Code Injection in SAP Application Server ABAP – Solution Tools Plugin ST-PI

On 12. Aug 2020

As one of the largest business software providers, SAP SE products are widely used by companies in all industry sectors all over the world. Vulnerabilities in the core solutions from SAP SE can affect the heart of corporate IT infrastructures.

FIDO2 for Microsoft Online Accounts / Azure AD

On 7. Aug 2020

Nowadays a secure password doesn't necessarily mean your account is safe.

Ad-Hoc Log Management in case of Emergency (SEC Defence)

On 30. Jul 2020

High visibility on all company systems is essential to ensure the correct detection, analysis and handling of any unauthorized or malicious activities.

Security Requirements Engineering – Reaching Mastery

On 8. Jul 2020

If you are serious about secure software development, you must be eager to establish security requirements engineering as the backbone of you SSDLC. Once you have reached mastery in this discipline, many of the benefits will arise organically from the underlying process and continuous improvement is already built in. Are you ready to build upon the fundamentals?

Creating Active Directory Labs for Blue and Red Teams

On 1. Jul 2020

Nowadays most enterprises are using Active Directory for building their internal infrastructure. Therefore, it is important to understand common pitfalls and how to detect adversarial activities in the network.

Security Requirements Engineering – The backbone of your SSDLC

On 23. Jun 2020

In secure software development, not all security activities are born equal. That is especially true when it comes to security requirements engineering.

A deep dive into Secure Software Development based on OWASP SAMM

On 15. Jun 2020

Secure Software Development is one of the key processes that will have a lasting impact on software assurance. Investing in secure software development will help us create more resilient and robust systems in the long run, and that's a goal worth striving for.

Patch Immediately: Critical Vulnerability in SAP® ABAP systems (CVE-2020-6262)

On 13. May 2020

SEC Consult Vulnerability Lab discovered a critical code injection vulnerability (CVE-2020-6262) with a CVSSv3 Score of 9.9 in SAP® Service Data Download (a part of the SAP® Solution Manager Plugin ST-PI).

First Virtual OWASP Vienna Chapter Meeting: Secure Software Development with OWASP SAMM

On 23. Apr 2020

On 2020-04-20, the first virtual meeting of the OWASP Vienna chapter took place. I (Thomas Kerbl - SEC Consult) was invited to talk about my experiences with Secure Software Development based on OWASP SAMM, the Security Assurance Maturity Model.

IT Security in the home office – what should be considered?

On 5. Apr 2020

You have certainly read some articles with very good recommendations on IT security in the home office over the last few days. We have also looked at these articles and would like to add a few more helpful points.

Page 1 of 1112 3 ›»

Application & System security

Process & Organisation

Awareness & Training

Defense & Prevention

Cyber emergency? Call +49 30 398 2027 77

Multiple Vulnerabilities in flatCore CMS

Stored Cross-Site Scripting (XSS) Vulnerability in Namirial SIGNificant SignAnyWhere

Privilege Escalation Vulnerability in SteelCentral Aternity Agent