Secure coding will take place in calendar weeks 31 and 32, i.e. the first two weeks in August. In terms of concept, this lecture has always been a purely online event without any physial presence, i.e. there is no typical exam, but I evaluate the practical work. There are three tasks: (1) You need to … [Read more…]
The costs of a penetration test depend on the time spent and the daily rate of the penetration tester. The daily rates for penetration testers are above average and range between €1,200 and €2,000, provided it is a reputable service provider for penetration tests. Lower daily rates usually indicate that the respective provider is trying … [Read more…]
A penetration test is basically a structured attack on a company’s IT infrastructure. During this, a penetration tester uses the same tools and techniques that a hacker uses in his attack. However, the objective differs between a malicious hacker and a professional penetration tester. A hacker usually tries to hack a company in order to … [Read more…]
Penetration tests are mandatory for operators of critical infrastructures. In the BSI law under paragraph “8a Security in the information technology of critical infrastructures”, companies are obliged to take appropriate organizational and technical measures to protect their critical infrastructure. The actual law is typically general and abstract. The wording itself does not require penetration tests … [Read more…]
The Content Security Program of the Motion Picture Association (MPA) specifies security requirements in three areas in its Content Security Best Practices Common Guidelines (Version 4.10 of February 8, 2022): Management System Physical Security Digital Security In the requirements for the management system, vulnerability scans and external penetration tests are to be carried out in … [Read more…]
The “minimum security requirements for decentralized portals and registration authorities” for “internet-based vehicle registration (i-Kfz)” from the german Federal Motor Transport Authority (KBA) are extremely extensive. In addition to the architecture of the i-Kfz system, its interfaces and the security requirements derived from them, they also include requirements for conducting a penetration test. To check … [Read more…]
The current version 3.2.1 and the newer version 4.0 of the security standard PCI DSS require penetration tests to be performed. The PCI standard establishes detailed requirements a penetration test needs to comply with. In PCI DSS 3.2.1, the requirement is regulated in Requirement 11.3 and in PCI DSS 4.0 in Requirement 11.4. These requirements … [Read more…]
In order to be included in the register of reimbursable digital health applications (DiGa), the fast-track procedure at the BfArM must be completed. With the Digital Supply and Care Modernization Act (DVPMG), the corresponding guideline included the requirement that company applicants must have a penetration test carried out for their DiGa application. Penetration tests: With … [Read more…]
The binsec has restructured: binsec group GmH, founded by the three partners Patrick Sauer, Florian Zavatzki and Dominik Sauer at the end of 2019, now officially owns binsec GmbH and binsec academy GmbH since January 2020.
On July I wrote a blog post about the modified Requirement 6.6 in PCI DSS 3.0. I am not going into the details again, it’s sufficient to say that the new standard allows to operate a WAF in monitoring only mode without blocking requests: 6.6 For public-facing web applications, ensure that either of the following … [Read more…]
