Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Pentesting for PCI DSS compliance: 6 key requirements

For any organization that processes, stores or transmits credit card data, penetration testing has been an obligation since 2013. That's when the compliance
Read More
Article

9 free risk management tools for IT & security pros

Selecting and following the appropriate risk assessment methodology is key to creating a safe computing environment. However, the reality is that assessing r
Read More
Article

2017 OWASP A3 Update: Sensitive Data Exposure

Introduction Si vis pacem, para bellum! This classic Latin quote by Vegetius translates to "If you want peace, prepare for war." As far as aphorisms goes, th
Read More
Article

Android penetration tools walkthrough series Dex2Jar, JD-GUI, and Baksmali

In this article, we will be focusing on Android penetration testing tools such as Dex2Jar, JD-GUI, and Baksmali to work with reverse engineering Android APK
Read More
Article

Android penetration tools walkthrough series: Apktool

In this article, we will look at the step by step procedure to setup utility called "Apktool" and its usage in android application penetration testing.
Read More
Article

Preventing Business Email Compromise (BEC) With Strong Security Policies

Introduction Business email compromise (BEC) is a phishing and social engineering scam threatening every organization in every sector on every continent. Ev
Read More
Article

2017 OWASP A10 update: Insufficient logging & monitoring

Many critics of the Open Web Application Security Project (OWASP) Top Ten list view insufficient logging and monitoring, new on the list in 2017, as more of
Read More
Article

Vulnerability scanning with Metasploit part I

Metasploit Framework, the Metasploit Project's best-known creation, is a software platform for developing, testing, and executing exploits. It can be used to
Read More
Article

XML vulnerabilities are still attractive targets for attackers

--> Click the link to the right to download the associated configuration files for this lab article XML is widely used in software systems for persistent
Read More
Article

Introduction to the paros proxy lightweight web application tool

The Paros Proxy Lightweight Web Application tool is one of the most popular penetration testing tools for web applications. Web app developers and security e
Read More
Article

Advance persistent threat - Lateral movement detection in Windows infrastructure - Part II

In the previous article "Advanced Persistent Threat - Lateral Movement Detection in Windows Infrastructure - Part I," we discussed the advanced threat and co
Read More
Article

Android penetration tools walkthrough series: MobSF

This article reviews the step-by-step procedures for deploying a Pentesting tool called "MobSF," which is utilized primarily on the Android OS. MobSF is a
Read More
Article

All You Need to Know About the Cambridge Analytica Privacy Scandal

Introduction The commercial data analytics company Cambridge Analytica is in the middle of one of the biggest privacy scandals of the last years; the firm ha
Read More
Article

2017 OWASP A9 Update: Using Components With Known Vulnerabilities

Introduction It does not take a rocket scientist to understand using components with known vulnerabilities is a very poor choice. While solving this issue ma
Read More
Article

Basics of cryptography: The practical application and use of cryptography

Cryptography originated about 4000 years ago, and the world of cryptography has evolved a lot since then. Today 'Cryptography' is omnipresent in our lives wi
Read More
Article

Combat Business Email Compromise Scams With New Awareness Training Tools From SecurityIQ

Business email compromise (BEC) attacks are growing in both frequency and severity. According to the FBI, BEC attacks cost businesses $5.3 billion from 2013
Read More
Article

Computer forensics investigation – A case study

Disclaimer: We have not performed any live investigation. This was a part of our university assignment, wherein we assumed the roles of forensics investigato
Read More
Article

2017 OWASP A6 Update: Security Misconfiguration

The Open Web Application Security Project (OWASP) is a volunteer group whose goal is to build a more robust Internet. One of their flagship publications is t
Read More
Article

Reverse engineering tools

First, we're going to describe the process of compiling/assembling a source code to an executable file. This is very important, so we need to understand it w
Read More
Article

Building your own pentesting environment

Ethical hacking is a term used to describe hacking done by a person/individual to identify the potential vulnerabilities or weakness in the system that could
Read More
Article

2017 OWASP A4 Update: XML External Entities (XXE)

Extensible Markup Language External Entities (XXE) is currently ranked fourth on OWASP’s 2017 Top Ten list of application security risks. Extensible Markup L
Read More
Article

How to Prevent Business Email Compromise With Multi-Factor Authentication

Business email compromise (BEC) scams cost businesses $5.3 billion from 2013 to 2016. BEC fraud is a problem for companies of all sizes and all sectors. In f
Read More
Article

Cryptanalysis tools

Some terms and definitions Alice – Sender of the message Bob – Receiver Eve – Eavesdropper or unintended party Plaintext – Message to be sent
Read More
Article

What is Business Email Compromise (BEC)?

Social media platforms may be a popular communication mode, but email remains the preferred business communication tool. The Radicati Group expects this love
Read More