Executive brief on how PCI DSS 4.0 affects offensive security practices, penetration testing, and segmentation testing. Watch Now

Featured Resource

Red Teaming: Is Your Security Program Ready for the Ultimate Test?

In this webcast, Trevin Edgeworth, Red Team Practice Director, will share key insights from decades of experience to help you determine whether Red Teaming is the right next step.

Read More
Adversarial Controls Testing Datasheet preview with purple background.
Datasheet

Adversarial Controls Testing Datasheet

Learn how Adversarial Controls Testing uses an attack-based approach mapped to the MITRE ATT&CK framework to determine the effectiveness of your email/phishing, endpoint, and network security controls.

Adversarial Controls Testing Methodology cover page preview on dark background.
Methodology

Bishop Fox Adversarial Controls Testing Methodology

Download our methodology document to learn about our adversarial, attack-based approach to testing your key security controls.
Bishop Fox Application Penetration Testing Packages methodology document preview, showcasing summary of engagement, process steps, and assessment scope.
Methodology

Bishop Fox Application Penetration Testing Packages Methodology

This methodology document provides an overview of how Bishop Fox conducts our standardized application penetration testing services.
Bishop Fox Livestream RSAC 2024 Application Security
Virtual Session

Beyond Whack-a-Mole: Modern AppSec Strategies for High-Growth Companies

Security leaders from Reddit, Meta, and SeatGeek share battle-tested approaches for scaling application security in fast-moving environments. Learn how these organizations are shifting from vulnerability hunting to building secure-by-default ecosystems that empower rather than hinder development teams.
Black and dark purple background with speaker headshot on left side. Teal background in speaker headshot. White and teal letters.
Virtual Session

Exploiting Java Deserialization in GWT: From Detection to Command Execution

Watch our exclusive livestream with Ben Lincoln, Managing Principal at Bishop Fox, to learn about GWT web application vulnerabilities, exploitation strategies, and security enhancement recommendations.
Managed Security Service: Cosmos Application Penetration Testing (CAPT) datasheet pages floating on dark background.
Datasheet

Cosmos Application Penetration Testing (CAPT) Datasheet

Learn how to strengthen the security of your critical business applications with authenticated assessments that uncover the full spectrum of exposures above and below the surface.

Subscribe to our blog and advisories

Be first to learn about latest tools, advisories, and findings.

2024 Q2 CAPT Methodology Digital Tile
Methodology

Cosmos Application Penetration Testing Methodology

This methodology document provides an overview of Bishop Fox's Cosmos Application Penetration Testing engagements.
Training session title: Swagger Jacker Training about improved auditing of OpenAPI Definition Files with the headshot os security consultant Tony West, a Bishop Fox adversarial operator.
Workshops & Training

Swagger Jacker: Improved Auditing of OpenAPI Definition Files

Discover the power of Swagger Jacker, an open-source audit tool designed to improve inspection of unintentionally exposed OpenAPI definition files for penetration testers.

Purple gradient background with headshot of speaker on left side.
Virtual Session

OWASP ASVS: Unlocking Stronger Application Security

Join offensive security expert Shanni Prutchi in this livestream as she shares her analysis of the 278 verification requirements listed in OWASP's Application Security Verification Standard (ASVS). Learn how to generate test cases and gain insights to effectively test your applications against the standard.
Dark purple background with headshots of speakers Erez Yalon, Vandana Verma, and Joylynn Kirui, Bishop Fox logo, and title: The Art of Hacking, Hacker's Arsenal in AppSec.

"Hacker's Arsenal in AppSec" Session - DEF CON 31

In this session, we investigate how applications are the beating heart of the digital realm, and as hackers, we know just how to make them skip a beat.
OWASP ASVS Demystified digital guide on purple lock background.
Guides & Report

OWASP ASVS Demystified: A Practical Guide to Web Application Security Testing

In this technical guide, offensive security expert Shanni Prutchi provides analysis of the entire 278 verification requirements listed in OWASP's ASVS standard to assist in the generation of test cases and provide context to companies looking to test their applications against the standard.
Cover pages of the Bishop Fox Secure Code Review on dark background.
Datasheet

Secure Code Review Datasheet

Learn how secure code review combines cutting-edge automation with meticulous manual review, ensuring the full spectrum of code-base vulnerabilities are proactively eliminated before attackers have a fighting chance.
Load More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.