References
More than 400 organizations from all industries trust our vendor- and product-independent cybersecurity services.

Developing impact through consulting and realization

For reasons of discretion, we do not list the names of our clients. However, we will be pleased to provide references and letters of recommendation following consultation with the organizations concerned.

How to Measure Information Security

by Lena Reitzle

Is your organisation protected against cyber attacks? You have implemented protective measures, but cannot determine exactly whether they are sufficient and also achieve the desired result, or where there may still be a need?

(more…)

How to Store Passwords Securely

by Sandro Affentranger

Data leaks – incidents in which unauthorized persons have gained access to data collections – occur from time to time. To prevent user passwords from being compromised in such a case, it is important that they are not simply stored in plain text. Instead, they should always be stored “hashed”. This article looks at which hash functions are suitable for this purpose.

(more…)

OWASP Top 10 Proactive Controls – Part 1

by Lena Reitzle

You could say that the OWASP Top 10 Proactive Controls is a bit different from other better-known OWASP top ten lists – for example, the ten most critical risks for web applications (“OWASP Top 10”) or APIs (“OWASP API Security Top 10”) – because it goes beyond simply describing potential risks: The Proactive Controls are primarily aimed at developers and provide them with specific measures for developing secure applications.

(more…)

The OWASP API Top 10 2019

by Lena Reitzle

According to a Gartner report, application programming interfaces (APIs) already account for 40% of the attack surface of web applications – and the trend is rising. Gartner estimates that this figure will rise to 90% by 2021. [1]The trend is more and more towards dynamic single-page applications (SPAs), while classic server-based web applications are gradually being replaced.

(more…)

(In)secure passwords – Part 2: Results of a password quality audit

by Sandro Affentranger

This is the second article on passwords. Recommendations for strong passwords have hardly changed over the years. Only recently it has become clear that the recommendations made so far have created certain patterns that can be exploited by attackers – this has led to a paradigm shift in password policies. This article presents the results of a Password Quality Audit carried out by Oneconsult at an international industrial company. [read the German article]

(In)secure passwords – Part 1: Paradigm shift in password policies

by Sandro Affentranger

This is the first instalment in a two-part series about passwords. Passwords have become indispensable these days. For a long time the recommendation was to make passwords as complex as possible – but lately this has changed: “Long instead of complex” is the new motto. This article introduces the topic and explains why passwords play such an important role. It discusses the risks associated with having passwords fall into the wrong hands, and identifies possible measures to assess and mitigate these risks. [read the German article]

OWASP IoT Top 10 – Part 1

by Jakob Kunzmann

This is the first of two articles presenting the OWASP Top 10 on the Internet of Things, a list of the top ten security risks in IoT, published by the Open Web Application Security Project (OWASP). In this article, the technical aspects of IoT risks are described and, if possible, prominent cases in which they have been exploited are highlighted. If applicable examples exist, the focus will be on malware or attacks for industrial IoT applications. [read the German article]

Pivoting Through a Web Application to the Internal Domain

by Severin Wischmann & Markus Schalch

Penetration testing projects are all about the defined scope and objective, i.e. which systems, entry points, personal or company sites may be attacked, and what specific scenarios should be tested for. These two properties are usually defined at the beginning of the project with the client, which requires a trade-off to be made between completeness and feasibility from a temporal point of view.

(more…)

Malware analysis – Basics

by Severin Wischmann

This is the first installment in a multi-part series about malware and how to analyze it. The article discusses the basics of malware. In further articles of this series, different facets of the analysis will be examined in detail. [read the German article]

New version of OWASP Application Security Verification Standard (ASVS) available

by Alex Wettstein

The Open Web Application Security Projekt – better known as OWASP, is a manufacturer independent non-profit-Organization with the aim of making (web) applications more secure.

One of their flagship projects is the «Application Security Verification Standard», better known as ASVS. Version 4 of ASVS was released today. This article explains the ASVS and how it can support you as the person responsible for IT Security in your daily duties within your enterprise. [read the German article]

No results found.

Don’t miss anything! Subscribe to our free newsletter.

Your security is our top priority – our specialists provide you with professional support.

Availability Monday to Friday 8:00 a.m. – 12:00 p.m. and 1:00 p.m. – 5:00 p.m (exception: customers with SLA – please call the 24/7 IRFA emergency number).

Private individuals please contact your trusted IT service provider or the local police station.

For more information about our DFIR services here:

qr_code_emergency_2022
Add CSIRT to contacts