Resource Center

Learn Bishop Fox's proven threat modeling approach. Proactively address security issues across your SDLC with in-depth threat analysis and mitigation strategies.

Overview of Bishop Fox’s methodology for external penetration testing.

Overview of Bishop Fox’s methodology for internal penetration testing.

When they needed a security assessment to meet the requirements of the Google Partner Security Program, Aspire came to Bishop Fox. Bishop Fox evaluated their application, Azure environment, and external perimeter. As a result, the Aspire team satisfied Google's requirements.

Gained complete attack surface visibility through always-on testing at scale, detecting and neutralizing risks as they appear.

Overview of Bishop Fox’s methodology for conducting product security reviews.

Underwent rigorous privacy audits and penetration testing for the FreeFlight 6 mobile app and API to ensure a secure user experience.

This guide covers what to expect when engaging Bishop Fox to perform a Google Nest Security Assessment, including timeline, scoping, scheduling, and reporting.

This guide covers what to expect when engaging Bishop Fox to perform a Google Partner OAuth Application security assessment, including project timeline, onboarding and scoping, and deliverables.

Proved the impact of micro-segmentation in slowing attackers with a custom testing methodology.

Presented at Black Hat 2020, this presentation looks at the most pragmatic ways to continuously analyze your AWS environments and operationalize that information to answer vital security questions. Demonstrations include integration between IAM Access Analyzer, Tiros Reachability API, and Bishop Fox CAST Cloud Connectors, along with a new open source tool SmogCloud to find continuously changing AWS internet-facing services.

Black Hat USA 2020 presentation looks at pragmatic ways to answer vital security questions in your AWS environment.

Illumio Field CTO Raghu Nandakumara and Bishop Fox Principal Researcher Rob Ragan discuss the efficacy of microsegmentation in this interview.

In this video, Dan Petro demonstrates how the Bishop Fox open source tool Dufflebag works.

In the talk: Demystifying CTFs, Barrett Darnell will provide an overview of CTF formats, the skills they require and the experience they develop, and conclude with a plethora of CTF resources for those wanting to participate.

If you’re a hacker who has always been too afraid of RF protocols to try getting into SDRs, or you have a HackRF collecting dust in your closet, this talk will show you the ropes.

Telerik UI for ASP.NET AJAX is a widely used suite of UI components for web applications.

DerpCon 2020 presentation reviews how .NET deserialization works and how to get shells on real applications.

DerpCon 2020 presentation explores how to find, capture, and reverse-engineer RF signals.

DerpCon 2020 presentation on CTF formats, the skills they require, and the experience they develop.

When Salesflare knew they needed to complete the new, required security assessment for the G Suite Marketplace, they chose Bishop Fox to secure their CRM product and verify their compliance.

When Google needed to ensure that their user data was being handled securely, they partnered with Bishop Fox to design a security assessment program that could validate the security posture of their 1,000+ G Suite partners. The result: the largest and most successful public third-party ecosystem testing program ever.

Presentation from BSides Atlanta 2020 explores the unprecedented level of exposures in the Cloud and how they can be found.