This annual report covers data from 1,602 penetration tests conducted in 2020 as well as survey information from 601 firms in the pursuit of understanding secure development, vulnerability remediation, and opportunities for process improvements.

This inaugural report covers seven years of data from the DBIR as well as additional Verizon information, providing an overview of the cyber-espionage landscape. Attackers, motivations, methods, and victims are all focus areas.

Drawing from their managed SIEM, vulnerability scanning, and penetration testing practices, this report covers the key threat and compliance challenges over the 2019 calendar year.

Drawing from their managed SIEM, vulnerability scanning, and penetration testing services, this report reviews the key trends from the 2018 calendar year.

This report goes into the hacking industry in 2020. It talks about the impact of hackers on security, bug bounty trends, and more.

A review of 180 engagements performed by Rapid7 consulting, supplemented by a survey of questions given to all Rapid7 consulting customers. Addresses lessons learned from this events.

A review of lessons learned over the past year from Rapid7’s penetration testing services. Combined with survey day on social engineering and red team simulations of 206 engagements.

A review of the cybersecurity job market in the UK, the nature and extent of skill gaps and shortages. A combination of surveys, qualitative research with firms, and a review of job postings.

The annual report on the composition and findings of security testing as powered by BugCrowd’s bug bounty platform of nearly 3,500 security testers.

The fourth annual report from Hacker One on the state of the open security testing community, using data from Hacker One’s bug bounty program.

Mandiant’s 2019 edition of their threat intel report. Focusing on significant trends in attack TTPs over the past calendar year.

As software proliferates and DevOps takes hold, we conducted this study to understand the impact of utilizing Pentest as a Service (PtaaS) vs. traditional pentesting services. Within the backdrop of modern software development practices and rising appsec priorities, our study found that DevOps is a driving force for pushing pentest into the cloud and deploying Pentest as a Service. Furthermore, DevOps demands that appsec measures are delivered in a fashion that favors communication, transparency, and collaboration- PtaaS is exactly the evolution that addresses those aspects.

Lares encounters a seemingly endless number of vulnerabilities and attack vectors when we conducta penetration test or red team engagement, regardless of organization size or maturity. Though notevery engagement is identical, we have analyzed the similarities between hundreds of engagementsthroughout 2019 and the following list represents the most frequently observed penetration test findings we encountered.

The number of companies purchasing cyber insurance continued to increase in 2019, driven by growing recognition of cyber threats as a critical business risk and appreciation for cyber insurance’s role in mitigating its economic impact.

This report - compiled from the engagements performed throughout 2019 in customer environments by our threat hunting, penetration testing, incident response, tabletop exercise, and assessments teams

Veracode commissioned this survey from 451 Research to understand how widely accepted andpracticed coordinated disclosure – whereby a security researcher identifies a flaw and notifiesthe company, then the two work together to fix and publicly disclose the flaw – really is andwhere the pain points reside. In addition, we wanted to explore the means organizations haveestablished to receive vulnerability reports, and the attitudes toward a coordinated disclosurepolicy on both sides of the organization and among external security researchers. We also soughta deeper understanding of the motivations of security researchers, actions when a vulnerabilityis identified, timing for disclosure, desired outcomes, how organizations structure disclosurepolicies, and the effectiveness of bug bounties.

This report covers penetration prevention in the last year. It covers changes in penetration prevention such as the levels of risk incurred by applications, the way the shift to the cloud affects risk, and how the size of the business affects risk.

this report t explores the vulnerability-to-exploit (V2E) cybercrime and cybersecurity supply chain, outlines the players in the different market segments and provides insights into the related economic drivers.

A survey of over 300 security professionals on security operations center (SOC) practices and how those practices relate to outcomes.

A survey of over 250 security professionals on security operations center (SOC) practices and how those practices relate to outcomes.

This report explores the results of the 2019 (ISC)² Cybersecurity Workforce Study, providing details on the cybersecurity workforce and gap estimates, taking a closer look at cybersecurity professionals and their teams, reviewing key steps on the cybersecurity career path, and discussing insights into immediate and longer-term methods for building qualified and resilient cybersecurity teams now and in the future.