Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

The security awareness hazards of removable media

What is removable media? Removable media can be thought of as a portable storage medium that allows users to copy data to it and then take it off-site, and
Read More
Article

A guide to installing and using the Nessus vulnerability scanner

Nessus is an automatic vulnerability scanner that can detect most known vulnerabilities, such as misconfiguration, default passwords, unpatched services, etc
Read More
Article

OWASP Top 10 #5: Security Misconfiguration

Recently, the Open Web Application Security Project (OWASP) announced an update of their "Ten Most Critical Web Application Security Risks.” OWASP is a nonpr
Read More
Article

OWASP Top 10 #4: Broken Access Control

Recently, OWASP (the Open Web Application Security Project) announced an update of their "Ten Most Critical Web Application Security Risks.” OWASP is a nonpr
Read More
Article

PHP Lab: Review the code and spot the vulnerability

Introduction and background An application has been developed in PHP, and the source code of the login page is given for source code review to ensure that no
Read More
Article

OWASP Top 10 #3: Cross-Site Scripting (XSS)

Cross-Site Scripting Cross-site scripting (XSS) attacks involved the injection of malicious code into trusted websites. One of the traditional uses of XSS is
Read More
Article

OWASP Top 10 #2 - Broken Authentication Session Management

Making the network secure can never get enough attention in today’s world. It’s of paramount importance, especially for people working in the field of inform
Read More
Article

PHP Lab: Analyze the code and spot the vulnerability

Introduction and background: A penetration test has been conducted on the following URL, and a SQL Injection vulnerability was identified. http://192.168.56.
Read More
Article

OWASP 2017 top 10 vs. 2013 top 10

After a long interval of four years, OWASP in April 2017 released a draft of its latest list of “Top 10 Web Application Security Vulnerabilities.” The OWASP
Read More
Article

HBO Hacked, Game of Thrones script leaked on the Internet

Early August, hackers announced to have breached the systems of the television network HBO that is owned by the giant Time Warner. Crooks claimed to have sto
Read More
Article

PHP lab: PHP double submit problem.

If a user refreshes a page after submitting a form, he may accidentally post the content again resulting in duplicate submission, thus causing undesired re
Read More
Article

PHP lab: File upload vulnerabilities:

Many websites require file upload functionality for their users. Social networking websites, such as Facebook and Twitter allow their users to upload profile
Read More
Article

PHP lab: File inclusion attacks

File inclusion is one of the popular yet old vulnerabilities that are often seen in websites. [pkadzone zone="main_top"] PHP websites that make use
Read More
Article

The Importance of C-Level Security Awareness Training

As a CEO, it’s important for you to understand a harsh and terrifying reality: Your company is under constant attack from hackers, thieves, and other cybercr
Read More
Article

WannaCry, The Aftermath: How WannaCry Could Have Been WannaSmile

I have been working in the field of cyber security and related areas for over 20 years. In that time there have been many cyber incidents. Those that instant
Read More
Article

PHP Lab: Exploiting SQL Injection

Identifying SQL Injection vulnerabilities The first step in exploiting a SQL injection is to identify the vulnerability. This first section of this lab walks
Read More
Article

Does History Need to Repeat Itself? Lessons Learned From WannaCry

Often, at the end of a project, especially a long and complicated one, there will be a ‘lessons learned’ session held. These sessions usually bring together
Read More
Article

How Security Awareness Training Can Protect the Military

Introduction There stills seems to be no true consensus on the need for or importance of security training in the workplace. There are people on both sides o
Read More
Article

Tips for Managing Physical Security

What is Physical Security? Source: GAO[pkadzone zone="main_top"] According to the security expert S. Harris, “physical security protects people, data, equip
Read More
Article

PHP Lab: Prevent exposure of configuration/backup files from web root.

Introduction and background A developer has created a web application in PHP, and the application makes use of configuration files from the config folder of
Read More
Article

Average Data Recovery (CDRP) Salary in 2018

Do your interest areas lie in computer hardware? Do the words "data recovery" excite you? If you are looking to update your skills in data recovery then the
Read More
Article

Reverse engineering a JavaScript obfuscated dropper

Nowadays one of the techniques most used to spread malware on windows systems is using a JavaScript (js) dropper. A js dropper represents, in most attack sce
Read More
Article

Top 20 Security Awareness Tips & Tricks

Top 20 Security Awareness Tips & Tricks Keeping your data safe and far away from the clutches of the hacking community is a need of the hour in today’s w
Read More
Article

The Case for Annual Security Awareness Training

Training Annually vs One-Off Training Anything short of annual IT security awareness training, at a minimum, is difficult to consider a legitimate training p
Read More