Anatomy Lesson from the Perspective of a Pentester - Guest Lecture at Johannes Gutenberg University Mainz

17. July 2024

On July 15, 2024, Matthias Goehring, Head of usd HeroLab, was invited once again to give a guest lecture for the “IT Security” class by Prof. Dr. Nicolai Kuntze at Johannes Gutenberg University (JGU) Mainz. Our colleague gave a lecture on “Professional Penetration Testing” and explained to the students of JGU Mainz that the increasing number and complexity of cyber attacks require a systematic review and protection of IT infrastructures. Pentests are an essential part of modern security strategies in order to identify and eliminate vulnerabilities before they can be exploited by attackers.

The question arose: What makes a pentest good and how should it be structured? To answer this question, Matthias began with an insight into the anatomy of a pentest. An effective penetration test requires a detailed analysis, profound technical knowledge and careful documentation of the vulnerabilities found and the proposed countermeasures. After being introduced to the theory, the students learned during the practical part of the lecture how a pentester proceeds. Initially, the focus was on the different types of technical security analyses. These range from automated vulnerability scans and manual pentests to red and purple teaming assessments. In order to identify risks in a structured manner, a combination of the various methods makes sense, with vulnerability management providing the context. The question of how the criticality of vulnerabilities can be correctly assessed was also addressed.

„We not only seek to offer students practical insights into the field of penetration testing, but also want to show them the crucial role of technical analyses in the security of modern IT systems and how they can contribute to this themselves.“

Matthias Göhring

usd AG has been committed to providing lectures, workshops and talks at various universities for many years in order to provide a practical insight into cyber security.

Also interesting:

DORA Countdown: One Month Left Until the Deadline

DORA Countdown: One Month Left Until the Deadline

DORA, the Digital Operational Resilience Act, will fully apply as of 17 January 2025. We have summarized everything you need to know about the EU regulation, preparation and best practices from our news blog.

Sunset of PCI DSS v4.0 on 31 December 2024: Get Ready!

Sunset of PCI DSS v4.0 on 31 December 2024: Get Ready!

PCI DSS v4.0: In March 2024, version 4.0 of the Payment Card Industry Data Security Standard became mandatory after a two-year transition phase. Just a few months later, version 4.0.1 was released as a minor update of the standard, which will become mandatory on...

Top 3 Vulnerabilities in SSO Pentests

Top 3 Vulnerabilities in SSO Pentests

During their penetration tests (pentests), our security analysts at usd HeroLab repeatedly uncover vulnerabilities that pose significant risks to corporate security. They increasingly encounter the same vulnerabilities. Our blog series "Top 3 Vulnerabilities" presents...

Categories

Categories