The impact on security testing for DevOps-driven applications

On 10. Feb 2020

According to the Splunk/Puppet’s 7th annual report on the “State of DevOps”, 51% of software development companies worldwide already work with their DevOps team. In contrast, the release-oriented software based on the waterfall model is slowly losing its importance. The most progressive companies in this sector publish several hundred (micro)releases per month. [Next: An unvarnished inventory] What does this mean for security testing? DevOps improves the classic approach to security testing that was practiced in the past: after Dev before Ops. DevSecOps seems to be the right method – at least because it includes security in the process. Unfortunately, it doesn’t go on as simply as that. DevSecOps is strongly dependent on the respective toolchain to ensure development quality (security […]

How to use blockchain technology to secure forensic evidence

On 21. Jan 2020

SEC Consult has been observing the development and application possibilities of blockchain technologies for some time. These technologies could also be used in individual areas of security consulting. Within the scope of a recent research project, possible scenarios for the preservation of evidence after cyberattacks were examined in more detail.

Critical success factors for your ISO/IEC 27001 certification audit

On 8. Dec 2019

Are you planning to implement an ISMS in your organization? Don't forget to consider these two key success factors...

Winning the Interface War: Extracting Information from Electronic Devices with the SEC Xtractor

On 4. Dec 2019

We have just made the "SEC Xtractor" tool (SEC Consult's hardware exploitation and firmware extraction tool) open-source!

On 27. Nov 2019

...and honestly, this wasn't an easy feat! It took our working group (AG 001.77) – which I was honored to chair – more than two years from start to finish. At least a dozen security experts were active members of the group, bringing in their specific knowledge to the individual areas. At times it was a cumbersome but ultimately very fruitful endeavor.

Impressions from the NASA space apps challenge Vilnius

On 6. Nov 2019

SEC Consult is happy to support such an amazing initiative that encourages people to work on global problems to make the world a better place.

Vulnerability in EU cross-border authentication software (eIDAS Node)

On 29. Oct 2019

During a short crash test SEC Consult identified a critical vulnerability in the eIDAS-Node software component that could allow an attacker to impersonate any EU citizen.

Ready for the NISG & NISV? – Official requirements for dealing with security incidents

On 22. Sep 2019

With the NISV - the official regulation of the Network and Information System Security Ordinance- Austria has now laid down concrete network and information security requirements for providers of essential services within the framework of the Network and Information System Security Act (NISG).

Driving IoT growth in Asia

On 20. Sep 2019

IoT devices are infiltrating every aspect of our life and some of us probably can’t imagine spending a day without them anymore.

Global Cyberlympics 2019 – SEC Consult team “No Signal” is Top 2 of Asia

On 16. Sep 2019

SEC Consult team invited to compete at Global Cyberolympics World Finals in Canada.

Page 1 of 912 3 ›»

Application & System security

Process & Organisation

Awareness & Training

Defense & Prevention

Cyber emergency? Call +49 30 398 2027 77

Cross-Site Request Forgery (CSRF) in Umbraco CMS

Reflected XSS in ZOHO ManageEngine ServiceDeskPlus

File Extension Spoofing in Windows Defender Antivirus