given the choice, every organization would want secure Web sites and applications from the Web application development phase all the way through the software development life cycle. But why is that such a challenge to attain? The answer is in the processes (or lack thereof) that they have in place.
Once you've completed a security assessment as a part of your web application development, it's time to go down the path of remediating all of the security problems you uncovered.
If an organization isn't taking a systematic and proactive approach to web security, and to running a web application vulnerability assessment in particular, then that organization isn't defended against the most rapidly increasing class of attacks.
Most people attempt to define penetration testing as a network attack against an Internet DMZ with the goal of breaking into the internal network. Fundamentally, however, penetration testing is properly defined as the simulation of an attack against a target network or application, encompassing a wide range of activities and variations.
Forensic investigations start at the end. Think of it: You wouldn’t start using science and technology to establish facts (that’s the dictionary definition of forensics) unless you had some reason to establish facts in the first place. But by that time, the crime has already happened. So while requisite, forensics is ultimately unrewarding.