ERNW Sectools will provide tools that will make IT environments a safer place. We are engineering our knowledge, experience and expertise into new security tools and we will ensure, that our tools will be designed and developed in a secure manner, so they won’t become a weak link in customer environments.
Get the latest news about technical topics within the IT-Security Community and a lot of special insights. Sign up now for our Newsletter at ernw.de:
Updated on 20.06.22 with CVEs and link to Broadcom Security Notice. In April 2021 we reported seven vulnerabilities in Broadcom Automic Automation (UC4) 12.3.5+hf.3. CVE IDs were assigned on 16.06.22, the corresponding Broadcom Security Notice can be found here. The vulnerabilities have been found in the course of a research project, in which we analyzed […]
Missing server-side validation consistently scores a place in the OWASP Top 10. Browsers nowadays offer a lot of ways to easily implement client-side controls, increasing the usability by a lot. They automatically detect missing fields or invalid characters in your input fields and may even validate user input against a regular expressions. However, these controls […]
This is a guest post from Thomas Smits. A long time ago in a galaxy far, far away…. In my ordinary life, I teach computer science at the University of Applied Sciences in Mannheim but for some months, I was an intern at ERNW learning a lot about IT security and penetration testing. One of […]