SECURITY RESEARCH


IT security research is just as important to our work as the exchange of knowledge with the security community. After all, more security can only be achieved if many people take on the task. We bear responsibility. We share the knowledge we gain in our practical work and through our research with the security community in public events held in the CST Academytraining courses and publications. We are investing in young talent. Therefore, we maintain numerous partnerships with universities and educate young people about IT security with a practical approach in seminars and lectures. Our cooperation partners include Goethe University Frankfurt, Technical University of Darmstadt, University of Applied Sciences Darmstadt, University of Applied Sciences Mainz and the University of Applied Sciences Munich. Always in the name of our mission: “more security”.

OUR RESPONSIBILITY


Responsible Disclosure

Handling the results of our work in a responsible way is our highest priority. We‘ve taken a long, hard look at what this means for our behavior. We use a well-structured model of responsible disclosure to report vulnerabilities.

Learn more

KNOWLEDGE FROM OUR RESEARCH

usd HeroLab Security Advisories

We analyze attack scenarios, which are changing constantly, and publish a series of Security Advisories on current vulnerabilities and security issues – always in line with our Responsible Disclosure Policy.

Learn more

COMMITMENT TO TEACHING

Our experienced security analysts teach the course “Hacker Contest” at the Technical University Darmstadt and the University of Applied Sciences Darmstadt in the summer semester 2019. During the course students have the opportunity to experience IT security in practice. The usd HeroLab‘s own PentestLab provides the technological basis.

usd AG also cooperates with Goethe University Frankfurt, University of Applied Sciences Mainz and the University of Applied Sciences Munich.

HACKER CONTEST

usd HeroLab to teach course at University of Applied Science Darmstadt in summer semester 2019.

Learn more

HACKER CONTEST

usd HeroLab to teach course at Technical University Darmstadt in summer semester 2019.

Learn more

EVENTS FOR THE COMMUNITY

Hacker Days, Hero Nights, Cyber Security Forums or IT Security Seminars. We share our knowledge and best practices with others. Visit our CST Academy websites for more information.

Learn more

ARTICLE & NEWS

TOP 7 QUALITY CRITERIA FOR A PENTEST PARTNER

Penetration tests are one of the most effective security analysis methods. Read here which criteria you should consider when choosing your pentest partner.

Learn more

CODE REVIEW

What If a Gateway for Hackers Was Hidden in Your Source Code? In a Code Review, the supreme discipline of security analyses, the source code of an application is examined.

Learn more

TOP 5 QUALITY CRITERIA FOR AN APPROVED SCANNING VENDOR

The five most important characteristics you should consider when choosing your PCI scanning partner.

Learn more

CYBER SECURITY TRANSFORMATION CHEF (CSTC)

usd Herolab proudly presents the CSTC, which is a Burp Extension for various input transformations. It implements a generic way to replace the need for numerous specialized extensions.

Learn more

usd HeroLab AT DEF CON 27

usd HeroLab presents the self-developed plugin CSTC for Burp Suite at DEF CON 27, one of the largest IT security conferences in the world.

Learn more

BUG BOUNTY PROGRAMS

Bug Bounty Programs – a security building block that leverages the security awareness and expertise of an entire community.

Learn more

HOW A VULNERABLE PICTURE UPLOAD CAN BE EXPLOITED USING MANIPULATED PICTURE FILES

This article describes an attack which circumvents weak file name restrictions and injects PHP code through a resizing and metadata stripping process.

Learn more