Before performing a penetration test, the question arises as to how the pentest should be performed. Here, pentesters distinguish between the following approaches: Blackbox test Whitebox test Graybox Text Which test is best suited for an audit? Black box or black box test With this penetration test method, the pentester does not [...]
We would like to provide valuable tips for the implementation of ISO 27001 for all companies that are aiming for certification. The ISO 27001 standard describes the requirements of an information security management system (ISMS), which also includes having a person responsible for information security. This person is often called the information security officer [...]
The Network and Information System Security Act - NISG (see publications) only concerns defined sectors defined in §2 of the Act: Energy, transport, banking, financial market infrastructures, healthcare, drinking water supply, digital infrastructures as operators of essential services. In addition, providers of digital services, such as online marketplaces, online search engines and cloud computing [...]
As an extension of the SEC4YOU PenTest portfolio, we offer a standardized audit of Microsoft BitLocker encrypted systems (servers, workstations, notebooks, tablets) with the aim to bypass the BitLocker encryption and extract all data. The method used is the TPM sniffing attack on the TPM chip described in March 2019, here is the Link [...]
ISO 27001 defines the requirements for an Information Security Management System (ISMS). This defines a continuous improvement process (CIP, see Link) which enables the company to determine the necessary security measures in a risk-oriented approach and subsequently to implement and continuously improve them. Often an ISMS is perceived as a software tool, which it [...]
A penetration test (PenTest for short) should be carried out regularly in order to identify and remedy vulnerabilities and potential risks in a timely manner. This minimizes the risk of a successful hacker attack and increases cybersecurity. Cybersecurity PenTest from the Internet and external services Fixed price € 2.850,00 ex. [...]
Secure coding is no longer new in software development. It has also been established for a long time, you can find a wealth of information about it, there are courses, tutorials, and everything is well documented. All developers should therefore be using it by now. Unfortunately, developing secure software does not start with a simple [...]
Encryption on the World Wide Web has a long history, which explains the abbreviations used today. It started back in 1993 with Secure Sockets Programming as a prototype. Netscape subsequently completed Secure Sockets Layer (SSL). SSL version 1 was never published. Version 2 dates back to 1995. Version 3 was published in 1996 as a [...]
Follow the recommendation of experts: perform an infrastructure penetration test at least once a year. When performing penetration tests, we pay attention to a structured approach. To this end, we divide our technical audits into phases according to the recommendation of the German Federal Office for Information Security (BSI): Preparation Information gathering and automatic [...]
More and more often we are asked how to train data protection and the requirements of the GDPR. For internal data protection officers (DPOs) or, if you don't have a DPO, for the internal data protection contact person, there are numerous training courses and courses for further training in the GDPR requirements. However, familiarization [...]
