Cyentia Cybersecurity Research Library
  • Sources
  • Tags
  • About
  • Sponsors
  • More from Cyentia

Pen Testing

Below you will find reports with the tag of “Pen Testing”

image from Common and Best Practices for Security Operations Centers: Results of the 2019 SOC Survey

Common and Best Practices for Security Operations Centers: Results of the 2019 SOC Survey

This 2019 edition of the SANS Security Operations Center (SOC) Survey was designed to provide objective data to security leaders and practitioners who are looking to establish a SOC or optimize their existing SOCs. The goal is to capture common and best practices, provide defendable metrics that can be used to justify SOC resources to management, and to highlight key areas on which SOC managers can focus to increase the effectiveness and efficiency of security operations.

(more available)
Added: October 1, 2019
image from The Economics of Penetration Testing for Web Application Security

The Economics of Penetration Testing for Web Application Security

This white paper describes the critical role of pen testing for web applications. It explores the economics of “classic” pen testing and considers a variety of unseen costs and points of diminishing value. The paper concludes by describing a next-generation hybrid applicationsecurity-testing-as-a-service and how it can help bring the flexibility in applying both automated app testing tools (DAST) and the human expertise of ethical hackers (pen testing) to this challenge.

(more available)
Added: September 18, 2019
image from Priority One: The State of Crowdsourced Security In 2019

Priority One: The State of Crowdsourced Security In 2019

From the report, “It is clear that there is no shortage of vulnerabilities to find. In the last year, Bugcrowd saw a 92% increase in total vulnerabilities reported over the previous year. The average payout per vulnerability increased this year by a whopping 83%, with average payouts for critical vulnerabilities reaching $2,669.92 — a 27% increase over last year.”

(more available)
Added: September 18, 2019
image from Inside The Mind Of A Hacker

Inside The Mind Of A Hacker

This report offers an inside look at hackers. It provides a glimpse into the BugCrowd community, identifies 5 distinct types of bug hunters and their motivations, Explores program variables that can motivate and encourage different types of bug hunters and the community as a whole.

(more available)
Added: April 23, 2019
image from Security Leadership Study - Trends in Application Security

Security Leadership Study - Trends in Application Security

The evolving threat landscape and perennial cybersecurity challenges are giving rise to community-based programs such as crowdsourced cybersecurity, an important evolution that’s fast becoming a foundational element of any organization’s cybersecurity program. Crowdsourced cybersecurity includes services such as bug bounty programs, vulnerability disclosure, and next-generation penetration testing (NGPT). This report explores several key findings based on research conducted by ESG.

(more available)
Added: April 23, 2019
image from 2019 SANS Automation & Integration Survey

2019 SANS Automation & Integration Survey

Automation balances machine-based analysis with human-based domain knowledge to help organizations achieve optimal workflows in the face of staff shortages and alert fatigue, all caused by an increasing number of destructive threats. Yet, 59% of survey respondents indicate that their organizations use low levels or no automation of key security and incident response (IR) tasks. In this new SANS survey, we wanted to understand and explore some of the misconceptions versus facts around automation and what to do about it.

(more available)
Added: April 19, 2019
image from 2018 Application Security Report

2018 Application Security Report

This report is the result of a comprehensive survey of 437 cybersecurity professionals designed to reveal the latest application security trends, how organizations are protecting applications, and what tools and best practices IT cybersecurity teams are prioritizing to find, fix and prevent vulnerabilities in next-gen applications.

(more available)
Added: April 4, 2019
image from 2018 Managed Security Report

2018 Managed Security Report

The 2018 Managed Security Report is based on the results of a comprehensive online survey of IT and cybersecurity professionals conducted in July and August of 2018.

(more available)
Added: April 4, 2019
image from Prioritization to Prediction: Volume 2: Getting Real About Remediation

Prioritization to Prediction: Volume 2: Getting Real About Remediation

From the report, ““Realized coverage & efficiency vary greatly among firms—over 50% between top and bottom performers—indicating different remediation strategies lead to very different outcomes.” Where is your strategy leading?” Read on to find out more.

(more available)
Added: March 16, 2019
image from Go Nuclear: Breaking Radiation Monitoring Devices

Go Nuclear: Breaking Radiation Monitoring Devices

The purpose of this research is to provide a comprehensive description of the technical details and approach IOActive used to discover vulnerabilities affecting widely deployed radiation monitoring devices. Our work involved software and firmware reverse engineering, RF analysis, and hardware hacking.

(more available)
Added: March 9, 2019
image from Election System Security Under Scrutiny

Election System Security Under Scrutiny

This paper offers insight and direction to election officials seeking to assess the security of their entire election ecosystem.

Added: March 7, 2019
image from The Expanding Security Risks and Trends that Are Changing the Insurance Industry

The Expanding Security Risks and Trends that Are Changing the Insurance Industry

This document will examine the cyber risk trends that are of concern to the insurance industry, and introduce the RiskSense solution designed to address these challenges

(more available)
Added: March 7, 2019
image from Pen Test Metrics 2018

Pen Test Metrics 2018

Here at Cobalt, we’ve done over 350 penetration tests to date. The information included in this report (Time to Fix, Vulnerability Types, Findings Criticality, Issues Fixed) is summary data from all of the penetration tests performed in 2017. Additionally, we provide survey data (Portfolio Coverage, Pen Test Frequency) from 75 respondents in security, management, operations, DevOps, product, and developer roles. All data has been anonymized to protect the privacy of our contributors.

(more available)
Added: February 18, 2019
image from Breach & Attack Simulation: Recapping 2017's Biggest Cyber Trends & Predictions For 2018

Breach & Attack Simulation: Recapping 2017's Biggest Cyber Trends & Predictions For 2018

This report takes a look at many of the cyber security events that took place in 2017 and discusses what they could mean for 2018.

(more available)
Added: February 18, 2019
image from 2018 Application Security Report

2018 Application Security Report

From the report, “Business applications are critical business resources for companies of all sizes — and they’re increasingly under attack. To gain deeper insights into the state of application security, Cybersecurity Insiders conducted an in-depth study in partnership with the 400,000 member Information Security Community on LinkedIn. This report is the result of a comprehensive survey of 437 cybersecurity professionals designed to reveal the latest application security trends, how organizations are protecting applications, and what tools and best practices IT cybersecurity teams are prioritizing to find, fix and prevent vulnerabilities in next-gen applications.”

(more available)
Added: February 18, 2019
image from 2018 Application Security Report

2018 Application Security Report

This report is based on the results of a comprehensive online survey of 437 cybersecurity professionals conducted from June through August 2018 to gain deep insights into the latest application security threats faced by organizations and the solutions to prevent and remediate them. The respondents range from executives to managers and IT security practitioners. They represent organizations of varying sizes across many industries.

(more available)
Added: February 12, 2019
image from The Black Report: Decoding The Minds Of Hackers

The Black Report: Decoding The Minds Of Hackers

This unique report offers insight into the world of hackers. It seeks to stand apart from other annuals and quarterlies by presenting information other reports are not discussing.

(more available)
Added: February 9, 2019
image from The Black Report 2018: Decoding The Minds Of Hackers

The Black Report 2018: Decoding The Minds Of Hackers

From the report, “Before we begin the 2018 Black Report in earnest, it’s important to understand who our respondents are. Last year, we focused on people who referred to themselves as hackers or professional penetration testers. This year, we broadened our survey to include incident responders. These guys deal first-hand with hackers and the aftermath of data breaches. And as you’ll see, their perspective provided a tremendously valuable contribution to the results of the survey.” Read on to find out more.

(more available)
Added: February 9, 2019
image from 2018 Secure DevOps: Fact Or Fiction?

2018 Secure DevOps: Fact Or Fiction?

This survey, the sixth in a series of annual studies by SANS on security practices in software development, is the first to explicitly focus on DevOps. The results of this study show that organizations are finding ways to keep up with rapid change through DevOp but they have a number of challenges they still need to deal with.

(more available)
Added: January 16, 2019
image from DevSecOps Community Survey 2017

DevSecOps Community Survey 2017

This report offers insight into the DevSecOps Community.

Added: January 15, 2019
image from DevSecOps Community Survey 2018

DevSecOps Community Survey 2018

This survey, representing the voice of 2,076 IT professionals, demonstrates that DevSecOps practices continue to mature rapidly and that, once automated, security is difficult to ignore.

(more available)
Added: January 15, 2019
  • ««
  • «
  • 2
  • 3
  • 4
  • 5
  • 6
  • »
  • »»
© Cyentia Institute 2025
Library updated: June 21, 2025 12:08 UTC (build b1d7be4)