{"id":16167,"date":"2021-07-07T16:54:24","date_gmt":"2021-07-07T14:54:24","guid":{"rendered":"https:\/\/herolab-usd.formwandler.rocks\/security-research\/"},"modified":"2023-09-29T12:12:24","modified_gmt":"2023-09-29T10:12:24","slug":"security-research","status":"publish","type":"page","link":"https:\/\/herolab.usd.de\/en\/security-research\/","title":{"rendered":"Security Research"},"content":{"rendered":"

[et_pb_section fb_built=\"1\" _builder_version=\"4.16\" _module_preset=\"default\" background_image=\"https:\/\/herolab.usd.de\/wp-content\/uploads\/sites\/9\/2021\/07\/usd-herolab-header-steuerkreis.jpg\" custom_padding=\"83px||83px||true|false\" global_colors_info=\"{}\"][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" header_text_color=\"#86CCCF\" global_colors_info=\"{}\"]<\/p>\n

Security Research<\/h1>\n

[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=\"1\" _builder_version=\"4.16\" _module_preset=\"default\" background_color=\"#2E353D\" global_colors_info=\"{}\"][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_margin=\"|auto|55px|auto||\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"]IT security research is just as important to our work as the exchange of knowledge with the security community. After all, more security can only be achieved if many people take on the task. We bear responsibility. We share the knowledge we gain in our practical work and through our research with the security community in public events held in the\u00a0<\/span>CST Academy<\/a>,\u00a0\u00a0<\/span>training courses<\/a>\u00a0and\u00a0<\/span>publications<\/a>. We are investing in young talent. Therefore, we maintain numerous partnerships with universities and educate young people about IT security with a practical approach in seminars and lectures. Our cooperation partners include\u00a0<\/span>Goethe University Frankfurt<\/a>,\u00a0<\/span>Technical University of Darmstadt<\/a>,\u00a0<\/span>University of Applied Sciences Darmstadt<\/a>,\u00a0<\/span>University of Applied Sciences Mainz<\/a>\u00a0and the\u00a0<\/span>University of Applied Sciences Munich<\/a>. Always in the name of our mission: \u201cmore security\u201d.<\/span>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"2_5,3_5\" _builder_version=\"4.16\" _module_preset=\"default\" custom_margin=\"|auto|55px|auto||\" global_colors_info=\"{}\"][et_pb_column type=\"2_5\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_image src=\"https:\/\/herolab.usd.de\/wp-content\/uploads\/sites\/9\/2021\/07\/usd-herolab-security-research-I.jpg\" title_text=\"usd-herolab-security-research-I\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_image][\/et_pb_column][et_pb_column type=\"3_5\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" header_2_text_color=\"#86CCCF\" custom_margin=\"||19px|||\" global_colors_info=\"{}\"]<\/p>\n

Our Responsibility<\/h2>\n

[\/et_pb_text][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"]<\/p>\n

Responsible Disclosure<\/span><\/h3>\n

Handling the results of our work in a responsible way is our highest priority. We\u2018ve taken a long, hard look at what this means for our behavior. We use a well-structured model of responsible disclosure to report vulnerabilities.<\/span><\/p>\n

[\/et_pb_text][et_pb_button button_url=\"\/en\/responsible-disclosure\/\" button_text=\"Learn more\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_button][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"3_5,2_5\" _builder_version=\"4.16\" _module_preset=\"default\" custom_margin=\"|auto|55px|auto||\" global_colors_info=\"{}\"][et_pb_column type=\"3_5\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" header_2_text_color=\"#86CCCF\" custom_margin=\"||19px|||\" global_colors_info=\"{}\"]<\/p>\n

Knowledge from our Research<\/h2>\n

[\/et_pb_text][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"]<\/p>\n

usd HeroLab Security Advisories<\/h3>\n

We analyze attack scenarios, which are changing constantly, and publish a series of Security Advisories on current vulnerabilities and security issues \u2013 always in line with our Responsible Disclosure Policy.<\/span><\/p>\n

[\/et_pb_text][et_pb_button button_url=\"\/en\/security-advisories\/\" button_text=\"Learn more\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_button][\/et_pb_column][et_pb_column type=\"2_5\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_image src=\"https:\/\/herolab.usd.de\/wp-content\/uploads\/sites\/9\/2021\/07\/usd-herolab-security-research-II.jpg\" title_text=\"Busy colleagues analyzing computer code\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row module_id=\"engagement\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.21.0\" _module_preset=\"cc5ac6f4-ebbd-4b3f-bc92-4dfc1f15fe2c\" hover_enabled=\"0\" global_colors_info=\"{}\" sticky_enabled=\"0\"]<\/p>\n

Commitment to teaching<\/h2>\n

Our experienced security analysts teach the course \u201cHacker Contest\u201d at the\u00a0<\/span>Technical University Darmstadt<\/a>\u00a0<\/span>and the\u00a0<\/span>University of Applied Sciences Darmstadt<\/a>. During the course students have the opportunity to experience IT security in practice. The usd HeroLab\u2018s own\u00a0<\/span>PentestLab<\/a>\u00a0<\/span>provides the technological basis.<\/p>\n

usd AG also cooperates with\u00a0<\/span>Goethe University Frankfurt<\/a>,\u00a0<\/span>University of Applied Sciences Mainz<\/a>\u00a0<\/span>and the\u00a0<\/span>University of Applied Sciences Munich<\/a>.<\/p>\n

[\/et_pb_text][et_pb_button button_text=\"Learn more\" _builder_version=\"4.21.0\" _module_preset=\"default\" button_url=\"https:\/\/www.usd.de\/en\/category\/events-community-en\/\" hover_enabled=\"0\" sticky_enabled=\"0\"][\/et_pb_button][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"2_5,3_5\" _builder_version=\"4.16\" _module_preset=\"default\" custom_margin=\"55px|auto|55px|auto|true|\" global_colors_info=\"{}\"][et_pb_column type=\"2_5\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_image src=\"https:\/\/herolab.usd.de\/wp-content\/uploads\/sites\/9\/2021\/07\/usd-herolab-security-research-III.jpg\" title_text=\"Business People Meeting Eating Discussion Cuisine Party Concept\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_image][\/et_pb_column][et_pb_column type=\"3_5\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" header_2_text_color=\"#86CCCF\" custom_margin=\"||19px|||\" global_colors_info=\"{}\"]<\/p>\n

Events for the Community<\/h2>\n

[\/et_pb_text][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"]<\/p>\n

Hacker Days, Hero Nights, Cyber Security Forums or IT Security Seminars. We share our knowledge and best practices with others. Visit our CST Academy websites for more information.<\/span><\/p>\n

[\/et_pb_text][et_pb_button button_url=\"https:\/\/www.usd.de\/en\/cst-academy\/events\/\" button_text=\"Learn more\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_button][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"||0px|||\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"cc5ac6f4-ebbd-4b3f-bc92-4dfc1f15fe2c\" header_3_text_color=\"#FFFFFF\" global_colors_info=\"{}\"]<\/p>\n

References & Articles<\/h2>\n

 <\/p>\n

 <\/p>\n

Success Stories<\/h2>\n

[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_3,1_3,1_3\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_column type=\"1_3\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"]<\/p>\n

More security for patient data: Pentest and cloud audit at medavis<\/h3>\n
\n

The protection of patient data is a top priority for medavis. That\u2019s the reason why they ordered a check of the IT security level of the entire cloud infrastructure in addition to the pentest.<\/p>\n<\/div>\n

 <\/p>\n

[\/et_pb_text][et_pb_button button_url=\"https:\/\/www.usd.de\/en\/more-security-for-patient-data-pentest-cloud-audit-at-medavis\/\" button_text=\"Learn more\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_button][\/et_pb_column][et_pb_column type=\"1_3\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_column][et_pb_column type=\"1_3\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"||0px|||\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"cc5ac6f4-ebbd-4b3f-bc92-4dfc1f15fe2c\" header_3_text_color=\"#FFFFFF\" custom_margin=\"83px||20px||false|false\" global_colors_info=\"{}\"]<\/p>\n

Interviews<\/h2>\n

[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_3,1_3,1_3\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_column type=\"1_3\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"]<\/p>\n

\u201eMade by usd HeroLab\u201c<\/h3>\n

Tools \u201cmade by usd HeroLab\u201d. We asked what developments the recent years have brought and how they contribute to increasing the quality and efficiency of the usd HeroLab.<\/span><\/p>\n

[\/et_pb_text][et_pb_button button_url=\"https:\/\/www.usd.de\/en\/news-experteninterview-usd-herolab-tools\/\" button_text=\"Learn more\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_button][\/et_pb_column][et_pb_column type=\"1_3\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"]<\/p>\n

Top 5 quality criteria for an approved scanning vendor<\/h3>\n

The five most important characteristics you should consider when choosing your PCI scanning partner.<\/span><\/p>\n

[\/et_pb_text][et_pb_button button_url=\"https:\/\/www.usd.de\/en\/news-top-5-quality-criteria-for-an-asv\/\" button_text=\"Learn more\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_button][\/et_pb_column][et_pb_column type=\"1_3\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"]<\/p>\n

Bug Bounty Programs<\/h3>\n

Bug Bounty Programs \u2013 a security building block that leverages the security awareness and expertise of an entire community.<\/span><\/p>\n

[\/et_pb_text][et_pb_button button_url=\"https:\/\/www.usd.de\/en\/expert-interview-bug-bounty-programs\/\" button_text=\"Learn more\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_button][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"||0px|||\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"cc5ac6f4-ebbd-4b3f-bc92-4dfc1f15fe2c\" header_3_text_color=\"#FFFFFF\" custom_margin=\"83px||20px||false|false\" global_colors_info=\"{}\"]<\/p>\n

Pentest \u2013 What you should know<\/h2>\n

[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_3,1_3,1_3\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_column type=\"1_3\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"]<\/p>\n

Pentests: Start planning with these 4 questions<\/h3>\n

Planning penetration tests, or pentests for short, can become very complex at times. In the following, we provide you with tips that have proven to be effective in our pentest planning \u2013 based on simple questions.<\/span><\/p>\n

[\/et_pb_text][et_pb_button button_url=\"https:\/\/www.usd.de\/en\/news-pentest-planning-tips\/\" button_text=\"Learn more\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_button][\/et_pb_column][et_pb_column type=\"1_3\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"]<\/p>\n

usd Orangebox makes remote pentests simple<\/h3>\n

What if an on-site pentest is not possible, but the systems within the scope are located in the internal network? By using the usd OrangeBox, remote pentests can be performed more efficiently and securely.<\/span><\/p>\n

[\/et_pb_text][et_pb_button button_url=\"https:\/\/www.usd.de\/en\/news-remote-pentests-via-usd-orangebox\/\" button_text=\"Learn more\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_button][\/et_pb_column][et_pb_column type=\"1_3\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"]<\/p>\n

Pentest scope: how to determine the testing scope?<\/h3>\n

Which preparation steps guarantee a pentest optimally tailored to your company? Start your pentesting project well prepared.<\/span><\/p>\n

[\/et_pb_text][et_pb_button button_url=\"https:\/\/www.usd.de\/en\/news-pentest-scope\/\" button_text=\"Learn more\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_button][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_3,1_3,1_3\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_column type=\"1_3\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"]<\/p>\n

Pentest analysis approaches<\/h3>\n

Learn more about the different pentest analysis approaches, how they vary and how they reflect different motivations and possibilities of an attacker.<\/span><\/p>\n

[\/et_pb_text][et_pb_button button_url=\"https:\/\/www.usd.de\/en\/news-pentest-analysis-approaches\/\" button_text=\"Learn more\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_button][\/et_pb_column][et_pb_column type=\"1_3\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"]<\/p>\n

Top 7 quality criteria for a pentest partner<\/h3>\n

Penetration tests are one of the most effective security analysis methods. Read here which criteria you should consider when choosing your pentest partner.<\/span><\/p>\n

[\/et_pb_text][et_pb_button button_url=\"https:\/\/www.usd.de\/en\/news-quality-criteria-for-a-pentest-partner\/\" button_text=\"Learn more\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_button][\/et_pb_column][et_pb_column type=\"1_3\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"||0px|||\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"cc5ac6f4-ebbd-4b3f-bc92-4dfc1f15fe2c\" header_3_text_color=\"#FFFFFF\" custom_margin=\"83px||20px||false|false\" global_colors_info=\"{}\"]<\/p>\n

Articles<\/h2>\n

[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_3,1_3,1_3\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_column type=\"1_3\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"]<\/p>\n

Unknown vulnerabilities \u2013 responsibilities of the finder<\/h3>\n

usd AG accepts responsibility and takes the responsible handling of newly-discovered security vulnerabilities very seriously. Read more about our process of responsible disclosure here.<\/p>\n

[\/et_pb_text][et_pb_button button_url=\"https:\/\/www.usd.de\/en\/news-what-is-responsible-disclosure\/\" button_text=\"Learn more\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_button][\/et_pb_column][et_pb_column type=\"1_3\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"]<\/p>\n

Code Review<\/h3>\n
\n

What If a Gateway for Hackers Was Hidden in Your Source Code? In a Code Review, the supreme discipline of security analyses, the source code of an application is examined.<\/span><\/p>\n<\/div>\n

[\/et_pb_text][et_pb_button button_url=\"https:\/\/www.usd.de\/en\/news-supreme-discipline-code-review\/\" button_text=\"Learn more\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_button][\/et_pb_column][et_pb_column type=\"1_3\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"]<\/p>\n

Open source tool \u201cbring2lite\u201d<\/h3>\n
\n

Open source tool for forensic data analysis at DFRWS USA, one of the leading conferences on digital forensics.<\/span><\/p>\n<\/div>\n

 <\/p>\n

[\/et_pb_text][et_pb_button button_url=\"\/en\/news-tool-for-forensic-data-analysis-at-dfrws-usa-2019\/\" button_text=\"Learn more\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_button][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_3,1_3,1_3\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_column type=\"1_3\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"]<\/p>\n

Cyber security transformation chef (CSTC)<\/h3>\n
\n

usd Herolab proudly presents the CSTC, which is a Burp Extension for various input transformations. It implements a generic way to replace the need for numerous specialized extensions.<\/p>\n<\/div>\n

 <\/p>\n

[\/et_pb_text][et_pb_button button_url=\"\/news-cyber-security-transformation-chef\/\" button_text=\"Learn more\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_button][\/et_pb_column][et_pb_column type=\"1_3\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"]<\/p>\n

usd HeroLab at DEF CON 27<\/h3>\n
\n

usd HeroLab presents the self-developed plugin CSTC for Burp Suite at DEF CON 27, one of the largest IT security conferences in the world.<\/span><\/p>\n<\/div>\n

 <\/p>\n

[\/et_pb_text][et_pb_button button_url=\"\/en\/news-usd-herolab-at-def-con-2019\/\" button_text=\"Learn more\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_button][\/et_pb_column][et_pb_column type=\"1_3\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"]<\/p>\n

How a vulnerable picture upload can be exploited using manipulated picture files<\/h3>\n
\n

This article describes an attack which circumvents weak file name restrictions and injects PHP code through a resizing and metadata stripping process.<\/p>\n<\/div>\n

 <\/p>\n

[\/et_pb_text][et_pb_button button_url=\"\/how-to-exploit-a-vulnerable-picture-upload-using-manipulated-pictures\/\" button_text=\"Learn more\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][\/et_pb_button][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"

Security ResearchIT security research is just as important to our work as the exchange of knowledge with the security community. After all, more security can only be achieved if many people take on the task. We bear responsibility. We share the knowledge we gain in our practical work and through our research with the security […]<\/p>\n","protected":false},"author":96,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"class_list":["post-16167","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16167","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/comments?post=16167"}],"version-history":[{"count":3,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16167\/revisions"}],"predecessor-version":[{"id":20932,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16167\/revisions\/20932"}],"wp:attachment":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/media?parent=16167"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}