Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Flick Challenge

Here is another interesting challenge we are going to solve. The vulnerable machine name is Flick. As usual, we started the game by hosting the image in a v
Read More
Article

Pricing Policies in the Cyber Criminal Underground

Introduction Underground markets are places on the Internet where criminal gangs offer a wide range of illegal products and services. Black markets are crowd
Read More
Article

IT Security Policies Should Include a Physical Security Policy

We live in a world that's becoming ever more dependent on the various digital products at our disposal. From the average man on the street making purchases o
Read More
Article

Mobile Developer Salary

The world of mobile is taking over desktop applications, and mobile development and people who understand mobile design and architecture are in demand. Mobil
Read More
Article

Windows Resource Protection

In this article, we will learn about a not-so-well known but a very useful security feature in Windows: Windows Resource Protection. This feature can help a
Read More
Article

Shellshock [CVE-2014-6271]: Another Attack Vector - Bluffing IPS/IDS Sensors With Python Crafted Pkts

While a lot of online websites and blogs are explaining the vulnerability damage, providing PoC scripts and repetitive information, here we will look into an
Read More
Article

Why email puts your business data at risk, and what to do about it

In spite of the abundant availability of enterprise software designed to help businesses be more productive, cost-effective, and security conscious, most bus
Read More
Article

The importance of an effective VPN remote access policy

With the number of employees telecommuting, traveling often or working remotely on the rise, the conventional corporate security model is undergoing a major
Read More
Article

SAML, OAuth, OpenID

Introduction In this article, we are going to see what are federation, single sign-on, and three federated identity standards, namely Security Assertion and
Read More
Article

Troll Challenge

Just found an interesting vulnerable machine named Troll. It sounds like the machine will troll the attacker. We booted up the machine in Virtual Box and fi
Read More
Article

Steganalysis: your X-Ray vision through hidden data

Steganography is often mistaken with cryptography, but they are very different in their operations. The major similarity between them is they were coined
Read More
Article

Exploiting and verifying shellshock: CVE-2014-6271

The Bash Bug vulnerability (CVE-2014-6271) A new critical vulnerability, remotely exploitable, dubbed "Bash Bug", is threatening billions of machines all ov
Read More
Article

To Reduce Risk, De-emphasize “C” and Focus on “G”

By their nature, business endeavors involve various elements of risk. These elements may include technological, commercial, legal, financial, and environment
Read More
Article

The essentials of an acceptable use policy

What is an acceptable use policy? An Acceptable Use Policy (henceforward mentioned as "AUP") is agreement between two or more parties to a computer network
Read More
Article

Dockerizing a Sample GUI Application: Case Study

The goal for this article is a sprint from never using Docker to using it to deploy a GUI application that only has a console deployment pattern for Docker.
Read More
Article

Parameterized SQL query over dynamic SQL query

What is a parameterized SQL query? It is used for better performance, high efficiency and prevention of SQL injection vulnerability. Before going further, l
Read More
Article

Defense-in-Depth: Layered Protection and Data Security

Application vulnerability is caused when a developer fails to sanitize the input from user and blindly uses it as an input for further data processing. One o
Read More
Article

Top Cloud Computing Threats in Enterprise Environments

Introduction The cloud has been around for some time now and is still gaining popularity in every day operations of IT companies. I've seen different compani
Read More
Article

Risks and Cyber Threats to the Healthcare Industry

Introduction Every day, our digital identity is menaced by several cyber threats that are becoming even more sophisticated. Every year, data breaches expose
Read More
Article

The Evolutionary Approach to Defense

By: Philip Nowak The evolutionary approach to IT security seems to be the most natural and efficient way to resist cyber-attacks. The Red Queen Effect descri
Read More
Article

Encryption of Cloud Data

1.0. Executive Summary Organizations seeking to protect sensitive and mission-critical data quickly realize that there is no single answer to keep all system
Read More
Article

Privacy Risks of Sleep-Tracking Devices

1. Introduction According to the technology market intelligence company "ABI Research", there are currently more than 10 billion wirelessly connected devices
Read More
Article

Want to Limit PCI DSS Scope? Use Tokenization

Every organization should follow a proactive rather than a reactive approach to protect against threats, risks and vulnerabilities, to which if their IT infr
Read More
Article

Clickjacking, Strokejacking or UI Redress

Introduction Clickjacking was first publicized by Jeremiah Grossman and Robert "Rsnake" Hansen in 2008. Clickjacking is an attack that is possible only by th
Read More