Matthias Göhring
Dustin Born
Static Analysis Hero (SAH) is a Visual Studio Code extension for detecting software vulnerabilities and managing static code analysis. It supports code scanning using Semgrep, custom rulesets, and built-in regex for multiple languages. SAH also enables documentation through comments, bookmarks, prioritization, and export/import features for collaborative security reviews. Fully open-source, offline-capable, and compatible with other VS Code tools to leverage the power of the IDE, SAH is designed for both developers and security professionals.
Matthias Göhring
Security Consultant & Head of usd HeroLab // usd AG
Matthias Göhring is security consultant and penetration tester at usd AG, an information security company based in Germany with the mission #moresecurity. He is Head of usd HeroLab, the division of usd specialized in technical security assessments. In addition, he holds lectures at Technical University Darmstadt and University of Applied Sciences Darmstadt on ethical hacking and penetration testing. In previous scientific work, he focused on network and communication security as well as software security.
Previous publications:
- Catching the Clones – Insights in Website Cloning Attacks, Risk Connect Conference, 2021
- Path MTU Discovery Considered Harmful, IEEE 38th International Conference on Distributed Computing Systems (ICDCS), 2018
- Tor Experimentation Tools, IEEE Security and Privacy Workshops, 2015
- On randomness testing in physical layer key agreement, IEEE 2nd World Forum on Internet of Things (WF-IoT), 2015
Dustin Born
Consultant IT Security at usd AG
Dustin Born is security consultant and penetration tester at usd AG, an information security company based in Germany with the mission #moresecurity. Within pentesting, he focuses on web applications, cloud environments and mobile applications. Apart from this, Dustin supports the development of several internal tools that focus on automated reconnaissance and vulnerability assessment. This aligns with his interests in developing tools related to IT security and his previous scientific work. Specifically, he has built a framework for a general purpose vulnerability scanner as well as one for the dynamic analysis of iOS apps.