Security Advisory 02/2020

usd AG News

usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the product Nagios NRPE v.3.2.1. The following vulnerability classes were identified: Insufficient Filtering of Configuration file Memory Corruption (Heap Overflow) Logic Error In accordance with usd HeroLabs Responsible Disclosure Policy, all vendors have been notified of the existence of these vulnerabilities. For more detailed information …

Unknown Vulnerabilities – Responsibilities of the Finder

usd AG News, News

The security analysts of usd HeroLab frequently discover previously unknown security vulnerabilities in products as part of their daily work. For these zero-day vulnerabilities, no security patches (corrective changes applied to the product to remedy security gaps) have been made or released yet. It is therefore essential to use any knowledge of such vulnerabilities responsibly to support manufacturers in finding …

Pentest – What analysis approaches are there?

usd AG News, usd HeroLab

Attackers gaining unauthorized access to IT systems and applications has severe consequences for companies. Pentests identify possible gateways hackers could exploit and show ways to sustainably raise the IT security level of a company. This makes pentesting one of the most effective methods of security analyses companies can employ to proactively protect themselves against hacking attacks. The security analyst (pentester) …

Security Advisory 01/2020

usd AG News, Security Research, usd HeroLab

usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Dolibarr ERP/CRM and Codiad Web IDE. The following vulnerability classes were identified: Reflected XSS Stored XSS SQL Injection PHP Code Injection In accordance with usd HeroLabs Responsible Disclosure Policy, all vendors have been notified of the existence of these vulnerabilities. For more detailed …

“Made by usd HeroLab” – Sebastian Puttkammer about Tools, Quality and Efficiency

usd AG News, News

Driven by the motivation to simplify the work for all team members, a team under the leadership of Sebastian Puttkammer, Managing Consultant at usd HeroLab, developed tools “made by usd HeroLab”. We asked what developments the recent years have brought and how they contribute to increasing the quality and efficiency of the usd HeroLab. Sebastian, you have developed many of …

Top 7 Quality Criteria for a Pentest Partner

usd AG News, usd HeroLab

In the era of digitalization, the question of whether systems and applications are effectively protected from attackers is business critical for many companies. The right choice of analysis methods is just as relevant as is choosing a competent partner. In this series, we present you the seven most important criteria you should consider when choosing a suitable partner for pentests, …

noris network AG Successfully Certified According to PCI DSS

usd AG News, PCI Security Services

usd AG confirms secure handling of credit card data in data centers Whether for start-ups or global players – a PCI certification project can pose a major challenge to any business. This makes it all the more enjoyable for us to look back on the success we have achieved together with our clients. After all, nothing provides better insights into …

PCI DSS – What Is the Scope and How to Reduce It?

usd AG News, PCI Security Services

In this short series we provide you with useful facts about the Payment Card Industry Data Security Standard. Be well informed on your PCI DSS certification. What is the PCI DSS scope? The scope of a PCI DSS certification includes all components of a company’s environment that must meet the PCI DSS control objectives. In May 2017, the PCI Security …