AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started

Security Perspectives

Security Perspective

How a Common Misconfiguration Led to Over 30 Critical Findings

How a Common Misconfiguration Led to Over 30 Critical Findings

Feb 2, 2021

Nate Robb discusses how continuous attack surface testing (Cosmos) found a new vulnerability that served as a pivot point to identifying more critical risks.

By Nate Robb
Security Perspective

Google Partner Program – GPP Top 10

Google Partner Program – GPP Top 10

Jan 26, 2021

We’ve created a prioritized list of the top 10 most common/high-risk bugs and trouble spots that we find on Google Partner security program assessments.

By Jake Miller
Security Perspective

Building a Security Program That Scales

Building a Security Program That Scales

Jan 6, 2021

Bishop Fox collaborated with a startup to build a scalable security program and methodology, while analyzing security risks during each step of the SDLC.

By Bishop Fox
Security Perspective

Infosec Talks You May Have Missed This Year

Infosec Talks You May Have Missed This Year

Dec 18, 2020

Recap of Bishop Fox's favorite infosec talks from the security community in 2020, including presentations at DEF CON Safe Mode, BSides, DerpCon, and more.

By Britt Kemp
Security Perspective

What We Know (And Don’t) About The SolarWinds Orion Hack So Far

What We Know (And Don’t) About The SolarWinds Orion Hack So Far

Dec 15, 2020

Bishop Fox Lead Researcher Dan Petro provides a detailed explanation of what we know and don’t know about the recent SolarWinds Orion hack.

By Dan Petro
Security Perspective

Continuous Testing Finds Major Risks Under the Surface

Continuous Testing Finds Major Risks Under the Surface

Dec 15, 2020

Nate Robb discusses how Continuous Attack Surface Testing operators use automation and human intel to identify emerging threats and protect perimeters.

By Nate Robb
Security Perspective

cyber.dic 2.0: Expand Your Computer’s Vocabulary

cyber.dic 2.0: Expand Your Computer’s Vocabulary

Dec 10, 2020

Update of cyber.dic, the spell checker add-on specializing in cybersecurity terms. The tool offers support for industry-specific terms in word processors.

By Catherine Lu
Security Perspective

The Stolen FireEye Red Team Tools Are Mostly Open Source

The Stolen FireEye Red Team Tools Are Mostly Open Source

Dec 9, 2020

After an attack against FireEye by a nation-state group, we provide context about what’s in the GitHub repository and what these stolen red team tools do.

By Bishop Fox
Security Perspective

The Pen Testing Tools We’re Thankful for in 2020

The Pen Testing Tools We’re Thankful for in 2020

Nov 23, 2020

Recap of Bishop Fox's favorite penetration testing tools for 2020 including, Nuclei, Spyse Search Engine, Dufflebag, GadgetProbe, RMIScout and more.

By Britt Kemp
Security Perspective

Diverse Perspectives Offer a Broader Understanding of Your Attack Surface

Diverse Perspectives Offer a Broader Understanding of Your Attack Surface

Nov 17, 2020

Barrett Darnell discusses how having a diverse, specialized team of CAST pen testers on your side can make your organization less vulnerable to groupthink.

By Barrett Darnell
Security Perspective

Cheating at Online Video Games and What It Can Teach Us About AppSec (Part 3)

Cheating at Online Video Games and What It Can Teach Us About AppSec (Part 3)

Nov 10, 2020

Dan Petro delves into more methods of cheating at video games, highlighting lessons AppSec can learn from their complex and technical security challenges.

By Dan Petro
Security Perspective

Cheating at Online Video Games and What It Can Teach Us About AppSec (Part 2)

Cheating at Online Video Games and What It Can Teach Us About AppSec (Part 2)

Nov 2, 2020

Dan Petro examines more methods of how cheating at video games applies to appsec, including having a computer or bot automate technically demanding tasks.

By Dan Petro
Security Perspective

Cheating at Online Video Games and What It Can Teach Us About AppSec (Part 1)

Cheating at Online Video Games and What It Can Teach Us About AppSec (Part 1)

Oct 29, 2020

Dan Petro examines some classic examples of online video game cheats and explores the lessons these cheats reveal in relation to application security.

By Dan Petro
Security Perspective

Accidentally Secure Is Not Secure: A Case of Three Stooges Syndrome

Accidentally Secure Is Not Secure: A Case of Three Stooges Syndrome

Oct 20, 2020

During pen testing, components or features vulnerable to serious issues that aren't yet exploitable can become major problems after ordinary code changes.

By Dan Petro
Security Perspective

Bishop Fox Fights for Election Security

Bishop Fox Fights for Election Security

Oct 14, 2020

Vincent Liu was a technical expert in a case involving the State of Georgia election and digital voting machine security (Curling v. Raffensperger).

By Bishop Fox
Security Perspective

How to Keep Your Organization Safe From Social Engineering

How to Keep Your Organization Safe From Social Engineering

Oct 13, 2020

Daniel Wood reviews mistakes organizations make with social engineering and how to mitigate risks with better security controls, training, and processes.

By Daniel Wood
Security Perspective

Defining the Scope of Your Pen Test

Defining the Scope of Your Pen Test

Oct 6, 2020

A guide through the decisions that need to be made when planning a penetration test including defining the targets, boundaries, and depth of an assessment.

By Jake Miller
Security Perspective

When Automation Isn’t Enough: The True Impact of Human Expertise on Your Perimeter

When Automation Isn’t Enough: The True Impact of Human Expertise on Your Perimeter

Sep 30, 2020

Ori Zigindere highlights the need for human experts to conduct a thorough analysis of seemingly minor attack surface issues scanners often miss.

By Ori Zigindere
Security Perspective

More Important Than a TPS Report: Designing a Realistic CTF for DEF CON Safe Mode

More Important Than a TPS Report: Designing a Realistic CTF for DEF CON Safe Mode

Sep 22, 2020

Barrett Darnell discusses how the DEF CON Red Team Village The Office themed Capture the Flag competition and Continuous Attack Surface Testing are similar

By Barrett Darnell
Security Perspective

What Makes a Good Penetration Test?

What Makes a Good Penetration Test?

Aug 25, 2020

Jake Miller highlights how to evaluate a penetration test for quality, including clear and actionable deliverables, remediation recommendations, and more.

By Jake Miller
Security Perspective

20 Tips on How to Make the Most of Your Pen Test

20 Tips on How to Make the Most of Your Pen Test

Aug 19, 2020

Jake Miller shares guidance about how to get the most value from pen testing consulting services for companies at every stage of security program maturity.

By Jake Miller
Security Perspective

8 Recommended Talks From DEF CON 28

8 Recommended Talks From DEF CON 28

Aug 18, 2020

Eight recommended talks from DEF CON 28 aka DEF CON Safe Mode, on infosec topics. Speakers include: Ankur Chowdhary, Daniel Miessler, Sean Metcalf and more

By Britt Kemp
Security Perspective

Is This IoT App Safe to Drink?

Is This IoT App Safe to Drink?

Aug 11, 2020

Sound policies to legislate the of Internet of Things (IoT) can help government and industry regulate and improve IoT product security and transparency.

By Brianne Hughes
Security Perspective

A Look Forward to the DEF CON Red Team Village CTF

A Look Forward to the DEF CON Red Team Village CTF

Aug 5, 2020

CTF at 2020 DEFCON Red Team Village will be on a corporate Windows Active Directory environment that allows red teamers to improve security testing skills.

By Barrett Darnell
Load More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.