Since the publication of the original blog post in May 2024, the final version of the RTS for TLPT has been released. The blog post has been updated...
DORA Deep Dive: Threat-Led Penetration Testing (TLPT)
read more
Pentests & Security Analyses
Red Teaming: 5 Questions Every IT Leader Wants Answered
Many companies invest in firewalls, endpoint protection, and awareness training, assuming that this puts them in a strong position. But the reality...
OWASP Top 10 2025 Released: Our Insights and Contribution
The OWASP Top 10 is considered the global standard for web application security. It highlights the main risks and indicates where companies should...
From Windows 10 to 11: Pentest Protects Against Vulnerabilities After Migration
On October 14, 2025, Microsoft stopped supporting Windows 10, forcing many companies to switch to Windows 11. This not only offers new features but...
Revealing XSS Vulnerabilities in Web Application Pentests: Understanding the Risk
Cross-site scripting (XSS) is one of the most well-known vulnerabilities in web applications, yet our security analysts at usd HeroLab encounter it...
Avoid Pitfalls During ASV Scans: Practical Tips for Seamless Scans
Companies that accept, process, or store credit card data must comply with the requirements of the Payment Card Industry Data Security Standard (PCI...
Security Advisories on d.3one and Weblication CMS Core
The pentest professionals at usd HeroLab identified cross-site scripting vulnerabilities in Weblication CMS Core and d.3one during web application...
New BSI Criteria Catalogues: Guidelines for the Use of AI in the Financial and Administrative Sectors
The German Federal Office for Information Security (BSI) has published two new sets of criteria for evaluating Artificial Intelligence (AI). They...
How to Strengthen Your Email Security: Insights from Our Pentesters
Email security is a key factor in application development and system configuration. Vulnerabilities in this environment can lead to data leaks and...
More Security for Connected Systems: Pentesting OT and IoT Systems In a Nutshell
Industrial systems, medical devices, connected machines in production, or embedded systems in vehicles: digitalization even affects systems that...
Security Advisories on Agorum Core Open
The pentest professionals at usd HeroLab examined Agorum Core Open during the execution of their pentests.. While analyzing the...
Fat Client Pentests: Inspection and Proxying Network Traffic in Desktop Applications
When testing a desktop application, also referred to as a fat client or thick client, the analysis of network traffic plays a central role in any...