Welcome to SecurityDocs

A collection of 4,492 IT security white papers, carefully curated by professionals like yourself

Popular topics

CISSP, Security+, GSLC

Web application security

XSS, SQL injection

Penetration testing

Kali, mimikatz, social engineering


Case studies, staffing

Sept. 27, 2017

Penetration testing using Kali Linux - Usage of Goofile and Firewalk in information gathering and port scanning

by Riazul H. Rozen

This paper discusses on Goofile and Firewalk, 2 important tools in penetration. Goofile works by making it easier to get results from Google’s advanced search. This program which is essentially a python script is used to collect data on specified subjects during penetration testing. Firework is heavily invested in scouting security, and it discovers the layer 4 protocol that will be transmitted through a specified IP address. Firewalk sends TCP packets with a larger TTL than the required gate...

Sept. 26, 2017

Penetration Testing - RainbowCrack and Rainbow Table

by Riazul H. Rozen

RainbowCrack is a hash cracker tool which uses a time and memory based algorithm. This tool is different from a brute force hash cracker, in the sense that it does not have to compile all the required plaintexts, while storing equivalent hashes, in order to compare the compiled hashes with the one that has been slated for cracking.

Sept. 20, 2017

Penetration testing – DNS Spoofing and ARP-Cache Poisoning using Kali Linux

by Riazul H. Rozen

DNS spoofing is a current trend that is becoming a threating phenomenon to the security of enterprises. DNS spoofing is done by hackers who are invested in stealing financial information from clients who visit a particular site. This is done by sidetracking the client to a fake site after hacking through the DNS host.

Sept. 19, 2017

Penetration testing – Information gathering using Kali Linux

by Riazul H. Rozen

The information collection process is very important as this is the first step of penetration testing. This information is usually used by hackers to have an intricate idea of their target. It also helps clarify the mysteries behind the magnitude of the target’s web footprint. For enterprises, these tools provide them with an idea of how well their client’s information is protected from the public.

Sept. 1, 2017

Introduction to the NSA-Infosec Assessment Methodology (IAM)

by Mitchell Rowton

The NSA Infosec Assessment is conducted by a team of individuals who review the information system security posture of an organization to identify potential vulnerabilities and recommending steps for eliminating or mitigating those vulnerabilities.

Sept. 1, 2017

Introduction to Password Managers

by Zainab Nawal

A password manager is software which helps the owner in producing and recouping the passwords which are complex in nature. The password manager stores such passwords in an encrypted form. When needed to generate a new password, it does certain calculations and provides the user with a new complex password.

Sept. 1, 2017

Introduction to Network Security Design

by Lalit Kumar

At present, the need for network & computer security has become a crucial need with enlargement of the computer network. The large successful companies like Cisco, Microsoft, etc., are designing the various software in order to safeguard the N number of the network as well as looks after the operation of any enterprise. The information security is accountable for the securing data transmitted through the network. It altogether combines the computer, Internet & data security. Also, hardware an...

Sept. 1, 2017

Cross Site Scripting Attack

by Muhammad Farhan

Cross-site Scripting attack, also referred to as XSS attack is kind of a common online attack which bypasses the Same Origin Policy (SOP) of the website or web application in which the hacker attacks the website or web application by injecting a malicious code in to the website using another website or web application which is usually in the form of browser sided script to some other end user and if the website or web application is taking input from user that is neither validated nor encoded...

Sept. 1, 2017

Mimikatz overview

by Mary W

Mimikatz is one of the most common and interesting tools in a penetration tester’s arsenal. The tool is publicly available for security researchers pen-testing and study purposes. Due to the open source nature of Mimikatz, its code is changed and frequently recompiled hence making it difficult for traditional antivirus tools to detect it. When used with malicious intent, it is considered as the swiss knife of windows system credential data harvesting through the manner it steals cleartext cre...

Sept. 1, 2017

Introduction to Malware

by PhDWriter12

Said John Mariotti, Technology Journalist and CEO of ‘The Enterprise Group’. What is Malware? By 1980s, researchers found computer programs that have potential to replicate themselves. It was termed as a Virus. Cohen informally defines a computer virus as a program that holds potential to make one’s possible copies and infect other computer programs. However, with the passage of time, this behavior of programs changed such that viruses were categorized and are now collectively known as Malwar...

Sept. 1, 2017

Introduction to Proxies and Virtual Private Networks (VPNs)

by Zainab Nawal

In order to get the maximum benefit from the internet, a user needs the privacy tools proxies and the Virtual Private Networks (VPNs). Both the tools have almost same uses. However, there are certain features which separate them from each other. Proxy server, also called as proxy, is referred as virtual middleman of the user’s data. It is one of the most commonly known software and was introduces very soon after the developments in the internet technology.

Sept. 1, 2017

Introduction to PGP

by Zainab Nawal

Pretty Good Privacy (PGP), is software which provides data encryption. PGP facilitates the verification and cryptographic privacy of the data. It facilitates the users to encrypt, decrypt and sign the directories, files and e-mails, and texts. Mainly, it was used for the purpose of securing the e-mails of people. But, it is now also used for securing other information.

Sept. 1, 2017

Computer Viruses and Network Worms

by Muhammad E.

This research tells the difference between the worms and the virus and then it explains about the how much a virus or worm May harmful for the computer, data, platform, and network. By time various new worms and virus are developing and causing huge loss then before. So, there is a need for a secure platform to remain safe from virus and worms.

Sept. 1, 2017

Network Security Design

by Mary W

Implementing good and secure practices with respect to network security design is critical in ensuring that potential security threats to the network are mitigated effectively. The associated risks in network security include compromise of data confidentiality, integrity and denial of service among many other. Before designing the zones, a risk analysis needs to be done.

Sept. 1, 2017

Introduction to the NIST Cyber Security Framework


The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. The Framework consists of three parts: the Framework Core, the Framework Profile, and the Framework Implementation Tiers. The Framework Core is a set of cybersecurity activities, outcomes, and informative references that are common across critical infrastructure sectors, providing the detailed guidance for developing ind...

Sept. 1, 2017

Penetration testing using Kali Linux - Network Discovery

by Riazul H. Rozen

Kali Linux is known for its immense contribution to premium security auditing and penetration testing. Kali is created and maintained by one of the top information security companies, called offensive security. This Debian-based Linux distribution encompasses a number of tools designed to carry out varying security affairs such as security research, computer forensics, reverse engineering and penetration testing.

Sept. 1, 2017

PCI-DSS: Why its Important and How to Achieve it

by Riazul H. Rozen

Data theft is on an all-time high and is steadily increasing in payment card industry. This increase has also created the need for new and revised policies with regards to the PCI DSS. PCI DSS stands for Payment Card Industry Data Security Standard. A lot of businesses are hesitant to procure a PCI compliant as they think it to be unnecessary. Businesses without this compliance are also fined in addition to other damages they incur during these breaches and as such their bitterness to file f...

Sept. 1, 2017

Secure Networks by Encryption

by Muhammad Ehtisham

The first thing to be developed is the secure communication, and secure data travel, as, the new technology wireless sensor network is the emerging technology in the field of computer science but it is facing security threats because this is used for highly confidential information which might be like US military communication, and asymmetric cryptography is bit expensive to be installed as security solution. There is a need for the authentication of the network’s privacy. However, firewall a...

Sept. 1, 2017

Introduction to IT Security

by Zainab Nawal

Within last fifty years, technology has conspicuously emerged as a striking tool of lives of many people. Technology is encapsulated aggregately in digital computers, which tends to fulfill needs of people in daily lives. During 1950s, when first digital computer, UNIVAC I, was introduced, it was known to few people and mostly found in research laboratories (McCarthy and Stafford, 2003). But now, as IT reached advancements, people became conscious regarding security of their IT systems. The a...

Sept. 1, 2017

Modern Malwae

by Live Experts

Malware, which is short for malicious software, is an umbrella term used to describe any hostile or intrusive software. Forms of malware include computer viruses, worms, trojans, ransomware, spyware, adware and any other malicious software. Malware is defined by the malicious intent and not by the form which software takes; this means that malware can be executable code, active content, scripts, and any form regular non-malicious software may take. Any software which causes unintentional harm...

$50 Amazon gift card

Write for us

Get an original white paper published on SecurityDocs, and receive a $50 Amazon gift card.

Learn more


We'll send you a carefully curated list of the best IT security white papers to your mailbox every Friday.

Load more papers