Resource Center

To understand the vulnerability landscape that organizations are up against, we meticulously examined 17,000 data points, extracted from over 110 billion automations, within a 12-month period. Download the report to view a comprehensive propensity model that allows security and organizational leadership to visualize the potential impact of leaving vulnerable exposures to chance.

Bishop Fox's Financial Services industry cut provides a comprehensive analysis of offensive security trends within financial services, using industry data gathered from our joint research report with the Ponemon Institute.

Bishop Fox's Healthcare industry cut provides a comprehensive analysis of offensive security trends within the sector, using industry data gathered from our joint research report with the Ponemon Institute.

In a new study conducted with Bishop Fox, the Ponemon Institute surveyed nearly 700 security and IT practitioners who actively employ offensive security practices. The analysis explores where enterprises are focusing offensive security efforts and the drivers behind them.

Download our guide to discover the current challenges in securing the cloud, the approach offensive security takes through cloud penetration testing, and the differences and advantages of investing in CPTs as part of a cloud security program.

Read our eBook to learn how Red Teaming can provide the ultimate training ground for your defenses, assessing how well (or not) intrusions are detected and how an attacker can move throughout your network to achieve exfiltration.

This inaugural report, in partnership with Bishop Fox, surveyed 280 ethical hackers to understand how adversaries think about the attack surfaces that they seek to exploit.

Our ransomware readiness guide helps you understand your current state of ransomware readiness, prepare for ransomware attacks, identify gaps in your current strategy, and measure progress to continually enhance readiness.

In this technical guide, offensive security expert Shanni Prutchi provides analysis of the entire 278 verification requirements listed in OWASP's ASVS standard to assist in the generation of test cases and provide context to companies looking to test their applications against the standard.

Get new analyst insights on the benefits of continuous testing.

See how low-risk exposures can become catalysts for destructive attacks. We include examples of exposures found in real-world environments, including a step-by-step view into how ethical hackers exploited them to reach high-value targets.

Download this eBook to uncover the factors and inputs used in our customizable ROI calculator that are critical to making the business case for continuous offensive testing. The output of the calculator is intended to help you draw a direct line from investment to risk mitigation that can be communicated to both technical and non-technical decision makers.

Download this eBook to explore key aspects of application penetration testing, questions to ask along the way, how to evaluate vendors, and our top recommendations to make the most of your pen test based on almost two decades of experience and thousands of engagements.

SW Labs assessed Bishop Fox’s Cosmos (formerly CAST) the “Best Emerging Technology" Attack Surface Management Platform of 2021.

To help ensure John Deere products are ready to withstand security threats, John Deere chooses Bishop Fox's Cosmos platform and product security reviews.

The presentation delves into securing AI & LLMs, covering threat modeling, API testing, red teaming, emphasizing robustness & reliability, sparking conversation on our interactions with GenAi.

Join Christie Terrill and Tom Eston as they share practical advice on the proactive security measures you can take today and provide a space to ask our security experts your most pressing questions.

Hear from Anirban Banerjee, CEO and Co-founder of Riscosity, and Matt Twells, Sr. Solution Architect at Bishop Fox, as they explore critical considerations for developing a security program that prioritizes third-party risk reduction.

Join our webcast as we navigate the complex terrain of social engineering, offering insights into its various stages from planning to execution, common phishing techniques, and the necessity of ongoing vigilance and proactive strategies to combat this pervasive issue.

Join our webcast with Derek Rush, Managing Senior Consultant II, as we explore achieving PCI DSS compliance using targeted penetration testing. Discover vital strategies for securing payment environments against cyber threats through tests on applications, networks, and cloud services.

In this webcast, uncover how purple teaming initiatives can transform cybersecurity from a perceived cost center to a revenue-protecting asset. Ryan Basden, Red Team security consultant, will guide you through establishing security baselines, validating investments, and formulating a roadmap for organizational growth.

Join our webcast with Matt Twells to understand the impact of the FDA's HR.2617 legislation on medical device cybersecurity, learn how to build a robust plan, address vulnerabilities, manage supply chain risks, and anticipate future trends.

Hear from Shanni Prutchi, Security Consultant III, to learn about enhancing your organization's incident response capabilities through combined red teaming and tabletop exercises. Explore attack detection, response, and the importance of established processes.

Join Trevin Edgeworth, Red Team Practice Director at Bishop Fox, as he sheds light on why Red Teaming has become the ultimate "sanity check" for security team leaders.

Hear from experts Larry Ponemon & Tom Eston, as they reveal our findings from a joint report with the Ponemon Institute on the 'State of Offensive Security' in 2023.

Join Bishop Fox for a fireside chat with renowned cybersecurity experts – Evan Wolff & Justin Greis. We’ll discuss how new proposed regulations will impact offensive security initiatives, both short- and long-term.

Join our offensive security experts as they share insights gleaned from analyzing twelve months of findings captured in Cosmos, our award-winning attack surface management platform.

Join us to learn how to choose the right ASM solution for your needs and how new ASM solutions can help you improve your overall security posture.

Seth Art, Principal Security Consultant at Bishop Fox, and Nate Robb, Senior Operator at Bishop Fox, discuss two distinct ways (zero-knowledge & assumed-breach perspectives) to proactively identify, understand, and mitigate the most impactful vulnerabilities lurking in your cloud environment.

Join us to learn how ransomware emulation provides safe testing scenarios to uncover ransomware susceptibility in your security environment.

In partnership with SANS,we share what our latest report uncovers about the minds and methodologies of modern attackers and how this can help to improve your security posture.

Learn how to make the most of your application pen test and implement steps for repetitive secure application design in the future.

Tune into our webcast to learn more about Attack Surface Management and tips for evaluating solutions. GigaOm analyst Chris Ray joins us to share his insights!

Uncover your organization’s unique cost savings and risk mitigation strategy for a continuous offensive testing solution with our customized ROI calculation.

Examine your organization’s level of ransomware preparedness through the lens of offensive security considerations.

On-demand webcast offers an in-depth look at how DevOps can integrate both automated and manual code review into the software development lifecycle.

In the hands of skilled attackers, many "low risk" exposures serve as launching pads or steppingstones to more complex and destructive attacks. Join our webcast as we dive into real-world examples.

What if security could become an integral framework within the software development process? Join Tom Eston and Chris Bush to learn how Threat Modeling is changing the way organizations manage application security risks.

On-demand webcast provides an in-depth look at using Continuous Attack Surface Testing (CAST) to identify and close attack windows before it’s too late.

Join us for our 2nd Annual Bishop Fox RSAC Livestream event - an electrifying convergence where innovation meets expertise in the realm of cybersecurity.

Tune into our special livestream event where we highlight the remarkable achievements of women in the field of cybersecurity, celebrating their contributions during Women's History Month.

Join us Friday, August 11, 2023 for a livestream from DEF CON 31 to hear seasoned hackers and cybersecurity experts uncover the intricacies of ethical hacking and how the hacker spirit can be harnessed to push the boundaries of technology.

Watch the third episode of our What the Vuln technical series as we share the most intriguing vulnerabilities that we encountered in Q2 2023 and how we hacked them.

Caleb Gross, Director of Capability Development, gives his insight on the dynamics of exploit creation and execution and what organizations can do to not only mitigate risk from this event, but also stay focused on minimizing exposure across the business.

Watch our exclusive livestream with Ben Lincoln, Managing Principal at Bishop Fox, to learn about GWT web application vulnerabilities, exploitation strategies, and security enhancement recommendations.

Senior security expert Jon Guild demonstrates how to use the Sliver C2 framework to develop advanced offensive security skills. Arm yourself with the knowledge and skills of enumeration, lateral movement, and escalation techniques from first-hand experience in a vulnerable lab environment.

In light of the recent security breaches involving Bitcoin and SEC’s X account, our Red Team Practice Director, Trevin Edgeworth, analyzes the role of fluctuating security programs in these incidents. He discusses how attackers exploit confusion, communication gaps, and vague policies, and identifies weak points in shared security responsibility.

Bishop Fox's Red Team Director, Trevin Edgeworth, spotlights two notable vulnerabilities - left unpatched for years on end and discusses how unpatched vulnerabilities can wreak havoc on businesses. One, an unpatched six-year-old flaw in Microsoft Office, the other in Google Web Toolkit (GWT), unaddressed for eight years.

Watch the CloudFoxable demo to see a gamified cloud hacking sandbox where users can find latent attack paths in an intentionally vulnerable AWS environment.

With Senior Solutions Architect Matt Twells, Bishop Fox offers a comprehensive guide to ease into your role confidently, providing a strategic framework to streamline your initial efforts.

Alethe Denis, a Bishop Fox Senior Red Team consultant and Social Engineering expert, reveals her quick-take perspective on what she sees as different about the 23AndMe breach, and how it’s viewed by someone who is a career social engineer.

Hear from Bishop Fox's Seth Art in Episode 161 of Cloud Security Podcast as he shares his extensive experience with cloud penetration testing.

Cloud configuration review is not a cloud security pen test! Seth Art clarifies the myth on this episode of Cloud Security Podcast.

Hear from Bishop Fox's Alethe Denis in the first episode of Pentest Tool's 'We Think We Know' podcast to unravel the intricacies of security testing.

Discover the power of Swagger Jacker, an open-source audit tool designed to improve inspection of unintentionally exposed OpenAPI definition files for penetration testers.

Unlock the secrets of passing the OSEP exam with our senior security expert, Jon Guild. Join us as Jon shares his invaluable tips and tricks for conquering this benchmark exam designed for penetration testers.