Technical Security Analysis and Penetration Testing: usd AG Visits Technical University of Munich for Guest Lecture

1. June 2023

On May 22, 2023, Matthias Göhring, Head of usd HeroLab, gave a guest lecture on the topic of technical security analyses and pentesting at TUM as part of the lecture "Networks for Payments" with Dr. Hermann Sterzinger. The following topics were covered:

  • A look at the current IT security situation in Germany and the world shows that the security of systems and applications is becoming increasingly important.
  • With the help of technical security analyses, risks can be identified and subsequently reduced and eliminated.
  • There are different types of technical security analyses, e.g. penetration test, red teaming, vulnerability scans. They all have advantages and disadvantages and answer different questions. Which security analysis is most suitable depends on the situation and the questions the company has to answer.
  • In a pentest, short for penetration test, systems and applications are examined in a structured manner for existing vulnerabilities. In order to derive the greatest possible benefit from a pentest, it is essential to select the scope, testing approach, depth of testing and other factors.
  • Assessing the quality of a pentest is anything but trivial. From the client's point of view, true negatives cannot easily be distinguished from false negatives. Therefore, when selecting a pentest service provider, one should make sure that the tests performed are also documented, not just the pure results.

To conclude, the procedure of a web application pentest was exemplarily demonstrated by identifying and exploiting an SQL injection vulnerability. Following the presentation, various questions were answered and discussed with the students.

For many years, usd AG has been involved in giving lectures, workshops and seminars at various universities in order to convey cyber security in a practical way.

"For my colleagues at usd and me, IT security is a passion that we have turned into a profession. In addition to this passion, good security analysts need a sound understanding of technical contexts and specific IT security know-how. We are therefore happy about every opportunity to share our knowledge with students and to show them perspectives of making IT security a profession."

Matthias Göhring
Matthias Goehring, usd HeroLab, Gastvorlesung TUM

Also interesting:

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

Current developments in AI systems show that vulnerabilities are found more quickly, suitable exploits are developed more quickly, and attacks are increasingly implemented automatically. This significantly reduces the time between discovery and exploitation. What used...

Bafin Publishes 9th Amendment to MaRisk

Bafin Publishes 9th Amendment to MaRisk

On 30 June 2026, all credit institutions and financial services institutions in Germany received an important circular: Following the consultation phase, the German Federal Financial Supervisory Authority (Bafin) published the 9th amendment to its Minimum Requirements...

usd AG Listed as EPI Partner for Mobile Security Evaluations

usd AG Listed as EPI Partner for Mobile Security Evaluations

The popularity of mobile payments is growing, and with it, the demand for verified security. usd AG is expanding its activities in the EPI environment and will also conduct Mobile Security Evaluations in the future. This places us among the few EPI-listed Security...

Categories

Categories