Top 7 Quality Criteria for a Pentest Partner

usd AG News, usd HeroLab

In the era of digitalization, the question of whether systems and applications are effectively protected from attackers is business critical for many companies. The right choice of analysis methods is just as relevant as is choosing a competent partner. In this series, we present you the seven most important criteria you should consider when choosing a suitable partner for pentests, …

What If a Gateway for Hackers Was Hidden in Your Source Code?

usd AG News, usd HeroLab

Code Review – the Supreme Discipline of Security Analyses Businesses today invest a lot in a wide range of security measures to protect their infrastructures from attacks. These include working with certified vendors, ensuring secure business operations, training employees to increase their security awareness, implementing an incident response process and much more. But what if the affected application already has …

Security Advisory 10/2019

usd AG News, Security Research, usd HeroLab

usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the Bitbucket, PhpSpreadsheet and XClarity. The following vulnerability classes were identified: Broken Access Control XML External Entity (XXE) Processing In accordance with usd HeroLabs Responsible Disclosure Policy, all vendors have been notified of the existence of these vulnerabilities. For more detailed information on the identified …

usd HeroLab „Summerschool 2019“ completed

usd AG Life@usd, News, usd HeroLab

In addition to university courses, the usd HeroLab training program „Become a HeroLab Professional“, or “Become a HeroLabber” for short, is another investment in qualified young talent by usd AG. Experienced usd HeroLab security analysts systematically prepare the students of this year’s “Summerschool” for their involvement in pentesting projects. Julian Brecht, student at Technische Universität Darmstadt, about this year’s Summerschool: …

Top 5 Quality Criteria for an Approved Scanning Vendor (ASV)

usd AG News, PCI Security Services, usd HeroLab

Corinna Reinheimer, who is in charge of ASV scans at usd AG, tells us the five most important characteristics you should consider when choosing your PCI scanning partner. Top 1: Comprehensive experience Employees in the fields of security analyses and vulnerability management require comprehensive professional experience in order to ensure they can propose proper solutions to security findings. Top 2: …

Security Advisory 07/2019

usd AG News, Security Research, usd HeroLab

by Stefan Schmer, Managing Consultant at usd HeroLab. Vulnerability Disclosure usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Adobe Experience Manager (AEM), Bitbucket, feeling4design Super Forms and Oracle Transportation Management (OTM). The following vulnerability classes were identified: Cross Site Scripting (XSS) Username/Filename Enumeration Sensitive Data disclosure Code Injection Broken Access Control …

usd HeroLab at DEF CON 2019

usd AG News, Security Research, usd HeroLab

Cyber Security Transformation Chef (CSTC) Convinced Jury As one of the largest international IT security conferences worldwide, DEF CON once again brings together the world’s leading IT security experts in August. We are happy to announce that we will be presenting one of our in-house developments at the DEF CON Demo Labs: the Cyber Security Transformation Chef (CSTC). With the …

usd AG Re-Certified as Approved Scanning Vendor (ASV) Worldwide

usd AG News, PCI Security Services, usd HeroLab

usd AG with its scanning solution available through the usd PCI DSS Platform has been re-certified as an Approved Scanning Vendor (ASV) by the PCI Security Standards Council (PCI SSC). The certification is valid worldwide. At the same time, usd released a new version of its usd PCI DSS Platform, which contains comprehensive functional improvements. A new feature allows users …

Learned. Shared. Connected. Newcomer @ CST – A Review

usd AG CST Academy, News, PCI Security Services, Security Consulting, usd HeroLab

In events especially tailored to students, trainees and young professionals CST Academy and usd AG brought together cybersecurity newcomers in June and July. During the usd Consulting Days in Cologne and Neu-Isenburg, students had the chance to have all their questions answered by experienced consultants – questions about careers in consulting, the everyday working life and how to get started. …