Pentests are one of the most effective security analysis methods to check the IT security level of a company and identify opportunities for sustainable improvements. In addition, proof of conducting a pentest is an important component of many compliance requirements, …
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the product Nagios NRPE v.3.2.1. The following vulnerability classes were identified: Insufficient Filtering of Configuration file Memory Corruption (Heap Overflow) Logic Error In accordance with …
The security analysts of usd HeroLab frequently discover previously unknown security vulnerabilities in products as part of their daily work. For these zero-day vulnerabilities, no security patches (corrective changes applied to the product to remedy security gaps) have been made …
Attackers gaining unauthorized access to IT systems and applications has severe consequences for companies. Pentests identify possible gateways hackers could exploit and show ways to sustainably raise the IT security level of a company. This makes pentesting one of the …
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Dolibarr ERP/CRM and Codiad Web IDE. The following vulnerability classes were identified: Reflected XSS Stored XSS SQL Injection PHP Code Injection In accordance …
Driven by the motivation to simplify the work for all team members, a team under the leadership of Sebastian Puttkammer, Managing Consultant at usd HeroLab, developed tools “made by usd HeroLab”. We asked what developments the recent years have brought …
Christian Meng, usd HeroLab Consultant, developed an open source tool for forensic data analysis and recovery of deleted SQLite data sets, “bring2lite” as part of his final thesis at the University of Applied Science Darmstadt together with Prof. Dr. Harald …
A well-established tradition for the usd HeroLab and a great end to the year: from December 27 to 30, 2019, more than 20 HeroLabbers attended the four-day 36th Chaos Communication Congress in Leipzig, Germany. The largest hacker conference in Europe, …
In the era of digitalization, the question of whether systems and applications are effectively protected from attackers is business critical for many companies. The right choice of analysis methods is just as relevant as is choosing a competent partner. In …
Code Review – the Supreme Discipline of Security Analyses Businesses today invest a lot in a wide range of security measures to protect their infrastructures from attacks. These include working with certified vendors, ensuring secure business operations, training employees to …
