Cyber Security Guide

How does one actually become a pentester? What does a pentester earn? Do career changers also have a chance? And what does a penetration tester do all day? I will answer this and more in this article. Read more →

Data security comprises all technical and organizational measures to protect data. We explain the protection goals, the legal requirements, the biggest threats and the most important measures – and how data security differs from data protection, information security and cybersecurity. Read more →

Authentication and authorisation are often confused. We explain the difference between proving and verifying an identity, single- and two-factor methods, and how access rights are granted via RBAC and DAC. Read more →

An attack vector is a path or technique attackers use to exploit a vulnerability and attack an IT system. We explain the most important attack vectors, how they are exploited and how to reduce your attack surface. Read more →

A buffer overflow is a programming error that can be exploited by hackers to gain unauthorized access to IT systems. It is one of the best-known security vulnerabilities in software, yet it is relatively widespread. This is partly because buffer overflows can occur in a variety of ways and the methods used to prevent them… Read more →

A cybersecurity security concept refers to guidelines that are intended to ensure IT security in the company. It is about ensuring the availability, integrity and confidentiality of company data, applications and services. We explain how to create an IT security concept in 8 steps. Read more →

A proxy server acts as an intermediary server between a client and a web server. We explain how proxy servers work, the different types, why companies use them, and how they differ from a VPN. Read more →

The MITRE ATT&CK Framework is a continuously updated knowledge base consisting of cyber attacker tactics and techniques across the attack lifecycle. Read more →

Endpoint Security comprises all technical and organisational measures that protect endpoint devices such as PCs, laptops, smartphones and tablets from unauthorised access and malware. We explain the key protective measures as well as the differences between EPP, EDR, MDR and XDR. Read more →

The need-to-know principle describes a security objective for confidential information. Access should only be granted to a user if the information is immediately needed to perform a task. Read more →

Vulnerability scanners are automated tools that organisations can use to monitor their networks, systems and applications for security weaknesses. Vulnerability scanning is a best practice in corporate networks and is often required by industry standards such as PCI-DSS and government regulations to improve enterprise security. Read more →

In this article, we explain what NTLM authentication is, how it works, and how it can be exploited by attackers. Read more →

The CVSS Score provides a numerical representation (0.0 to 10.0) of the severity of a security vulnerability in IT. We explain how the Common Vulnerability Scoring System works, how CVSS should be used and how the CVSS Score is calculated. Read more →

An Information Security Management System (ISMS) defines methods to ensure information security in an organisation. Read more →

Information security is intended to ensure the confidentiality, integrity and availability of information. The information can be available on IT systems or in non-digital form. Read more →

The CIS Controls bundle the most important IT security measures into 18 packages of measures. We explain what is behind them, how the implementation groups IG1–IG3 work and how to implement the controls. Read more →

How does a firewall actually work? What does a good enterprise firewall architecture look like? To what extent does appropriate network segmentation help defend against threats? Read more →