mh-sec.de is the personal security services and research website of German security researcher Marc Heuse. The site describes his long-standing work in IT security consulting, research, and open-source tool development, with notable projects including Hydra, AFL++, thc-ipv6, Amap, and others. Rather than offering a conventional SaaS security product, the site focuses on expert-led project services: penetration testing, configuration reviews, source-code audits, reverse engineering, forensics, security architecture design, and internal training.
The service coverage is broad, including complex DMZs, heterogeneous global networks, routing environments, automotive IT security, SWIFT financial transaction data flows, IPv6 networks, web applications, Unix/Windows systems, Oracle/MySQL/MS-SQL databases, wireless networks, and telephony systems. Source-code audit capabilities cover languages such as C/C++, Java, PHP, Perl, Delphi/Pascal, and Shell. Its value proposition is not “deploy a product for automated protection,” but rather using deep manual assessment to uncover vulnerabilities in critical infrastructure and provide actionable recommendations. The site also emphasizes knowledge transfer and improving security awareness during audits.
The delivery model is mainly consulting projects and internal training. There is no visible description of productized capabilities such as a cloud console, on-premise agents, centralized policy management, or real-time alerting. Deliverables include detailed reports in English or German, and support may cover security architecture, hardening guidance, ISO 27001++ related standards processes, and risk-management design based on ISO 27003/ISO 13335/CRAMM. Its integration capability is better understood as the ability to work deeply across different technology stacks and organizational processes, rather than API or SIEM/SOAR-style platform integration.
The site explicitly mentions ISO 9001:2015 quality process certification, as well as certification experience related to high-protection requirements such as TISAX 3.0, TISAX level 3, and TISAX 5.0 high protection. This is relevant for automotive, prototype information, and highly confidential projects. Pricing, payment methods, standard packages, and SLA terms are not disclosed; repeated mentions of being “booked out” suggest that service capacity may be limited.
Strengths include deep individual expertise, a strong research background, coverage of complex scenarios, and maintenance of well-known open-source security tools—especially credible in fuzzing and offensive/defensive testing. The downside is that this is not a platform-style service, and automated monitoring or continuous alerting capabilities are not presented. Also, since the author joined Security Research Labs in 2024 as a team lead, the independent offering appears to remain mainly focused on Secure Development and Fuzzing internal training. It is best suited for organizations that need expert-level targeted audits, complex infrastructure assessments, IPv6/binary/automotive security expertise, or high-quality security training.
The site does not provide information about access from China, payment methods, or local support, so actual accessibility should be verified through network testing. If domestic delivery, Chinese-language reports, MLPS/CII compliance alignment, or localized response is required, Chinese security service providers such as 奇安信, 绿盟科技, 安恒信息, 长亭科技, and 知道创宇 may be considered. International expert-led alternatives include Security Research Labs, NCC Group, Synacktiv, and Trail of Bits.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on mh-sec.de official site.
mh-sec.de is an Germany Cybersecurity provider. TG4G tracks its product information, an overall rating of 7.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach mh-sec.de directly.