HTTP Verb Tampering

When testing web applications for security flaws, the applications’ handling of different HTTP request methods – also known as verbs – should be considered.Usually, interactions between clients and servers utilize the HTTP methods GET or POST for accessing resources.

Digital transformation requires a solid cyber security

During and after my studies of business administration I worked in different areas and companies. Most recently, almost 5 years in the corporate development/strategy of a semiconductor company with a big focus on automotive applications. During my master’s studies, I mainly focused on entrepreneurship, innovation management and digital topics. That’s why I wrote my master thesis about digital business models. Since August this year I’m working as a consultant in the areas of cyber security and digital transformation and to be honest I’ve more questions than answers after the first weeks.

Phishing: These are the most popular tricks

For criminals and fraudsters, personal data of Internet users is always very desirable. In many cases it allows access to credit cards, bank or online accounts.

Phishing, i.e. obtaining other people’s personal data using fake e-mails or websites, is a popular method of doing this. The following is an overview of the most common methods:

Clickjacking

What is Clickjacking?
Clickjacking takes place when a fraudster sets up an overlaid website interface and steals clicks on that fake website to then use it on a real site. Users come across these illegal overlays by chance and assume that after filling in a field, clicking a link, or entering their passwords, they’ll get access to what they see in front of them.

What is KRITIS and who does it affect? 

In Germany, special regulations apply to operators of critical infrastructures under the Federal Office for Information Security / Bundesamt für Sicherheit in der Informationstechnik (BSI) Act. But who counts as an operator and when are infrastructures classified as critical?

Hard Coded Credentials for Dummies

Hard Coded Credentials for Dummies

or

How to not unknowingly, accidently and unconsciously reveal all your passwords and secrets to bad people

Credentials or passwords are the integral part of online and software world. In the simplest example they are the key protecting your “online house” such as Instagram, Facebook, email, etc.

Who is Hacker’s favorite?

How well is my company positioned when it comes to cybersecurity? Are we way ahead of the game or do we have one foot in a major security hole… these are questions that IT managers often ask themselves. New screenings provide some surprising answers.

Safe on the road on the cyber highway of the future

“We need to take care of our cybersecurity …” Dieser Satz ist in Unternehmen ein häufig gesagter und führt neben zustimmendem Kopfnicken zu einer Art Vogel-Strauß-Haltung This phrase is a common one in organizations…. But where do we start? What is the cost? Along the entire value chain? And who will support us in the process?

The case for flat networks

Flat is trendy.  Flat rates, flat hierarchies, flat iron steaks and even a flat earth, but a flat network?  That is a real no-go nowadays and already for a long time.  Anyone in the business of enterprise network design knows by that a flat network design is just begging for trouble at many levels and layers.

Safety First! Cybersecurity in times of Corona

For more than a year now, more people worldwide have been working from home offices than ever before. 

The digitalization of the home has been turbo-charged, but the digital connection to companies has often been more poor than good, primarily in a hurry, so that everyone can continue to work and earn money quickly. But those which cobble together hurriedly open the door to danger from the web.

SolarWinds – The comprehensive review

In early 2019, hackers secretly broke into Texas-based SolarWind’s systems and added malicious code into the company’s software system. The system, called “Orion,” is widely used by companies to manage critical IT resources.