Technical Security Analysis and Penetration Testing: usd AG Visits Technical University of Munich for Guest Lecture

1. June 2023

On May 22, 2023, Matthias Göhring, Head of usd HeroLab, gave a guest lecture on the topic of technical security analyses and pentesting at TUM as part of the lecture "Networks for Payments" with Dr. Hermann Sterzinger. The following topics were covered:

  • A look at the current IT security situation in Germany and the world shows that the security of systems and applications is becoming increasingly important.
  • With the help of technical security analyses, risks can be identified and subsequently reduced and eliminated.
  • There are different types of technical security analyses, e.g. penetration test, red teaming, vulnerability scans. They all have advantages and disadvantages and answer different questions. Which security analysis is most suitable depends on the situation and the questions the company has to answer.
  • In a pentest, short for penetration test, systems and applications are examined in a structured manner for existing vulnerabilities. In order to derive the greatest possible benefit from a pentest, it is essential to select the scope, testing approach, depth of testing and other factors.
  • Assessing the quality of a pentest is anything but trivial. From the client's point of view, true negatives cannot easily be distinguished from false negatives. Therefore, when selecting a pentest service provider, one should make sure that the tests performed are also documented, not just the pure results.

To conclude, the procedure of a web application pentest was exemplarily demonstrated by identifying and exploiting an SQL injection vulnerability. Following the presentation, various questions were answered and discussed with the students.

For many years, usd AG has been involved in giving lectures, workshops and seminars at various universities in order to convey cyber security in a practical way.

"For my colleagues at usd and me, IT security is a passion that we have turned into a profession. In addition to this passion, good security analysts need a sound understanding of technical contexts and specific IT security know-how. We are therefore happy about every opportunity to share our knowledge with students and to show them perspectives of making IT security a profession."

Matthias Göhring
Matthias Goehring, usd HeroLab, Gastvorlesung TUM

Also interesting:

DORA Countdown: One Month Left Until the Deadline

DORA Countdown: One Month Left Until the Deadline

DORA, the Digital Operational Resilience Act, will fully apply as of 17 January 2025. We have summarized everything you need to know about the EU regulation, preparation and best practices from our news blog.

Sunset of PCI DSS v4.0 on 31 December 2024: Get Ready!

Sunset of PCI DSS v4.0 on 31 December 2024: Get Ready!

PCI DSS v4.0: In March 2024, version 4.0 of the Payment Card Industry Data Security Standard became mandatory after a two-year transition phase. Just a few months later, version 4.0.1 was released as a minor update of the standard, which will become mandatory on...

Top 3 Vulnerabilities in SSO Pentests

Top 3 Vulnerabilities in SSO Pentests

During their penetration tests (pentests), our security analysts at usd HeroLab repeatedly uncover vulnerabilities that pose significant risks to corporate security. They increasingly encounter the same vulnerabilities. Our blog series "Top 3 Vulnerabilities" presents...

Categories

Categories