Technical Security Analysis and Penetration Testing: usd AG Visits Technical University of Munich for Guest Lecture

1. June 2023

On May 22, 2023, Matthias Göhring, Head of usd HeroLab, gave a guest lecture on the topic of technical security analyses and pentesting at TUM as part of the lecture "Networks for Payments" with Dr. Hermann Sterzinger. The following topics were covered:

  • A look at the current IT security situation in Germany and the world shows that the security of systems and applications is becoming increasingly important.
  • With the help of technical security analyses, risks can be identified and subsequently reduced and eliminated.
  • There are different types of technical security analyses, e.g. penetration test, red teaming, vulnerability scans. They all have advantages and disadvantages and answer different questions. Which security analysis is most suitable depends on the situation and the questions the company has to answer.
  • In a pentest, short for penetration test, systems and applications are examined in a structured manner for existing vulnerabilities. In order to derive the greatest possible benefit from a pentest, it is essential to select the scope, testing approach, depth of testing and other factors.
  • Assessing the quality of a pentest is anything but trivial. From the client's point of view, true negatives cannot easily be distinguished from false negatives. Therefore, when selecting a pentest service provider, one should make sure that the tests performed are also documented, not just the pure results.

To conclude, the procedure of a web application pentest was exemplarily demonstrated by identifying and exploiting an SQL injection vulnerability. Following the presentation, various questions were answered and discussed with the students.

For many years, usd AG has been involved in giving lectures, workshops and seminars at various universities in order to convey cyber security in a practical way.

"For my colleagues at usd and me, IT security is a passion that we have turned into a profession. In addition to this passion, good security analysts need a sound understanding of technical contexts and specific IT security know-how. We are therefore happy about every opportunity to share our knowledge with students and to show them perspectives of making IT security a profession."

Matthias Göhring
Matthias Goehring, usd HeroLab, Gastvorlesung TUM

Also interesting:

Security Advisory on Cubro

Security Advisory on Cubro

The pentest professionals at usd HeroLab examined Cubro EXA48200 during the execution of their projects. A vulnerability was discovered in the User Management API that could allow authenticated attackers to gain administrative privileges via a single HTTP request. The...

