Below you'll find a list of all posts that have been tagged as “Pentest”
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Bitbucket Server and Concrete5 CMS. The following vulnerability classes were identified: Server-Side Request Forgery Unencrypted Service Code Injection In accordance with usd HeroLabs Responsible Disclosure Policy, all vendors have been notified of the existence of these vulnerabilities. For more detailed information on the …
Many companies ask themselves whether attackers are able to compromise their IT infrastructure. Pentests provide reliable results to this question and pave the way for increasing the long term IT security. There are two approaches on how our security analysts can perform the pentest: on-site or remotely. Pentests via remote access are performed if the IP address range is accessible …
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Symantec Endpoint Protection (Broadcom), Gambio GX and NCP Secure Enterprise Client. The following vulnerability classes were identified: Privileged File Write Cross-Site-Request-Forgery (CSRF) Blind SQL Injection Hardlink Vulnerability Stored Cross-Site Scripting (XSS) In accordance with usd HeroLabs Responsible Disclosure Policy, all vendors have been …
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Dolibarr ERP/CRM and Codiad Web IDE. The following vulnerability classes were identified: Reflected XSS Stored XSS SQL Injection PHP Code Injection In accordance with usd HeroLabs Responsible Disclosure Policy, all vendors have been notified of the existence of these vulnerabilities. For more detailed …
by Stefan Schmer, Managing Consultant at usd HeroLab. Vulnerability Disclosure usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Adobe Experience Manager (AEM), Bitbucket, feeling4design Super Forms and Oracle Transportation Management (OTM). The following vulnerability classes were identified: Cross Site Scripting (XSS) Username/Filename Enumeration Sensitive Data disclosure Code Injection Broken Access Control …
We are excited to present one of our in-house developments at DEF CON 27 – the CST Chef. Our Heroes and developers Sebastian Puttkammer and Ralf Almon, Managing Consultants at usd HeroLab, have taken a brief moment to say some quick words. Ralf, DEF CON is a staple conference of the international hacker scene. How did you react when you …
Cyber Security Transformation Chef (CSTC) Convinced Jury As one of the largest international IT security conferences worldwide, DEF CON once again brings together the world’s leading IT security experts in August. We are happy to announce that we will be presenting one of our in-house developments at the DEF CON Demo Labs: the Cyber Security Transformation Chef (CSTC). With the …
Hacker Contest Summer Semester 2019 The usd HeroLab will once again teach the course “Hacker Contest” at the Technical University (TU) Darmstadt and the University of Applied Sciences Darmstadt (h_da) this summer semester. During the 2019 summer semester, students will have the opportunity to experience IT security in practice. In a secure environment, they will try out attack methods and …
Gain insights into the latest pentesting methods and exchange ideas with other professionals. Only those who succeed in the Challenge can register for usd Hackers’ Days near them. The Challenge will be unlocked on April 17th and you have until May 5th to crack as many codes as possible. The more codes you have, the greater your chances – the …
“Winterschool 2019” concluded successfully Neu-Isenburg, March 27, 2019 This year’s “Winterschool”, which is part of the usd training program “Become a HeroLab Professional” for students working at the usd HeroLab, was concluded with a final exam last week. The usd HeroLab is expanding its range of university training courses by adding a special training program for its own students. 14 …
