Christian, apart from your project operations, your team of analysts looks into potential security vulnerabilities. Why do you do that?
We can only protect businesses against hackers and criminals effectively if we always keep our skills and knowledge up to date. That’s why security research is just as important for our work as building up a security community to promote the exchange of knowledge.
Does that mean that you share your findings with other security researchers?
Yes, definitely. More security can only be achieved if lots of people take on the task together. We also help security analysts at other companies to identify vulnerabilities and remediate security risks – always in line with our responsible disclosure policies, of course.
What role does the usd HeroLab play in that context?
The usd HeroLab and our usd Akademie are essential parts of our security mission. We use the HeroLab as a training platform ourselves, but we also make it available to companies, research institutes and universities. We run training courses and publish papers to share the knowledge we gain in our practical work and through our research.
What kinds of publications can we expect from you?
The usd HeroLab is going to publish a series of papers on new security vulnerabilities and current security issues. The first paper has already been published. Ralf Almon, one of our senior security consultants and a forensics specialist, has shared his insights into a very interesting issue:
“How a Vulnerable Picture Upload Can Be Exploited Using Manipulated Picture Files”
OWASP Top 10 2025 Released: Our Insights and Contribution
The OWASP Top 10 is considered the global standard for web application security. It highlights the main risks and indicates where companies should pay closer attention. The current Top 10 for 2025 was presented last week at OWASP Global AppSec USA 2025 and makes it...
