ERNW Research is an independent IT Security service provider based in Heidelberg, Germany. Since its founding in 2015, the focus of ERNW Research has been on performing Research projects in all areas of IT security - publicly funded projects in cooperation with universities, customer projects, as well as internal research projects.
Our goal is to perform cutting edge research to preserve excellence, and apply our knowledge and research results in highly technical projects for our customers.
Particular fields of attention are the areas of Incident Response, Forensic Computing, Malware Analysis, and Medical Device Security, as well as advanced security assessments.
Get the latest news about technical topics within the IT-Security Community and a lot of special insights. Sign up now for our Newsletter at ernw.de:
OpenSIS is an open source student information system. Recently, it was affected by several vulnerabilities such as SQL injections, local file inclusions and incorrect access controls (CVE-2020-13380, CVE-2020-13381, CVE-2020-13382, CVE-2020-13383). That is why I got interested and also had a quick look at the application. As part of this investigation, I discovered two vulnerabilities, an […]