Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

How to filter user input: An overview

If you make web sites, online apps, or even just your own personal blog, chances are that you've heard the phrase "Don't trust user input!" This is one of th
Read More
Article

IT Continuity Planning

Today most organizations have committed resources, developed policies, procedures, and tools, and set their organization and IT infrastructure to maintain th
Read More
Article

Reverse-Engineering Arrays

Introduction Whenever we would like to reverse-engineer a function, we need to know exactly how the function is being called: its calling convention, number
Read More
Article

How to Safely and Wisely use jQuery: Several Key Issues

At the beginning of this article, I want to thank all those without whom this article would not exist. For starters, I'd like to thank Izabela Galazewska. Yo
Read More
Article

Physical security: Managing the intruder

No information security guide is complete without a chapter about securing physical access to information resources. After all, physical access gives even th
Read More
Article

Virtualization security

Virtualization has made a huge impact in a very short time in the IT and networking worlds and has already provided huge cost savings and returns on investme
Read More
Article

Differences in Copyright Enforcement between the U.S. and China

Introduction China and the U.S. have signed the Berne Convention and the Agreement on Trade Related Aspects of Intellectual Property Rights (TRIPS Agreement
Read More
Article

Book Excerpt: Advanced Network Design, Chapter 4: Infrastructure

Security does not happen by accident. Sure, a crashed router will keep hackers (and everyone else) out of your network, but in most cases if you want securit
Read More
Article

Wireshark

A network sniffer or protocol analyzer is a software application or hardware device which is capable of intercepting traffic and logging it for further analy
Read More
Article

Google Hacking with GGGoogleScan

When scraping the Google search engine, we need to be careful so that Google doesn't detect our automated tool as a bot, which will redirect us to a captcha
Read More
Article

Network Scanning Using Nessus

What is Nessus? If you are looking for a vulnerability scanner, you might have come across several expensive commercial products and tools with a wide range
Read More
Article

Phishing: A Very Dangerous Cyber Threat

Introduction In recent years, phishing attacks have increased exponentially, targeting every sector of society. Despite the simplicity of the schema implemen
Read More
Article

Tutorial on SQLi Labs

  Structured Query Language, also known as SQL, is basically a programming language that deals with databases. For beginners, databases are simply dat
Read More
Article

Demystifying dot NET reverse engineering - PART 3: Advanced Byte Patching

Introduction In the first two parts, we saw some basics that will let you reverse-engineer some dot NET applications; we covered the concepts of dot NET
Read More
Article

Hexed – Working effectively in the hex editor

I love my hex editor! I mean I really do. As reverse engineers and binary explorers, the hex editor is arguably the most used tool for human binary reconnais
Read More
Article

Calling Conventions

Introduction Calling conventions are used by all programs without the user even realizing it. But before saying more about them, we must first make sure we u
Read More
Article

Android and Java Native Interface

Java Native Interface (JNI) JNI is a native programming interface supported by Java and is part of the Java SDK. With JNI, we can write code in other languag
Read More
Article

How do I go about hacking FTP? Part III

Oh boy, this whole series about FTP hacking is really getting long. There's just too much information to cover in just one article. In fact, if you ever have
Read More
Article

SQL Injection Through SQLMap Burp Plugin

Hai folks, This article gives you an overview of SQLMAP, an SQL injection tool used for detecting and exploiting the SQLI. What is SQLI? SQL Injection is a w
Read More
Article

How do I go about hacking file transfer protocol? Part II

In the previous part of this article series, we introduced the topic of FTP security, and the basics of how the protocol works. After reading that previous a
Read More
Article

Estimating Projects Part III

In previous articles on planning and estimating projects, we explored the basic principle of estimates. Estimating cannot really determine precisely what we
Read More
Article

Using Sandboxes For Hostile Program Analysis

Sandboxes Introduction[pkadzone zone="main_top"] If you're reading this article, you have probably heard of a sandbox before. But, in case you haven't, I'll
Read More
Article

Websecurify Walkthrough, Web Application Penetration Testing Tool

[caption id="" align="alignright" width="200"] Websecurify Logo[/caption] Information security is a very important thing for the modern Internet world. So, p
Read More
Article

How do I go about hacking file transfer protocol? Part I

Usually, I write about human resource management, risk assessment and project estimation almost every day, but from time to time, I get an e-mail from InfoSe
Read More