Whitepapers | IN CONJUNCTION WITH GARTNER

2016 Gartner Magic Quadrant Report for Security Awareness Computer-Based Training

For a second year in a row, Security Innovation has been named a Leader in the Gartner Magic Quadrant for Security Awareness Computer Based Training. Read about our program and why we were selected as a Leader.

Whitepapers | IN CONJUNCTION WITH THE PONEMON INSTITUTE

The State of Information Security and Awareness: Trends and Development

Organizations face serious challenges with online payment card security and protecting confidential information. Read the findings from the Ponemon Institute and learn about PCI-DSS and security awareness training major trends.

Guides

Essential Guide to Online Security

Start practicing better online safety with the Essential Guide to Online Security. Learn how to spot a phishing attack, create a strong password, keep your data private on social media, and more.

Guides

Ransomware Toolkit

Get your ransomware toolkit, complete with 9 free assets straight from our Security Awareness Training program. Assets include tip sheets, videos, infographics, and more!

Guides

Creating a Security Awareness Program that Sticks

Educating employees on security best practices can drastically reduce the risk of a data breach within your organization. Following these five simple steps and knowing what to avoid when implementing a program will have you on your way to better online security.

Tip Sheets

Data Privacy 101 - Securing PII

View one of our Security Awareness 365 tip sheets, Data Privacy 101 - Securing PII.

Tip Sheets

Mobile Security: Are You at Risk?

Read this quick 2-page article on the rise of mobile security and how you can start protecting yourself from the rising increase of mobile threats.

Tip Sheets

Creating a Cybersecurity Culture at Work

Most successful cyberattacks start with employees unaware of their insecure actions. This 2-page article discusses why employees are your greatest security risk and tips to protect your organization from a cyberattack.

Datasheets

Security Awareness Training

View the datasheet to learn more about our nine security awareness training modules.

Datasheets

Anti-Phishing Training Program

Our phishing simulation training program contains 50 pre-configured phishing campaigns where users are met with challenges that, in real life, would be considered malicious threats.

Whitepapers | IN CONJUNCTION WITH THE PONEMON INSTITUTE

Current State of Application Security

The Ponemon Institute independently surveyed 642 IT professionals in both executive and engineering positions. This study details their responses to the current state of application security, including opinions on security standards, training, and assessments.

Whitepapers

Simplifying Application Security and Compliance with the OWASP Top 10

Many organizations use the OWASP Top 10 to focus their application security and compliance activities. Learn more about the OWASP Top 10, why it's important, and how it can help you with compliance requirements.

Whitepapers

Regulatory Compliance Demystified

This document covers six of the most relevant pieces of legislation in depth and then touches on four others more lightly.

Whitepapers

Biggest Software Security Mistakes Organizations Make

Learn about five common information security mistakes organizations make and recommendations and best practices for building and maintaining a successful information security practice.

Whitepapers

Software Security Total Risk Management: SI’s Blueprint for Effective Program Development

Examine the major challenges of software security risk management and the concept of Software Security Total Risk Management (SSTRM), an innovative approach by which enterprises apply software security development and assessment best practices to enhance business revenue and protect against losses.

Whitepapers

Application Security Maturity Model: A Pragmatic Approach to Securing your Software Applications

The Application Security Maturity (ASM) was developed by Security Innovation and is based on analysis of 10 year’s worth of data about organizations and their security investments in technology, people, and processes. Learn why the ASM model was created, how it works, and help fine tune your security related investments.

Whitepapers

Aligning Application Security with Compliance Requirements

Learn a practical approach towards mapping application security to compliance requirements, including why application security is difficult for most compliance teams, creating an action plan that endorses application security best practices, and how to document these best practices for auditing purposes.

Whitepapers

Application Security by Design: Security as a Complete Lifecycle Activity

This paper describes complete lifecycle activities aimed at producing more secure and robust code that can better withstand attacks.

Guides | IN CONJUNCTION WITH GARTNER

Gartner Application Security Hype Cycle

Does your organization struggle with integrating security into the SDLC? Share the Gartner Application Security Hype Cycle report with your internal development and security team!

Guides

CISO's Guide to Application Security

This guide helps CISO's and other executives understand the importance of application security and effectively integrate it into their SDLC.

Guides

Roll Out an Effective Application Security Training Program

Every organization is unique and needs its own customized approach to ensure success of their training program. This guide presents best practices for taking a "many-hats" approach including creativity, engaging materials, formal structures for learners to navigate, and a solid rooting in how people learn and apply new skills in their jobs.

Guides

19 Attacks to Break Software Security

In this guide, we present 19 attacks that will uncover elusive vulnerabilities on any kind of application, platform or development language.

Guides

Advancing your Application Security Program by Putting the OWASP Top Ten into Practice

This guide discusses ways organizations can make sense of the OWASP Top Ten to improve application security, including implementing OWASP best practices into a training program and into the SDLC.

Guides

Six Best Practices for IT Security

This guide provides six best practices for preventing your organization from making simple IT security mistakes and will help you integrate security into your information management and application lifecycle.

Guides

The Art of Threat Modeling for IT Risk Management

This paper is designed for IT Risk Management, Information Security, and Management personnel seeking a more effective way to identify and prioritize risk. It describes the activities involved in application threat modeling and its goal in the context of IT risk management.

Guides

How to Conduct a Code Review

This guide focuses first on identifying the types of issues you should look for in the code being reviewed, and then on finding these bugs as quickly and effectively as possible. It also describes how you can use threat models, architecture diagrams, and other inputs to help guide your review.

Guides

Finding Your Evil Innerdoer for Effective Security Testing

Written by our VP of Services, Joe Basirico, this guide teaches how to leverage your alter ego using your imagination and existing knowledge to more thoroughly test your web applications.

Guides

Five Steps for Designing More Secure Software

There is an accepted five-step process for developing software. This guide describes the typical activities in a team development process and the unique benefits that enable an organization to move through the process in an orderly manner.

Guides

Static Analysis Strategies

This paper presents best practices for code security analysis, helping ensure that security defects are detected earlier in the development lifecycle, where it is naturally cheaper to address.

Case Studies

digitalX Case Study

Read how our experts conducted security assessments to test and analyze the digitalX Airpocket mobile app for software flaws that could be used by hackers to compromise sensitive information.

Case Studies

Elsevier Case Study

Read how Elsevier, a leader in the print and publishing industry, used our application security training program to help educate employees and increase overall security awareness at the software development level.

Datasheets

Training Course Catalog

View this condensed PDF of our security awareness and application security course listings.

Datasheets

CMD+CTRL Web Application Hackathon

Read the datasheet to learn more about our CMD+CTRL Web Application Security Hackathon, where participants lunge into the dark world of cyberattacks and view applications through the eyes of a rogue adversary.

Datasheets

CMD+CTRL Hackathons

Read more about our various CMD+CTRL Hackathons, including web application security, IT Infrastructure, and more.

Whitepapers

What is Post-Quantum Cryptography?

Learn about post-quantum cryptography, including when we can expect to see quantum computers, what it means for internet security, and how you can protect your organization using NTRU.

Whitepapers | IN CONJUNCTION WITH ROGUE WAVE SOFTWARE, PONEMON INSTITUTE

Car Cybersecurity: What do Automakers Think?

This Ponemon Institute 2015 survey of over 500 automotive developers, engineers, and executives provides new insights to help automotive software suppliers understand the current mindset of their developers and build security and safety into their software.

Whitepapers | IN CONJUNCTION WITH FROST & SULLIVAN

Cybersecurity: Automakers Remain Passive as Government Takes Action

Security Innovation teams up with Frost & Sullivan, a leader in the connected car industry, to analyze key cybersecurity challenges, identify solutions, and capture best practices for building security properly into vehicles.

Whitepapers | IN CONJUNCTION WITH MICROSOFT

Security Engineering Explained

Written by five Microsoft experts and Security Innovation's CTO Jason Taylor, this paper describes the key components of security engineering including identifying secure objectives, creating threat models, performing code reviews, and more.

Whitepapers

Mitigating M2M Software Risks

This guide outlines three must-follow guidelines that embedded software teams should follow to help protect critical M2M systems against failure and malicious attack, including addressing security early on, building security into development, and protecting systems from unauthorized changes.

Whitepapers

Threat Modeling for Secure Embedded Software

Examine threat modeling and learn how it can be used in concert with secure development best practices, including automated source code analysis, peer code reviews, and penetration testing to both identify and mitigate embedded software threats.

Whitepapers | IN CONJUNCTION WITH PONEMON INSTITUTE, GREEN HILLS SOFTWARE

Automotive Cybersecurity: The Gap Still Exists

Read the second annual survey conducted by the Ponemon Institute on automotive cybersecurity. This survey provides insights on the current mindset of automakers in building security and safety into their vehicles.

Datasheets

NTRU

Read more about NTRU, a lattice-based public key cryptosystem resistant to quantum computing attacks.

Datasheets

TSS

TSS provides a set of software components that allows platforms and applications to take advantage of a platform’s TPM in a coordinated, consistent, and portable manner.

Books

How to Break Software Security

This book describes 19 focused testing attacks that can be mounted against various applications that will expose security vulnerabilities caused by software dependencies, data-dependent weaknesses in software, application design flaws, and implementation-related vulnerabilities.

Books

How to Break Web Software

How to Break Web Software: Functional and Security Testing of Web Applications and Web Services addresses every category of web software exploit: attacks on clients, servers, state, user inputs, and more. You’ll master powerful attack tools and techniques as you uncover dozens of crucial, widely exploited flaws in Web architecture and coding.

Books

Software Vulnerability Guide

This book focuses on the origin of most software vulnerabilities, including the bugs in the underlying software used to develop IT infrastructures and the Internet. With this easy-to-use guide, programmers and testers will learn how to recognize and prevent these vulnerabilities before their software reaches the market.

Books

How to Break Software

This book is a practical tutorial on how to actually do testing by presenting numerous 'attacks' you can perform to test your software for bugs and includes a 17-step methodology to effectively and efficiently test software.

Books

Handbook of Intelligent Vehicles

The Handbook of Intelligent Vehicles provides a complete coverage of the fundamentals, new technologies, and sub-areas essential to the development of intelligent vehicles; it also includes advances made to date, challenges, and future trends.

Books

Securing Critical Infrastructures and Critical Control Systems

This book provides a full and detailed understanding of the vulnerabilities and security threats that exist within an industrial control system. This collection of research defines and analyzes the technical, procedural, and managerial responses to securing these systems.

Books

Security Testing Handbook for Banking Applications

The "Security Testing Handbook for Banking Applications" is a specialized guide to testing a wide range of banking applications. The book is intended as a companion to security professionals, software developers and QA professionals who work with banking applications.

Books | IN CONJUNCTION WITH TENABLE SECURITY

Security Metrics for Threat Management

This e-book illustrates the importance of actionable security metrics for businesses, both for operations and for strategy as well as important contributions by our CEO, Ed Adams, and other security professionals.

Books

Team Development with Visual Studio Team Foundation Server

Shows you how to make the most of Team Foundation Server. It starts with the end in mind, but shows you how to incrementally adopt TFS for your organization. It's a collaborative effort between patterns & practices, Team System team members, and industry experts.

Books

Improving Web Services Security

This guide shows you how to make the most of Microsoft® Windows Communication Foundation (WCF). It contains proven practices, end-to-end applications scenarios, guidelines, a Q&A, and task-based "how-to" articles. It is a collaborative effort between Microsoft patterns & practices and industry experts including Security Innovation's CTO, Jason Taylor.

Books

Patterns and Practices: Security Engineering Explained

This guide describes specific security activities for improved software engineering, including applying secure design guidelines, creating threat models, conducting architecture and design reviews for security, performing security code reviews, testing for security, and conducting deployment reviews. This guide is a collaborative effort between Microsoft patterns & practices and industry experts including Security Innovation's CTO, Jason Taylor.

Books

Service Architecture Pocket Guide

The purpose of the Service Architecture Pocket Guide is to improve your effectiveness when building services on the Microsoft platform. The primary audience is solution architects and development leads. The guide provides design-level guidance for the architecture and design of services built on the .NET Platform. This guide is a collaborative effort between Microsoft patterns & practices and industry experts including Security Innovation's CTO, Jason Taylor.

Books

Mobile Architecture Pocket Guide

The guide provides design-level guidance for the architecture and design of mobile applications built on the .NET Platform. It focuses on partitioning application functionality into layers, components, and services, and walks through their key design characteristics. This guide is a collaborative effort between Microsoft patterns & practices and industry experts including Security Innovation's CTO, Jason Taylor.

Books

Microsoft Application Architecture Guide

The guide is intended to help developers and solution architects design and build effective, high quality applications using the Microsoft platform and the .NET Framework more quickly and with less risk; it provides guidance for using architecture principles, design principles, and patterns that are tried and trusted. This guide is a collaborative effort between Microsoft patterns & practices and industry experts including Security Innovation's CTO, Jason Taylor.

Books

Windows Azure Security Notes

This is a compilation of the learnings from this project in notes form. This is not an official Microsoft patterns & practices release, this is a hand-off document containing findings from the research invested in this project. This guide is a collaborative effort between Microsoft patterns & practices and industry experts including Security Innovation's CTO, Jason Taylor.

Books

Web Architecture Pocket Guide

The guide provides design-level guidance for the architecture and design of Web applications built on the .NET Platform. It focuses on partitioning application functionality into layers, components, and services, and walks through their key design characteristics. This guide is a collaborative effort between Microsoft patterns & practices and industry experts including Security Innovation's CTO, Jason Taylor.

Sorry, there are no reports that meet these specifications.