AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started
Customer header bg dark

Offensive
Security Blog

Expert insights on offensive security, AI vulnerabilities, and emerging threats from Bishop Fox's leading security researchers and penetration testers.

Advisories Culture Security Perspectives Product Technical Research View All
Security Perspective

If Your Scope Is Bad, Your Pen Test Will Be Bad

If Your Scope Is Bad, Your Pen Test Will Be Bad

Mar 23, 2021

The quality of an engagement is entirely dependent on the quality of the scoping. If a penetration test doesn’t start with goals, it won't be as successful

By Jessica La Bouve
Culture

How To Make Remote Work Not Suck: The Bishop Fox WFH Guide

How To Make Remote Work Not Suck: The Bishop Fox WFH Guide

Mar 16, 2021

Security professionals working remotely temporarily or permanently need a home workstation or lab that makes them feel productive and comfortable.

By Britt Kemp
Advisory

Emerging Threat Notification: F5 Networks Vulnerabilities for BIG-IP and BIG-IQ Products

Emerging Threat Notification: F5 Networks Vulnerabilities for BIG-IP and BIG-IQ Products

Mar 11, 2021

F5 Networks released security advisories for critical vulnerabilities affecting the BIG-IP and BIG-IQ products. Install the security update immediately.

By Justin Rhinehart
Security Perspective

ProxyLogon (CVE-2021-26855): 2021’s Top Contender for Vulnerability for the Year (It’s March...)

ProxyLogon (CVE-2021-26855): 2021’s Top Contender for Vulnerability for the Year (It’s March...)

Mar 10, 2021

The attack on Microsoft Exchange servers encompasses several unique vulnerabilities in an attack chain. The impact is critical for multiple reasons.

By Barrett Darnell
Security Perspective

Understanding the Driving Factors of a Pen Test

Understanding the Driving Factors of a Pen Test

Mar 9, 2021

How a pen tester will perform an assessment and determine what assets to attack depends on what’s important to a company's security strategy and investment.

By Dan Petro
Security Perspective

The Evolution of the Red Team

The Evolution of the Red Team

Mar 3, 2021

Bishop Fox believes Red Teams can deliver even more value and prevent attacks by integrating Red Teaming services with risk analysis and threat modeling.

By Todd Kendall
Security Perspective

CVE Digest for January and February 2021: Buffer Overflows Take the Spotlight

CVE Digest for January and February 2021: Buffer Overflows Take the Spotlight

Mar 1, 2021

In this CVE recap of January and part of February 2021, we review notable security vulnerabilities that can threaten an organization's attack surface.

By Britt Kemp
Technical Research

An Exploration of JSON Interoperability Vulnerabilities

An Exploration of JSON Interoperability Vulnerabilities

Feb 25, 2021

Learn more about how the same JSON document can be parsed with different values across microservices, leading to a variety of potential security risks.

By Jake Miller
Security Perspective

What We Can Learn from the Accellion Breach

What We Can Learn from the Accellion Breach

Feb 23, 2021

News about the recent Jones Day/Accellion vendor data breach highlights just how difficult third-party risk management (TPRM) is in practice.

By Joe Sechman
Security Perspective

Choosing the Right Modern Application Security Tools

Choosing the Right Modern Application Security Tools

Feb 23, 2021

Tom Eston describes how a combination of manual and automated application security tools can best support the way your organization develops applications.

By Tom Eston
Security Perspective

When to Engage a Red Team

When to Engage a Red Team

Feb 16, 2021

Engage with a Red Team to uncover business risks and vulnerabilities, improve your defenses and security, and strategize and protect your environment.

By Todd Kendall
Security Perspective

Preparing for the Google Partner Program Security Test

Preparing for the Google Partner Program Security Test

Feb 9, 2021

This Self-Assessment covers common threats to prep for the Google Partner Program assessment, that validates the security of Google partners’ applications.

By Zach Moreno
Security Perspective

How a Common Misconfiguration Led to Over 30 Critical Findings

How a Common Misconfiguration Led to Over 30 Critical Findings

Feb 2, 2021

Nate Robb discusses how continuous attack surface testing (Cosmos) found a new vulnerability that served as a pivot point to identifying more critical risks.

By Nate Robb
Culture

Bishop Fox Presents at 2021 Virtual CactusCon 9

Bishop Fox Presents at 2021 Virtual CactusCon 9

Jan 28, 2021

Bishop Fox is a Partner sponsor of the 2021 virtual CactusCon 9 cybersecurity conferenc. Current and former Foxes will be presenting and running the CTF.

By Bishop Fox
Security Perspective

Google Partner Program – GPP Top 10

Google Partner Program – GPP Top 10

Jan 26, 2021

We’ve created a prioritized list of the top 10 most common/high-risk bugs and trouble spots that we find on Google Partner security program assessments.

By Jake Miller
Technical Research

Bad Pods: Kubernetes Pod Privilege Escalation

Bad Pods: Kubernetes Pod Privilege Escalation

Jan 19, 2021

Seth Art discusses the impact of overly permissive pod security policies and the importance of applying restrictive controls around pod creation by default

By Seth Art
Advisory

Mautic Version <=3.2.2 Advisory

Mautic Version <=3.2.2 Advisory

Jan 15, 2021

Bishop Fox advisory on Mautic application version 3.2.2. The Mautic application is affected by stored cross-site scripting (XSS) vulnerabilities.

By Dardan Prebreza
Advisory

CRAN Version 4.0.2 Advisory

CRAN Version 4.0.2 Advisory

Jan 11, 2021

Bishop Fox advisory on CRAN package manager version 4.0.2. A medium severity path traversal vulnerability was found in the CRAN package manager.

By Chris Davis, Joe DeMesy
Security Perspective

Building a Security Program That Scales

Building a Security Program That Scales

Jan 6, 2021

Bishop Fox collaborated with a startup to build a scalable security program and methodology, while analyzing security risks during each step of the SDLC.

By Bishop Fox
Security Perspective

Infosec Talks You May Have Missed This Year

Infosec Talks You May Have Missed This Year

Dec 18, 2020

Recap of Bishop Fox's favorite infosec talks from the security community in 2020, including presentations at DEF CON Safe Mode, BSides, DerpCon, and more.

By Britt Kemp
Security Perspective

What We Know (And Don’t) About The SolarWinds Orion Hack So Far

What We Know (And Don’t) About The SolarWinds Orion Hack So Far

Dec 15, 2020

Bishop Fox Lead Researcher Dan Petro provides a detailed explanation of what we know and don’t know about the recent SolarWinds Orion hack.

By Dan Petro
Security Perspective

Continuous Testing Finds Major Risks Under the Surface

Continuous Testing Finds Major Risks Under the Surface

Dec 15, 2020

Nate Robb discusses how Continuous Attack Surface Testing operators use automation and human intel to identify emerging threats and protect perimeters.

By Nate Robb
Security Perspective

cyber.dic 2.0: Expand Your Computer’s Vocabulary

cyber.dic 2.0: Expand Your Computer’s Vocabulary

Dec 10, 2020

Update of cyber.dic, the spell checker add-on specializing in cybersecurity terms. The tool offers support for industry-specific terms in word processors.

By Catherine Lu
Security Perspective

The Stolen FireEye Red Team Tools Are Mostly Open Source

The Stolen FireEye Red Team Tools Are Mostly Open Source

Dec 9, 2020

After an attack against FireEye by a nation-state group, we provide context about what’s in the GitHub repository and what these stolen red team tools do.

By Bishop Fox
Load More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.