Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
PKI
Dispelling four myths about automating PKI certificate lifecycle management

The public key infrastructure (PKI) underpins the most effective strategy for securing communications between machines, network and mobile devices, virtual servers, and the …

Hand
Is it OK to publish PoC exploits for vulnerabilities and patches?

In the wake of the Microsoft Exchange ProxyLogon zero-day and F5 BIG-IP security exploits earlier this year, many are questioning if and when should researchers publish proof …

thief
Defeating typosquatters: Staying ahead of phishing and digital fraud

It has become a mantra for businesses targeted by hackers to describe the incident as a “sophisticated cyber-attack”. Although true in some instances, the reality is that most …

laptop
How modern workflows can benefit from pentesting

Pentesting, also known as penetration testing, is a security assessment, an analysis, and progression of simulated attacks on an application (web, mobile, or API) or network …

Secure your cloud: Remove the human vulnerabilities

Training to increase employees’ security awareness and change risky behaviours among end users is important, particularly as the future workplace will be hybrid and many …

identity theft
Use longitudinal learning to reduce risky user behavior

People ignore information that isn’t relevant to them, which is why IT and HR departments have been approaching security training incorrectly for years. Long-form, all-hands …

code
Risk-based vulnerability management has produced demonstrable results

Several years ago, risk-based cybersecurity was a largely untested and hotly debated topic. But the tests have since been administered and the debate largely settled: …

identity theft
Shedding light on the threat posed by shadow admins

Few organizations would purposefully hand a huge responsibility to a junior staff member before letting them fly solo on their own personal projects, but that’s effectively …

code
APIs in the insurance industry: Accessing a growing world of data

The insurance industry is vast and varied. It can be found in nearly every country in the world, with the earliest references dating back as early as 1750 BC. Modern …

threat modeling
What is threat modeling and why should you care?

While there is not one exact industry wide definition, threat modeling can be summarized as a practice to proactively analyze the cyber security posture of a system or system …

building
MythBusters: What pentesting is (and what it is not)

You’ve probably seen the term pentesting pop up in security research and articles, but do you know what it really means? Simply put, penetration testing is a security …

cloud
The next big thing in cloud computing? Shh… It’s confidential

The business-driven explosion of demand for cloud-based services has made the need to provide highly secure cloud computing more urgent. Many businesses that work with …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools