Guides and Materials

Members of Proactive Risk contribute to industry guides and technical projects. Find materials that can help you gain perspective below.

Tactical Threat Modeling

Tactical Threat Modeling

White Paper

This paper offers effective ways to integrate threat modeling and provides a great resource for organizations developing processes and teams.

Tell Me More

White Paper: How to HACK Web Applications Manually

​How to HACK Web Applications Manually

Whitepaper

This well-known methodology documents web application security assessments for those seeking guidance on classes of attack.

Tell Me More

Screen Shot 2018-09-19 at 4.44.00 AM

Building a Better Incident Response Program (IRP)

Whitepaper

Breaches happen every day. Is your business prepared? This project provides a proactive approach to Incident Response planning.

Tell Me More

​Building Code for Medical Device Software Security

​Building Code for Medical Device Software Security

Whitepaper

The elements presented here reduce the vulnerability of medical systems to malicious attacks.

Tell Me More

Managing Security Risks Inherent in the Use of Third-party Components

Managing Security Risks Inherent in the Use of Third-party Components

Whitepaper

This paper breaks down the process and procedures developers need to test, improve, and quantify the security of third-party components.

Tell Me More

RFP Criteria

RFP Criteria

Whitepaper

This project raises visibility for software security-related questions that buyers of services should consider when issuing a request for a quote.

Tell Me More

Screen Shot 2018-09-19 at 5.21.19 AM

OWASP SwitchBlade

Download

OWASP SwitchBlade is an open source program that allows you to perform Denial of Service attacks on web applications. 

Tell Me More

Webinar image

Peanut Butter and Jelly Risk Management

Webinar On Demand

This interactive session with Security Scorecard and PENTESTON® provides a solution for meeting 23 NYCRR 500, including:

  • 500.02(Cyber Security Program)
  • 500.03(Cyber Security Policy)
  • 500.05(Penetration Testing and Vulnerability Assessment)
  • 500.09 (Cyber Security Risk Assessment).
Tell Me More