In addition to an ISO 27001 certification, regular penetration tests of sports betting portals must be carried out for the sports betting licence by the Darmstadt regional council. The pen tests must be carried out according to the OWASP Testing Guide or the OWSAP Testing Guide for web services. The penetration tester must be independent … [Read more…]
Secure coding will take place in calendar weeks 31 and 32, i.e. the first two weeks in August. In terms of concept, this lecture has always been a purely online event without any physial presence, i.e. there is no typical exam, but I evaluate the practical work. There are three tasks: (1) You need to … [Read more…]
The costs of a penetration test depend on the time spent and the daily rate of the penetration tester. The daily rates for penetration testers are above average and range between €1,200 and €2,000, provided it is a reputable service provider for penetration tests. Lower daily rates usually indicate that the respective provider is trying … [Read more…]
A penetration test is basically a structured attack on a company’s IT infrastructure. During this, a penetration tester uses the same tools and techniques that a hacker uses in his attack. However, the objective differs between a malicious hacker and a professional penetration tester. A hacker usually tries to hack a company in order to … [Read more…]
Penetration tests are mandatory for operators of critical infrastructures. In the BSI law under paragraph “8a Security in the information technology of critical infrastructures”, companies are obliged to take appropriate organizational and technical measures to protect their critical infrastructure. The actual law is typically general and abstract. The wording itself does not require penetration tests … [Read more…]
The Content Security Program of the Motion Picture Association (MPA) specifies security requirements in three areas in its Content Security Best Practices Common Guidelines (Version 4.10 of February 8, 2022): Management System Physical Security Digital Security In the requirements for the management system, vulnerability scans and external penetration tests are to be carried out in … [Read more…]
The “minimum security requirements for decentralized portals and registration authorities” for “internet-based vehicle registration (i-Kfz)” from the german Federal Motor Transport Authority (KBA) are extremely extensive. In addition to the architecture of the i-Kfz system, its interfaces and the security requirements derived from them, they also include requirements for conducting a penetration test. To check … [Read more…]
The current version 3.2.1 and the newer version 4.0 of the security standard PCI DSS require penetration tests to be performed. The PCI standard establishes detailed requirements a penetration test needs to comply with. In PCI DSS 3.2.1, the requirement is regulated in Requirement 11.3 and in PCI DSS 4.0 in Requirement 11.4. These requirements … [Read more…]
In order to be included in the register of reimbursable digital health applications (DiGa), the fast-track procedure at the BfArM must be completed. With the Digital Supply and Care Modernization Act (DVPMG), the corresponding guideline included the requirement that company applicants must have a penetration test carried out for their DiGa application. Penetration tests: With … [Read more…]
The recent hacker attack on the University of Gießen has made many people aware that the threat posed by attackers from the Internet is continuously growing. In order to to learn from such security incidents, IT forensic scientists are required to investigate the 7 W questions of criminalistics: Who (perpetrator), What (crime), When (time of … [Read more…]
