Guides

Before releasing AI-developed software, use our recommended security guardrails checklist to learn how to constrain generated code, enforce security controls, and prevent silent risk from prompt to production.

The Red Team Vendor Evaluation Matrix Worksheet is designed to help security leaders evaluate red team vendors thoughtfully before engagement using a structured, question-driven approach.

Download this guide to explore key aspects of application penetration testing, questions to ask along the way, how to evaluate vendors, and our top recommendations to make the most of your pen test based on almost two decades of experience and thousands of engagements.

Explore Bishop Fox's experimental research into applying Large Language Models to vulnerability research and patch diffing workflows. This technical guide presents methodology, data, and insights from structured experiments testing LLM capabilities across high-impact CVEs, offering a transparent look at where AI shows promise and where challenges remain.

The Red Team Readiness Guide is a practical, question-driven planning framework that helps security leaders align stakeholders, clarify objectives, and evaluate organizational readiness ahead of a Red Team engagement. Use it to avoid common pitfalls, define business-relevant goals, and set the stage for maximum impact.

The Red Team Readiness Assessment is a guided self-assessment worksheet that helps security teams evaluate their preparedness, align stakeholders, and plan more effective Red Team engagements. Use it to define objectives, set scope, and establish the protocols needed for a successful simulation.

Bishop Fox’s comprehensive DORA FAQ guide walks you through everything you need to know about fulfilling these critical requirements. This resource is a must-have for financial institutions looking to stay ahead of DORA’s complex compliance landscape.

Bishop Fox's Financial Services industry cut provides a comprehensive analysis of offensive security trends within financial services, using industry data gathered from our joint research report with the Ponemon Institute.

Download our guide to discover the current challenges in securing the cloud, the approach offensive security takes through cloud penetration testing, and the differences and advantages of investing in CPTs as part of a cloud security program.

Read our eBook to learn how Red Teaming can provide the ultimate training ground for your defenses, assessing how well (or not) intrusions are detected and how an attacker can move throughout your network to achieve exfiltration.

In this technical guide, offensive security expert Shanni Prutchi provides analysis of the entire 278 verification requirements listed in OWASP's ASVS standard to assist in the generation of test cases and provide context to companies looking to test their applications against the standard.

Designed for security researchers, this guide is an invaluable resource for advice on which cybersecurity terms to use in reports and how to use them correctly.

This inaugural report, in partnership with Bishop Fox, surveyed 280 ethical hackers to understand how adversaries think about the attack surfaces that they seek to exploit.

Our ransomware readiness guide helps you understand your current state of ransomware readiness, prepare for ransomware attacks, identify gaps in your current strategy, and measure progress to continually enhance readiness.

Our eBook offers practical recommendations on how developers and security teams alike can move towards a DevSecOps model in any organization – with a goal of shared responsibility and creating a perpetual and repeatable process.

Download this eBook to uncover the factors and inputs used in our customizable ROI calculator that are critical to making the business case for continuous offensive testing. The output of the calculator is intended to help you draw a direct line from investment to risk mitigation that can be communicated to both technical and non-technical decision makers.

What’s better than a Top 10 List? An ultimate guide of all our favorite lists – from red team and cloud penetration tools TO our favorite music to hack to and the best reads for your offensive security journey. We’ve got you covered to level up your penetration testing game with this comprehensive guide of hacking goodies.

This step-by-step technical guide highlights the capabilities of asminject.py, a code injection tool used to compromise Linux processes and containers.

To ensure your security investments offer complete visibility into your attack surface and uncover critical risks at scale, we've compiled questions to help you evaluate solutions. We focus on six key areas: attack surface discovery, exposure identification, triage, validation, remediation, and outputs.

SW Labs assessed Bishop Fox’s Cosmos (formerly CAST) the “Best Emerging Technology" Attack Surface Management Platform of 2021.

Comprehensive overview of the fast-growing Attack Surface Management category from the cybersecurity experts at Security Weekly Labs.

See how low-risk exposures can become catalysts for destructive attacks. We include examples of exposures found in real-world environments, including a step-by-step view into how ethical hackers exploited them to reach high-value targets.

This handy guide provides a list of great resources for learning to be a pen tester.

This user-friendly guide offers a comprehensive offensive security roadmap for sysadmins, penetration testers, and other security professionals.