Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Taking Control of the Process

In the previous article, we learned about the basics of the Stack Based Buffer Overflow, such as analyzing the stack, creating breakpoints and analyzing the
Read More
Article

Tunneling, Crypto and VPNs

1. Introduction The idea of Virtual Private Network (VPN) is to simulate a private network over a public network. A VPN tunnel can be used to securely connec
Read More
Article

Defense in depth is dead; Long live defense in depth!

Defense in depth is dead. The way you're thinking about data center security is outdated. Security started changing long before Sony, Target and the others g
Read More
Article

Clickjacking, Cursorjacking & Filejacking

Same origin bypasses using clickjacking Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a
Read More
Article

Interview: Morey Haber, VP of Technology at BeyondTrust

Today we officially kick off our long-awaited IT Thought Leader Interview series. First up in the hot seat is Morey Haber, Platform Product Manager and VP of
Read More
Article

Why Do We Need Software Escrow?

The practice of software escrow consists of the deposit of the source code of an application with a third party, indicated as the escrow agent. Software escr
Read More
Article

Spoof using right to left override (RTLO) technique

In this article we will learn about the one of the most overlooked spoofing mechanisms, known as right to left override (RTLO). What is RTLO? RIGHT TO LEFT
Read More
Article

iOS Application Security Part 41 - Debugging applications using LLDB

In this article we will learn about the LLDB debugger used by Apple's Xcode for debugging applications, understand why it is better for security testing, and
Read More
Article

Hardening IIS security

Security is an essential part of a web application and should be taken into consideration from the first stage of the development process. A website couldn't
Read More
Article

Cracking NQ vault step by step

The mobile encryption app NQ Vault has been in the news for bad reasons. Mobile encryption apps are commonly used to prevent access to sensitive data on the
Read More
Article

Anonymizing Activities in the Digital World using TOR

Introduction When it comes to anonymizing activities in digital world, it can be referred to in various ways. Researchers might take it to identify various m
Read More
Article

PoS Malware is More Effective and Dangerous

Introduction to POS malware In September 2014, experts at Trustwave firm published an interesting report on the evolution of the point-of-sale (PoS) malware
Read More
Article

Solutions to net-force cryptography CTF challenges

Cryptanalysis refers to the study of ciphers with the objective of breaking the code and obtaining plaintext (sensible) information. While older cryptosystem
Read More
Article

iOS Application Security Part 40 - Testing apps on your Mac

In this article, we will discuss the extent to which you can test applications on your Mac rather than the device. This could be useful for many reasons, som
Read More
Article

Bypassing In Safari

SOP Bypassing in Safari To help you understand better, http://httpsecure.org and file://httpsecure are both treated as a different origin. The Safari browser
Read More
Article

IT Security Awareness Programs

[download]Download the BEST PRACTICES FOR DEVELOPING AN ENGAGING SECURITY AWARENESS PROGRAM whitepaper[/download] Learn the best practices for developing a s
Read More
Article

Solutions to Net-Force steganography CTF challenges

Steganalysis refers to the process of locating concealed messages inside seemingly innocuous 'containers'. The idea behind steganography is embedding plainte
Read More
Article

Security Policy Template for Web Applications

Web applications are critical to the enterprise infrastructure. Companies rely on them to communicate with partners, clients, shareholders and others, as wel
Read More
Article

DNA cryptography and information security

What is cryptography? Cryptography is the science of study of secret writing. It helps in encrypting a plain text message to make it unreadable. It is a ver
Read More
Article

Android Application hacking with Insecure Bank Part 4

In this article, we will look at a very handy framework for analysis of android applications named Drozer. Drozer is a very useful tool as it eliminates the
Read More
Article

Bypassing same origin policy (SOP)

The same origin policy is an important concept in the web application information security domain. In this policy, a web browser allows scripts contained in
Read More
Article

Are Browsers the Weakest Link of the Security Chain?

Current scenario The number of cyber attacks is constantly increasing, and according to security experts they grow even more sophisticated. The security firm
Read More
Article

Security attacks via malicious QR codes

With the increasing use of smartphones, QR codes are becoming popular. Recently, WhatsApp launched its web version, which needs QR code scanning to access th
Read More
Article

Encryption Solutions for the New World

Keeping personal information secure and protected remains a top priority for computer users who now rely heavily on information systems to manage a large par
Read More