This report offers insight from the research and results of Rapid7’s repeated penetration testing.

This document defines an analytical model of cyber threat intelligence in terms of a threat entity’s goal orientation, the capabilities it uses to pursue its goals and its modus operandi. The model is intended to act as a common guiding template for conducting a cyber threat assessment for use by penetration testers to define a set of realistic and threat-informed cyber attack test scenarios.

This Paper provides a breakdown of New York’s 23 NYCRR500 Financial Security requirements.

This book provides some good guidance for app security testing. It seeks to assist enterprises with solving the issues surrounding app security.

This is an annual report that provides an inside look into the economics and emerging trends of bug bounties, with data collected from Bugcrowd’s platform and other sources throughout 2016. This report is published on a yearly basis for CISOs and other security decision makers to provide a transparent look at the evolving bug bounty market.

This report provides an analysis of Microsoft’s PowerShell language and how it has been used by cybercriminals.

For this cybersecurity report, the Cloudlock CyberLab analyzed daily behavior across 10 million users, 1 billion files, and 101,000 apps to surface insightful trends and help organizations detect signs of threat. On the following pages, we’ll walk you through the CyberLab’s Cloud Threat Funnel, designed to help security teams narrow their focus onto user activities that are the most indicative of true threat.

From the report, “Application security (AppSec) is maturing for most organizations, according to the 475 respondents who took the SANS 2016 State of Application Security survey. In it, respondents recognize the need for AppSec programs and are working to improve them, despite a lack of the necessary skills, lack of funding and management buy-in, and silos between departments hampering their AppSec programs.”

This report documents research conducted as part of a study entitled “Managing and Developing Reserve Component Capabilities in Sup- port of the Army’s Cyber Force.” The primary purpose of the study was to conduct initial research on how to train, manage, and develop the Army’s cyber force, with a specific focus on the Army National Guard and the U.S. Army Reserve.

This report breaks down four strategic pillars of handling vulnerability management.

In this report they seek to answer four important questions. How mature is the profession today? Where are we weakest/strongest? Which improvements in maturity are likely to matter most? How do we rate against others in our industry?