Web Security Testing Guide

The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals. The WSTG is a comprehensive guide to testing the security of web applications and web services. Created by the collaborative efforts of cybersecurity professionals and dedicated volunteers, the WSTG provides Read more…

The Red Team Guide

Red Teaming was seen as a useful tool for generals to evaluate their security posture, Red Team therefore took on the role of the aggressors or “bad guys”. The bad guys do not follow the rules but utilized in a controlled way simulating and emulating what the bad guys can Read more…

Smartphone-Based Detection Devices

Smartphone usage has created a new means for detection, analysis, diagnosis and monitoring through the use of new apps and attachments. These breakthrough analytical methods offer ways to overcome the drawbacks of more conventional methods, such as the expensive instrumentation that is often needed, complex sample pre-treatment steps, or time-consuming Read more…

Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks

In Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks, celebrated cybersecurity professionals and authors Chris Peiris, Binil Pillai, and Abbas Kudrati leverage their decades of experience building large scale cyber fusion centers to deliver the ideal threat hunting resource for both business and technical audiences. Read more…

Practical IoT Hacking

Drawing from the real-life exploits of five highly regarded IoT security researchers, Practical IoT Hacking teaches you how to test IoT systems, devices, and protocols to mitigate risk. The book begins by walking you through common threats and a threat modeling framework. You’ll develop a security testing methodology, discover the art of Read more…

Practical Social Engineering

Social engineering is the art of capitalizing on human psychology rather than technical vulnerabilities to compromise systems. It’s an effective method of attack because even the most advanced security detection teams can do little to defend against an employee clicking a malicious link or opening a file in an email Read more…

Antivirus Bypass Techniques

Antivirus software is built to detect, prevent, and remove malware from systems, but this does not guarantee the security of your antivirus solution as certain changes can trick the antivirus and pose a risk for users. This book will help you to gain a basic understanding of antivirus software and Read more…

Auditing Information and Cyber Security Governance

A comprehensive entity security program deploys information asset protection through stratified technological and non-technological controls. Controls are necessary for counteracting threats, opportunities, and vulnerabilities risks in a manner that reduces potential adverse effects to defined, acceptable levels. This book presents a methodological approach in the context of normative decision theory Read more…