Current Information on Remote Assessments according to PCI Security Standards

usd AG News, PCI Security Services

In order to slow down the spread of the coronavirus, many countries have imposed movement restrictions and travel bans. Of course, we adhere strictly to these regulations. To ensure that your certification projects in accordance with the PCI Security Standards do not come to a complete standstill during this period, we are currently converting our on-site assessments to remote assessments …

Security Advisory 02/2020

usd AG News

usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the product Nagios NRPE v.3.2.1. The following vulnerability classes were identified: Insufficient Filtering of Configuration file Memory Corruption (Heap Overflow) Logic Error In accordance with usd HeroLabs Responsible Disclosure Policy, all vendors have been notified of the existence of these vulnerabilities. For more detailed information …

A step towards more security: Our expert’s examination of the PCI Software Security Framework

usd AG News, PCI Security Services

In January 2019, the PCI Security Standards Council first announced the introduction of the new Software Security Framework (SSF) which currently includes two new standards: The Secure Software Lifecycle Standard (Secure SLC) and the Secure Software Standard. With the respective certifications, payment software providers can prove that both their payment software as well as their development processes meet comprehensive and …

Unknown Vulnerabilities – Responsibilities of the Finder

usd AG News, News, usd HeroLab

The security analysts of usd HeroLab frequently discover previously unknown security vulnerabilities in products as part of their daily work. For these zero-day vulnerabilities, no security patches (corrective changes applied to the product to remedy security gaps) have been made or released yet. It is therefore essential to use any knowledge of such vulnerabilities responsibly to support manufacturers in finding …

Pentest – What analysis approaches are there?

usd AG News, usd HeroLab

Attackers gaining unauthorized access to IT systems and applications has severe consequences for companies. Pentests identify possible gateways hackers could exploit and show ways to sustainably raise the IT security level of a company. This makes pentesting one of the most effective methods of security analyses companies can employ to proactively protect themselves against hacking attacks. The security analyst (pentester) …

Security Advisory 01/2020

usd AG News, Security Research, usd HeroLab

usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Dolibarr ERP/CRM and Codiad Web IDE. The following vulnerability classes were identified: Reflected XSS Stored XSS SQL Injection PHP Code Injection In accordance with usd HeroLabs Responsible Disclosure Policy, all vendors have been notified of the existence of these vulnerabilities. For more detailed …

“Made by usd HeroLab” – Sebastian Puttkammer about Tools, Quality and Efficiency

usd AG News, News

Driven by the motivation to simplify the work for all team members, a team under the leadership of Sebastian Puttkammer, Managing Consultant at usd HeroLab, developed tools “made by usd HeroLab”. We asked what developments the recent years have brought and how they contribute to increasing the quality and efficiency of the usd HeroLab. Sebastian, you have developed many of …

Top 7 Quality Criteria for a Pentest Partner

usd AG News, usd HeroLab

In the era of digitalization, the question of whether systems and applications are effectively protected from attackers is business critical for many companies. The right choice of analysis methods is just as relevant as is choosing a competent partner. In this series, we present you the seven most important criteria you should consider when choosing a suitable partner for pentests, …