Resource Center

LLM-Assisted Vulnerability Research

Red Team Readiness Guide

Solution Briefs

Application Portfolio Penetration Testing Solution Brief

Read Briefing

Workshops & Training

Building Tools: What, When, and How

Watch Workshop

Getting Red Teaming Right: A How-to Guide

Read our eBook to learn how Red Teaming can provide the ultimate training ground for your defenses, assessing how well (or not) intrusions are detected and how an attacker can move throughout your network to achieve exfiltration.

Virtual Sessions

How the New National Cybersecurity Strategy Will Shape the Future of Offensive Security

Join Bishop Fox for a fireside chat with renowned cybersecurity experts – Evan Wolff & Justin Greis. We’ll discuss how new proposed regulations will impact offensive security initiatives, both short- and long-term.

Watch Session

OWASP ASVS Demystified: A Practical Guide to Web Application Security Testing

In this technical guide, offensive security expert Shanni Prutchi provides analysis of the entire 278 verification requirements listed in OWASP's ASVS standard to assist in the generation of test cases and provide context to companies looking to test their applications against the standard.

Reports

IDC Spotlight - Continuous Prevention: How Attack Surface Management Reduces Risk

Get new analyst insights on the benefits of continuous testing.

Read Report

Virtual Sessions

Notes from the Dark Side: What Our Data Reveals About the Attack Surface

Join our offensive security experts as they share insights gleaned from analyzing twelve months of findings captured in Cosmos, our award-winning attack surface management platform.

Watch Session

Workshops & Training

Powering Up Burp Suite: Building Custom Extensions for Advanced Web Application Testing

Learn how to power up web application security testing with tips on creating customized extensions featuring BurpCage, an extension that replaces any image proxied through Burp Suite leveraging the Montoya API.

Watch Workshop

Methodologies

Bishop Fox Social Engineering Methodology

Get Bishop Fox's social engineering testing methodology. See how we simulate phishing, vishing, and physical attacks to strengthen your security awareness.

Read Methodology

Methodologies

Bishop Fox Tabletop Exercise Methodology

Download Bishop Fox's IR tabletop exercise methodology to understand how we develop realistic attack scenarios, facilitate collaborative exercises, and assess your organization's incident response readiness.

Read Methodology

Cybersecurity Style Guide v2.0

Designed for security researchers, this guide is an invaluable resource for advice on which cybersecurity terms to use in reports and how to use them correctly.

Learn how threat modeling proactively addresses security issues across the software development life cycle with in-depth analysis of application design, threats, and countermeasures that become foundational to ongoing DevOps processes.

Threat Modeling Datasheet

Learn how social engineering goes beyond conventional phishing exercises to explore the depths of how adversaries can exploit your users, empowering you with insights to improve your security awareness program and related controls like email and file security.

Social Engineering Datasheet

Learn how secure code review combines cutting-edge automation with meticulous manual review, ensuring the full spectrum of code-base vulnerabilities are proactively eliminated before attackers have a fighting chance.

Secure Code Review Datasheet

Learn how to obtain a thorough assessment of your organization’s resilience to ransomware threats by applying the latest intelligence, attacker TTPs, and world-class experience so you can effectively communicate relevant risks to your leadership and refine your strategy.

Ransomware Readiness Datasheet

Learn how to fortify your device security by leveraging a multi-point testing methodology that extends beyond known vulnerabilities to keep security issues from reaching production and avoiding real-world attacks.

Product Security Review Datasheet

Learn how to enable your organization to accurately evaluate incident response readiness by immersing your key stakeholders in realistic and customized threat scenarios designed specifically for your business.

Incident Response Tabletop Datasheet

Learn how to uncover the full spectrum of application security risks and code-level vulnerabilities with automated and manual testing methods.

Hybrid Application Assessment Datasheet

Learn how cloud penetration testing can help fortify your cloud defenses with a complete testing methodology that extends beyond configuration reviews to illuminate high-risk entry points, overprivileged access, and susceptible internal pathways that are commonly targeted by attackers.

Cloud Penetration Testing Datasheet

Solution Briefs

Architecture Security Assessment Solution Brief

Learn how our assessment puts your applications and underlying security architecture under the microscope, illuminating critical flaws and systemic improvements that enhance existing security controls and harden defenses against the speed and precision of modern adversaries.

Read Briefing

Architecture Security Assessment Datasheet

From strategic engagements that integrate security across the software development life cycle, to manual and automated testing, our experts uncover tactical and strategic security issues that real-world adversaries specifically target.

Application Security Portfolio Datasheet

Learn how our experts conduct application penetration testing, using manual and automated testing methods, to discover critical vulnerabilities and logic flaws.

Application Penetration Testing Datasheet

Application Penetration Testing Packages Datasheet

Maximize protection, minimize risk, and scale security testing across your growing application portfolio with our penetration testing packages. With three levels of testing to choose from, you can prioritize risk and improve your security posture by assessing more applications for comprehensive coverage.

Healthcare Services Datasheet

Bishop Fox provides a comprehensive portfolio of offensive security solutions to harden the defenses of the healthcare sector against the latest cyber threats, helping to secure sensitive data and protect patient safety.

Financial Services Datasheet

Bishop Fox partners with the world's leading financial institutions to stress-test their defenses, applying the latest adversarial insights & tactics and deep industry expertise to protect their critical assets, customers, and reputation.