Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Fuzzing: Mutation vs. generation

Many of you have undoubtedly come across the word "Fuzzing" and wondered about it. But if you have ever tried modifying some parameter; some sort of input/ar
Read More
Article

LOIC (low orbit ion cannon) - DOS attacking tool

The DOS (Denial of service) attack is one of the more powerful hacks, capable of completely taking a server down. In this way, the server will not be able to
Read More
Article

Web Analysis, Vulnerability Assessment and Exploitation using Backtrack5

Web application analysis plays a major role while doing a vulnerability assessment/penetration test. Proper information about the web application (for exampl
Read More
Article

Secure random number generation in JAVA

“Random numbers” means numbers which are random in practice (i.e. unpredictable and non – reproducible). As simple this term looks when you hear it for the f
Read More
Article

Enterprise Security: A practitioner's guide - Chapter 1

Chapter 1Security: A working definition Managing Risk Probability of Occurrence Business Impact Threat Sources Human Threats Geographic Threats Natur
Read More
Article

VLAN hacking

In Virtual LAN or VLAN is a group of hosts communicate with each other, even thoughthey are in different physical location. Virtual LAN provides location ind
Read More
Article

UEFI and the TPM: Building a foundation for platform trust

Table of Contents Trusted Computing Boot Path Security Challenges Boot Path Attack Surface The Trusted Memory Module (TPM) TPM Architectur
Read More
Article

Goodbye DIACAP, Hello DIARMF

When C&A becomes A&A, will you be ready? Every few months, an elite group of DoD security experts, IT managers, and senior leadership gather to char
Read More
Article

A history of anonymous

Anonymous is the most famous 'hacktivist' group in the world. The informal nature of the group makes its mechanics difficult to define. Subsequently, without
Read More
Article

SQL Injection: The Equal Opportunity Vulnerability

Introduction In the first installment of this series, we discussed application security within the Software Development Process by demystifying the adoption
Read More
Article

Android malware analysis

The advance in technology brought us mobile phones with almost the same power and features as our personal computers. Something that criminal minds will find
Read More
Article

HTTP response splitting attack

In this paper we will discuss HTTP Response Splitting and how the attack can actually be carried out. When we're clear about how it works, because it is an o
Read More
Article

Understanding the Public Key Infrastructure behind SSL secured websites

Synopsis: Public Key Infrastructure (PKI) has recently been the focus of several important discussions within the information security community due to high
Read More
Article

Attacking web services Pt 2 - SOAP

In the previous article, we discussed forming a SOAP request based off the operations listed in a WSDL file and automating this task with Buby and Burp Suite
Read More
Article

Attacking web services Pt 1 - SOAP

I often receive testing related questions from AppSec folks new to web services about the techniques used to discover and attack them. Often, web services ar
Read More
Article

Are your backup systems secure?

All seemed well with backup operations at my company, until I got a visit from an operations center engineer.  The lock already hanging open, he was holding
Read More
Article

Cracking WPA2 Tutorial

In this video we will demonstrate how to crack WPA2 using the Airmon-ng suite. We will do it by: Identifying an access point Capturing traffic from tha
Read More
Article

OWASP Top 10 Deeper Dive - A8: Failure to Restrict URL Access

[highlight color="blue"]Interested in formal OWASP Top 10 Training? Check out our  OWASP Top 10 Training course OWASP Top 10 Training. [/highlight] Descripti
Read More
Article

IT auditing and controls - IT governance and controls

“IT Governance and Controls” or “IT Monitoring and Assurance Practices for Board and Senior Management” Take your choice of titles of this article, but re
Read More
Article

Web application testing with Arachni

What is Arachni? In very simple terms, Arachni is a tool that allows you to assess the security of web applications. [pkadzone zone="main_top"] [pka
Read More
Article

Creepy, the geolocation information aggregator

What is creepy? So what is Creepy actually and how does it come into the “Geolocation” picture ? Creepy is a geolocation information aggregation tool. It al
Read More
Article

The Case of the Great Router Robbery

NEWSFLASH: AnyTown Local News reports this Monday morning that the recent spate of office break-ins has continued with a weekend raid on the downtown branch
Read More
Article

IT auditing and controls - An introduction

Auditing is an evaluation of a person, organization, system, process, enterprise, project or product, performed to ascertain the validity and reliability of
Read More
Article

Microsoft Virtual Server Security: 10 Tips and Settings

Virtualization brings significant value to business managers and engineers attempting to keep pace with business pressure for additional servers. It enables
Read More