We are ERNW – IT security specialists from Heidelberg

Since 2001, our focus has been on consulting
and testing in all areas of IT security

Fill 4

Vision & Values

  • Independence

    ERNW is, in terms of technology, manufacturers and financing, an independent service provider. Projects, recommendation of measures or the highlighting of optimization potential is never influenced by contracts with certain manufacturers, bias against certain products or claims of external stakeholder.

  • Expertise

    The continued development of our ERNW team’s expertise is our highest value, and one that is fully supported by our company through continued education, research, and shared innovation.

  • Knowledge transfer

    We believe that shared knowledge empowers ourselves as a company, our customers, and the international IT security community in which we actively participate.

Read more

Our Mission

ERNW is an independent IT Security service provider based in Heidelberg, Germany.  Since its founding in 2001, our focus has been on consulting and testing in all areas of IT security, unallied from outside shareholders and a need to sell products. This independence and self-accountability drives us, as a company, to adhere to a higher standard of professional conduct and development.

Whitepaper sign up

Get the latest information about technical topics within the IT security community and a lot of special insights. Sign up now for our whitepaper newsletter:

Latest ERNW News

February 17, 2026

Vulnerability Disclosure: JWT Authentication Bypass in OpenID Connect Authenticator for Tomcat

During a customer project we identified an issue with the validation of JWT tokens that allowed us to bypass the authentication by using unsigned tokens with arbitrary payloads. During analysis we found out that this is caused by a vulnerability within the library OpenID Connect Authenticator for Tomcat.

Read more
More on More ERNW related articles on our company blog