Pentesting competition success for atsec
2009-11-04Munich – atsec consultant Sascha Herzog participated in the hacking workshop and contest last week at the “Attack and Defense" conference. Herzog placed second in a field of 50 contestants.
His results demonstrate atsec’s cutting edge performance when it comes to penetration and web application testing. Among the workshop topics were Windows and Unix security, web application security (like SQL injection, authentication bypass, cross-site scripting, Firefox observation plugins), network security, and other current pentest topics.
Gerald Krummeck, Chief Operations Officer for atsec Germany commented: “We are very proud and pleased that Sascha provided impressive proof of atsec's outstanding expertise in this area of security testing, which is becoming crucially important for all our customers operating web-based services. What makes atsec's penetration and security testing offers quite unique is our ability to not only identify those vulnerabilities, but to also provide structured, standards-based services to implement the necessary mitigations and to define the processes and controls that will prevent our customers from falling into those traps in the future.”
atsec consultants routinely speak at conferences, workshops and publish articles and whitepapers. Several of our consultants also serve in international IT security standards committees.
About atsec information security
atsec information security is an independent, standards-based information technology security services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich (Germany) in 2000 and has extensive international operations with offices in the U.S., Germany, Sweden and China.
atsec offers evaluation and testing services leading to formal certification for IT security including evaluation under Common Criteria schemes in the U.S., Germany, and Sweden; cryptographic module and algorithm testing under the Cryptographic Module Validation Program of the National Institute of Standards and Technology (NIST) in the U.S. and Communications Security Establishment Canada (CSEC) in Canada; and compliance validation to the Payment Card Industry (PCI) Data Security Standard.
atsec also offers secure code review, ISO/IEC 27001 ISMS consulting, and penetration testing and scanning services.
atsec works with leading global companies such as IBM, Apple, Microsoft, Hewlett-Packard, Oracle, Cray, BMW, SGI, Vodafone, RWE, and Wincor-Nixdorf.
