AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started

Resource Center

Discover offensive security resources ranging from reports and guides to our latest webcasts and livestreams.

Customer Stories Datasheets Guides Methodologies Reports Virtual Sessions View All
Featured Resources
Guides

LLM-Assisted Vulnerability Research

LLM-Assisted Vulnerability Research
Read Guide
Guides

Red Team Readiness Guide

Red Team Readiness Guide
Read Guide
Solution Briefs

Application Portfolio Penetration Testing Solution Brief

Application Portfolio Penetration Testing Solution Brief
Read Briefing
Workshops & Training

Building Tools: What, When, and How

Building Tools: What, When, and How
Watch Workshop
Customer Stories

Reltio Trusts Bishop Fox for Cloud Security Testing and Validation

Reltio Trusts Bishop Fox for Cloud Security Testing and Validation

Validated the security of its Kubernetes environments with independent cloud assessments, ensuring trust across its SaaS platform.

Read Story
Reports

451 Research: Bishop Fox launches [Cosmos] platform

451 Research: Bishop Fox launches [Cosmos] platform

Get an independent analyst review of Cosmos (formerly CAST), Bishop Fox's continuous offensive security monitoring solution.

Read Report
Methodologies

Bishop Fox Hybrid Application Assessment Methodology

Bishop Fox Hybrid Application Assessment Methodology

Overview of Bishop Fox’s methodology for hybrid application penetration testing.

Read Methodology
Methodologies

Bishop Fox Application Penetration Testing Methodology

Bishop Fox Application Penetration Testing Methodology
Read Methodology
Methodologies

Bishop Fox Threat Modeling Methodology

Bishop Fox Threat Modeling Methodology

Learn Bishop Fox's proven threat modeling approach. Proactively address security issues across your SDLC with in-depth threat analysis and mitigation strategies.

Read Methodology
Methodologies

Bishop Fox External Penetration Testing Methodology

Bishop Fox External Penetration Testing Methodology

Overview of Bishop Fox’s methodology for external penetration testing.

Read Methodology
Methodologies

Bishop Fox Internal Penetration Testing Methodology

Bishop Fox Internal Penetration Testing Methodology

Overview of Bishop Fox’s methodology for internal penetration testing.

Read Methodology
Customer Stories

Aspire Chooses Bishop Fox for their Google Partner Security Assessment

Aspire Chooses Bishop Fox for their Google Partner Security Assessment

When they needed a security assessment to meet the requirements of the Google Partner Security Program, Aspire came to Bishop Fox. Bishop Fox evaluated their application, Azure environment, and external perimeter. As a result, the Aspire team satisfied Google's requirements.

Read Story
Customer Stories

Republic Services Chooses Bishop Fox for Continuous Testing that Scales

Republic Services Chooses Bishop Fox for Continuous Testing that Scales

Gained complete attack surface visibility through always-on testing at scale, detecting and neutralizing risks as they appear.

Read Story
Methodologies

Bishop Fox Product Security Review Methodology

Bishop Fox Product Security Review Methodology

Overview of Bishop Fox’s methodology for conducting product security reviews.

Read Methodology
Customer Stories

Parrot Chooses Bishop Fox for Privacy Audit and Application Penetration Testing

Parrot Chooses Bishop Fox for Privacy Audit and Application Penetration Testing

Underwent rigorous privacy audits and penetration testing for the FreeFlight 6 mobile app and API to ensure a secure user experience.

Read Story
Guides

What to Expect of Your Google Partner Security Assessment

What to Expect of Your Google Partner Security Assessment

This guide covers what to expect when engaging Bishop Fox to perform a Google Partner OAuth Application security assessment, including project timeline, onboarding and scoping, and deliverables.

Read Guide
Guides

What to Expect of Your Nest Security Assessment

What to Expect of Your Nest Security Assessment

This guide covers what to expect when engaging Bishop Fox to perform a Google Nest Security Assessment, including timeline, scoping, scheduling, and reporting.

Read Guide
Customer Stories

Developing a New Methodology for Illumio to Measure the Power of Micro-Segmentation

Developing a New Methodology for Illumio to Measure the Power of Micro-Segmentation

Proved the impact of micro-segmentation in slowing attackers with a custom testing methodology.

Read Story
Workshops & Training

SmogCloud: Expose Yourself Without Insecurity - Cloud Breach Patterns

SmogCloud: Expose Yourself Without Insecurity - Cloud Breach Patterns

Presented at Black Hat 2020, this presentation looks at the most pragmatic ways to continuously analyze your AWS environments and operationalize that information to answer vital security questions. Demonstrations include integration between IAM Access Analyzer, Tiros Reachability API, and Bishop Fox CAST Cloud Connectors, along with a new open source tool SmogCloud to find continuously changing AWS internet-facing services.

Watch Workshop
Workshops & Training

SmogCloud: Expose Yourself Without Insecurity - Cloud Breach Patterns

SmogCloud: Expose Yourself Without Insecurity - Cloud Breach Patterns

Black Hat USA 2020 presentation looks at pragmatic ways to answer vital security questions in your AWS environment.

Watch Workshop
Virtual Sessions

Illumio Assessment Report: Interview with Raghu Nandakumara and Rob Ragan

Illumio Assessment Report: Interview with Raghu Nandakumara and Rob Ragan
Illumio Field CTO Raghu Nandakumara and Bishop Fox Principal Researcher Rob Ragan discuss the efficacy of microsegmentation in this interview.
Watch Session
Workshops & Training

Dufflebag Deep Dive: Uncovering Secrets in Exposed EBS Volumes

Dufflebag Deep Dive: Uncovering Secrets in Exposed EBS Volumes

In this video, Dan Petro demonstrates how the Bishop Fox open source tool Dufflebag works.

Watch Workshop
Workshops & Training

DerpCon 2020 - Demystifying Capture The Flags (CTF)s

DerpCon 2020 - Demystifying Capture The Flags (CTF)s
In the talk: Demystifying CTFs, Barrett Darnell will provide an overview of CTF formats, the skills they require and the experience they develop, and conclude with a plethora of CTF resources for those wanting to participate.
Watch Workshop
Workshops & Training

Ham Hacks: Breaking into the World of Software Defined Radio

Ham Hacks: Breaking into the World of Software Defined Radio

If you’re a hacker who has always been too afraid of RF protocols to try getting into SDRs, or you have a HackRF collecting dust in your closet, this talk will show you the ropes.

Watch Workshop
Workshops & Training

.NET Roulette: Exploiting Insecure Deserialization in Telerik UI

.NET Roulette: Exploiting Insecure Deserialization in Telerik UI
Telerik UI for ASP.NET AJAX is a widely used suite of UI components for web applications.
Watch Workshop
Workshops & Training

.Net Roulette Exploiting Insecure Deserialization in Telerik UI

.Net Roulette Exploiting Insecure Deserialization in Telerik UI

DerpCon 2020 presentation reviews how .NET deserialization works and how to get shells on real applications.

Watch Workshop
Workshops & Training

Ham Hacks: Breaking into the world of software-defined radio

Ham Hacks: Breaking into the world of software-defined radio

DerpCon 2020 presentation explores how to find, capture, and reverse-engineer RF signals.

Watch Workshop
Workshops & Training

Demystifying Capture the Flags (CTFs)

Demystifying Capture the Flags (CTFs)

DerpCon 2020 presentation on CTF formats, the skills they require, and the experience they develop.

Watch Workshop
Load More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.