Resources

Policy and Best Practices

Follow & Subscribe

Browse Classifications

Browse Categories

Browse Topics

Browse Tags

Latest Policy and Best Practices Resources

  • 4 min read
  • New

Ahead of the Breach - Vladimir Tokarev, Senior Security Researcher, Microsoft

Join Microsoft’s Senior Security Researcher Vladimir Tokarev, as he shares how a gaming session led to discovering critical OpenVPN vulnerabilities, and learn his approach to successful vulnerability research through…

Read more
  • 4 min read

5 Penetration Testing Standards to Know in 2025

Penetration testing standards are structured guidelines that define best practices, methodologies, and procedures for executing security assessments. read more →

  • 5 min read

Attack Surface vs Attack Vector: Understanding the Difference

Penetration testing, or pentesting, simulates an attack on a system to evaluate its defenses. Vulnerability testing identifies and evaluates system security weaknesses. read more →

  • 3 min read

Pentest Reports: Traditional Reporting vs. Continuous Pentesting

Vulnerability scanning as a service is a solution that uses cloud-based tools to identify vulnerabilities in an organization's digital infrastructure. read more →

  • 6 min read

Application Security Testing (AST): Technologies and Best Practices

Application security testing involves analyzing and evaluating software applications to identify vulnerabilities. read more →

  • 4 min read

How to Conduct a Security Risk Assessment in 6 Steps

Security risk assessment is a systematic process to evaluate potential threats and vulnerabilities affecting an organization’s critical resources. read more →

  • 6 min read

Top 8 Penetration Testing Types, Techniques, and Best Practices

Penetration testing is a simulated cyber-attack against a computer system, network, or application to evaluate its security posture. read more →

  • 4 min read

External Attack Surface Management: 5 Key Capabilities

External attack surface management (EASM) focuses on managing and securing an organization's digital assets exposed to external threats. read more →

  • 6 min read

7 Types of Web Application Testing and Building a Testing Strategy

Web application testing involves evaluating an application to ensure its functionality, security, and usability meet the required standards before deployment. read more →

  • 8 min read

Network penetration testing: what is it and why do you need it?

How your business will benefit from network penetration testing and why it’s important to conduct annual testing. read more →

  • 6 min read

How to Prepare for Penetration Testing

Preparing for a penetration test? This checklist will inform you on what to expect and what steps you should take to get the most out of your organization’s upcoming pentest. read more →

  • 6 min read

How to Share Passwords and Backups Securely Posthumously

A tutorial on how to build a secure, distributed, and multiple authorization backup method to recovery your digital life. read more →

Continuous Human & Automated Security

The Expert-Driven Offensive
Security Platform

Continuously monitor your attack surface with advanced change detection. Upon change, testers and systems perform security testing. You are alerted and assisted in remediation efforts all contained in a single security application, the Sprocket Platform.

Watch Demo Request Quote

Expert-Driven Offensive Security Platform

  • Attack Surface Management
  • Continuous Penetration Testing
  • Adversary Simulations