it-sa: IT Security Expo and Congress

Visit Compass Security at Europe's largest trade fair for IT security! We invite you to join us in Nuremberg from October 8 to 10.

it-sa is Europe’s largest expo for IT security and one of the most important worldwide events. Whether cloud computing, mobile and cybersecurity, data or network security, the exhibition is since 2009 a unique platform for C-Level experts and IT security officers, from industry, services and administration to meet developers and providers of products and services for IT security.


Gain Security

How secure is your IT infrastructure? Is your data protected as well as it should be?

Visit us at our booth (9-625) and talk to our security experts. You will learn how the security of your IT systems can be checked and which steps are necessary for a successful implementation of your security concept.


With our expert talks and live hacking demonstrations we will sensitize you to current cyber security topics and promote risk awareness in companies:


Relaxed to it-sa

We give you the day ticket worth of € 40!

Book your free ticket now with the personal voucher code B411687 at


Then it directly goes on to our beach 9-625. Here you can relax and phish one of our attractive prizes: 

1st prize: Penetration test up to 3 days
2nd prize: 2-day security training at Compass in Zurich
3rd prize: One-day workshop

... and much more.


We look forward to welcoming you at booth 9-625!


Event website with all details:


Vulnerability in Mailster

Thierry Viaccoz identified an XSS vulnerability in Mailster (email newsletter plugin for WordPress). Read more

Secure Payments on th Internet

More and more goods and services are bought and paid on the internet. Ivan Bütler summarizes security relevant information on online shopping and... Read more

Vulnerability in Froala WYSIWYG HTML Editor

Security Analyst Emanuel Duss identified a DOM XSS vulnerability in the Froala WYSIWYG HTML Editor Read more


Compass Security Blog

Yet Another Froala 0-Day XSS

Compass found a DOM-based cross-site scripting (XSS) in the Froala WYSIWYG HTML Editor. HTML code in the editor is not correctly sanitized when inserted into the DOM. This allows an attacker that can... mehr

Relaying NTLM authentication over RPC

Since a few years, we - as pentesters - (and probably bad guys as well) make use of NTLM relaying a lot for privilege escalation in Windows networks. In this article, we propose adding support for... mehr