Below you'll find a list of all posts that have been categorized as “News”
Attackers gaining unauthorized access to IT systems and applications has severe consequences for companies. Pentests identify possible gateways hackers could exploit and show ways to sustainably raise the IT security level of a company. This makes pentesting one of the …
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Dolibarr ERP/CRM and Codiad Web IDE. The following vulnerability classes were identified: Reflected XSS Stored XSS SQL Injection PHP Code Injection In accordance …
Driven by the motivation to simplify the work for all team members, a team under the leadership of Sebastian Puttkammer, Managing Consultant at usd HeroLab, developed tools “made by usd HeroLab”. We asked what developments the recent years have brought …
Christian Meng, usd HeroLab Consultant, developed an open source tool for forensic data analysis and recovery of deleted SQLite data sets, “bring2lite” as part of his final thesis at the University of Applied Science Darmstadt together with Prof. Dr. Harald …
A well-established tradition for the usd HeroLab and a great end to the year: from December 27 to 30, 2019, more than 20 HeroLabbers attended the four-day 36th Chaos Communication Congress in Leipzig, Germany. The largest hacker conference in Europe, …
In the era of digitalization, the question of whether systems and applications are effectively protected from attackers is business critical for many companies. The right choice of analysis methods is just as relevant as is choosing a competent partner. In …
Code Review – the Supreme Discipline of Security Analyses Businesses today invest a lot in a wide range of security measures to protect their infrastructures from attacks. These include working with certified vendors, ensuring secure business operations, training employees to …
Vulnerability Disclosure usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Bitbucket, PhpSpreadsheet and XClarity. The following vulnerability classes were identified: Broken Access Control XML External Entity (XXE) Processing In accordance with …
In addition to university courses, the usd HeroLab training program „Become a HeroLab Professional“, or “Become a HeroLabber” for short, is another investment in qualified young talent by usd AG. Experienced usd HeroLab security analysts systematically prepare the students of …
Around 60 colleagues of usd HeroLab attended the latest two-day team workshop at CST Academy. In addition to expert presentations on various topics, such as special penetration testing techniques on Windows systems, they discussed current best practices and engaged in practical …
