Penetration Testing
Penetration Testing | News, how-tos, features, reviews, and videos
6 best practices for blue team success
Every stakeholder, from the CISO to even the red team, wants the blue team to succeed against simulated cyberattacks. Sticking to this advice will help make that happen.
11 stakeholder strategies for red team success
These best practices will help ensure a successful red team exercise by getting all the stakeholders on the same page.
SQL injection, XSS vulnerabilities continue to plague organizations
Errors that allow SQL injection and cross-site scripting attacks are still the top vulnerabilities that pen-testers find, especially at smaller companies.
![CSO: Have you met these hackers? [slide 11]](https://images.idgesg.net/images/article/2018/04/cso_ss_hacker_types_slide_11_innocent_man_angel_wings_halo_by_pixel2013_cc0_via_pixabay_binary_code_and_circuits_by_gettyimages_matejmo-100755738-small.3x2.jpg?auto=webp&quality=85,70){kind=tracking}
DOJ: Good faith security research won’t be charged under Computer Fraud and Abuse Act
The U.S. Department of Justice revises its policy regarding charging violations of the CFAA. Good faith security research will no longer be charged.
Vicarius releases free Nmap scanning tool
The company claims that Nmap Scan Analysis will provide an easy-to-use visualization of Nmap scan data.
Operationalizing a “think like the enemy” strategy
MITRE ATT&CK and new security technology innovation make this possible.
Red vs. blue vs. purple teams: How to run an effective exercise
Playing the role of an attacker can make your team better at defense if you include all the stakeholders and carefully design goals.
Penetration testing explained: How ethical hackers simulate attacks
Penetration testing is a means of evaluating the security of a network or computer system by attempting to break into it. It is an exercise undertaken by professional pen testers (aka ethical hackers) with the permission of the...
10 essential skills and traits of ethical hackers
Learn just what it takes to snag this demanding and rewarding job.
Certified ethical hacker: CEH certification cost, training, and value
Learn how CEH certification will impact your job and salary and how to decide if this cert is right for you.
4 steps to better security hygiene and posture management
Increasing scale and complexity have made keeping up with security hygiene and posture management cumbersome and error prone, leaving organizations exposed. Here's what leading CISOs are doing to close the gap.
Tech Primer
What it takes to become an information assurance analyst
This in-demand role calls for a rare combination of superior communication skills and security chops. Learn how one information assurance analyst landed his current job, the skills and training that helped him get there, and where his...
Tech Primer
Fraud prevention: Improving internal controls
Internal fraud controls aren't fire-and-forget. Smart collaboration and ongoing improvement will help keep fraud in check. Here are the basics.
Tech Primer
How to write an information security policy
Learn the critical first step, why consensus is key, what to cover and how make your information security policy — and program — effective.
Tech Primer
Red team versus blue team: How to run an effective simulation
Playing the role of an attacker can make your team better at defense. Learn how in our step-by-step guide to war gaming your security infrastructure — from involving the right people to weighing a hypothetical vs. live event.
Tech Primer
How to survive (and thrive) in the CISO hot seat
The CISO role is more varied and more pressure-filled than ever. CSO Online looks at how you can be successful in a post where security incidents and management feuds can cost you your job.
eBook
Special report: platforms play big in the cloud
This latest report in our C-Suite 360 series takes a full-spectrum look at the opportunities and risks in cloud computing, offering up the expert information your organization needs to set its cloud strategy.
Research/Infographic
Research report: IT security's looming tipping point
Even as security draws board-level attention, many IT professionals give their organizations’ infosec practices low marks. This special report from CIO, CSO and Computerworld reveals how to tip the balance in the right direction.