“Erfolgsfaktoren für gute Penetrationstests”
RedTeam Pentesting offers individual penetration tests, short pentests, performed by a team of specialised IT security experts. Hereby, security weaknesses in IT systems (e.g. networks, applications or devices) are uncovered and can be remedied.
As there are only few experts in this field, RedTeam Pentesting wants to share its knowledge and enhance the public knowledge with research in security related areas. The results so far are public security advisories which gained national and international attention.
In contrast to many other companies, RedTeam Pentesting specialises in pentests. A detailed description of pentests can be found on the pentest pages, frequently asked questions are answered in the FAQ section.
If there are any further questions, do not hesitate to contact us via email, fax or phone.
To stay up to date with news from RedTeam Pentesting you can subscribe to the following RSS feed.
News
- - New security advisory released: rt-sa-2014-016: Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite
- -
On 25 February 2015, Jens Liebchen will be at the
22. DFN-Konferenz “Sicherheit in vernetzten Systemen” in Hamburg, discussing success factors for good penetration tests based on his practical experience as a penetration tester. The language of the talk will be German.
- - New security advisory released: rt-sa-2014-013: Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics Page
- -
New security advisory released: rt-sa-2014-010: AVM FRITZ!Box Firmware Signature Bypass
- -
New security advisory released: rt-sa-2014-015: Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0
- -
The (German) slides from the talk “Angriff zur Verteidigung – Erfolgsfaktoren für gute Penetrationstests”, held at the IT-Sicherheitstag NRW in Hagen are now available in the publications section.
- -
New security advisory released: rt-sa-2014-012: Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components
The vulnerability enables attackers to fully compromise the application servers that host the mobile device management components and therefore most likely also all devices managed through the solution. - - Three new security advisories released: rt-sa-2014-007: Remote Code Execution in TYPO3 Extension ke_dompdf, rt-sa-2014-009: Information Disclosure in TYPO3 Extension ke_questionnaire and rt-sa-2014-011: EntryPass N5200 Credentials Disclosure
- -
On 10 December 2014 Patrick Hof will give a live interview at the 2.
SZ-Fachkonferenz: Versicherung und Internet on the topic
“Hackerangriffe – wie die Profis vorgehen: Wo liegen die
größten Sicherheitslücken?”. The language of the interview will
be German.
- -
On 3 December 2014 Jens Liebchen will give a talk at the IT-Sicherheitstag NRW on the topic “Angriff zur Verteidigung - Erfolgsfaktoren für gute Penetrationstests”. The language of the talk will be German.
- - RedTeam Pentesting has a new member: Hanno Heinrichs reinforces the team as a new penetration tester.
- - New security advisory released: rt-sa-2014-008: Python CGIHTTPServer File Disclosure and Potential Code Execution
- - Two new security advisories released: rt-sa-2013-002: Endeca Latitude Cross-Site Request Forgery and rt-sa-2013-003: Endeca Latitude Cross-Site Scripting
- - New security advisory released: rt-sa-2014-006: Directory Traversal in DevExpress ASP.NET File Manager
- - Two security advisories released: rt-sa-2014-004: Remote Command Execution in webEdition CMS Installer Script and rt-sa-2014-005: SQL Injection in webEdition CMS File Browser
