This report is a kind of dossier on the hacker community. It lets you in to their world, to know their mindset, and thoughts on the bug bounty community. (more available)

This report gives a detailed breakdown of DDoS attacks in Q4 of 2015.

Readers are encouraged to use this report to get a better understanding of the current threat landscape, including trends specific to different contexts like region, time of day, industry, and more, in order to better fine-tune defenses for meeting the security needs of their unique environments. (more available)

Veracode’s intention is to provide security practitioners with tangible AppSec benchmarks with which to measure their own programs against. They’ve sliced and diced the numbers to offer a range of perspectives on the risk of applications throughout the entire software lifecycle. (more available)

Don’t let Hollywood fool you: carrying out an attack doesn’t resemble the plot of an action movie. Attackers don’t automatically breach a network, immediately locate the information they want and then swiftly exit the organization. (more available)

This Report takes a look at the top 5 data security threats and analyzes what a company can do about them. (more available)

This document presents the definition, category, means, and examples of the underground network industry, as well as protection measures.

This report provides analysis and information related to Joao Malware which has attacked video gamers.

In this, the eighth volume of this report, they present metrics that are based on real application risk postures, drawn from code-level analysis of nearly 250 billion lines of code across 400,000 assessmnets performed over a period of 12 months between April 1, 2016 and March 31, 2017. (more available)

The Internet of Things is becoming and area of danger for security risks. This paper discusses the cyber security issues related to the internet of things, and discusses how people should be taking action to protect their devices. (more available)

This report is based on a study done in 2017 to analyze security issues in CakePHP.

This report includes research on the evolving state of cloud security.

This is an annual report that provides an inside look into the economics and emerging trends of bug bounties, with data collected from Bugcrowd’s platform and other sources throughout 2016. (more available)

This whitepaper provides an excellent resource for understanding SQL Injection attacks, in a web application environment.

This annual report takes a look at the bug bounty industry in 2018.

In this technical whitepaper they explain why there’s no single silver bullet answer to SQL injection.