Crashtest Security Blog

How to exploit a Microservice Architecture

Sep 10, 2020 2:15:00 PM / by Sudip Sengupta

0 Comments

We've previously written about the basics of Microservice security, but let's take a closer look about how Microservice architectures can be exploited.

Read More

Open Source Under Attack

Aug 28, 2020 9:30:00 AM / by Leon O'Neill posted in SecurityManagement

0 Comments

Sonatypes annual research “2020 State of the software supply chain” uncovers lots of great insights into the open source world. Open source is such a huge part of modern development that the headline stat of 430% increase year on year of attacks targeting open source projects should be a wake up call for all developers.

Read More

Microservice Security - What you need to know

Aug 14, 2020 1:46:19 PM / by Hitesh Raja posted in SecurityManagement

0 Comments

A microservice architecture, often referred simply as microservices, is a set of services that are grouped in order to implement an application. Lately,  development teams prefer microservices, as it facilitates continuous delivery for large applications and adapts easily to the organisation’s needs as its technology evolves and scales up with very minimal effort.

Read More

Manual & Automated - A Comprehensive Pentesting Strategy

Aug 7, 2020 2:00:00 PM / by Leon O'Neill posted in WebApplicationSecurity, Cybersecurity, continuous Security

0 Comments

This blog is a joint effort by Alice&Bob.Company and Crashtest Security – a strong partnership enabling thorough vulnerability testing. Penetration Testing is an important function in any cyber security strategy.

 

A proven method of increasing security is to simulate the attack on yourself and fix vulnerabilities before someone else finds them. Traditionally this has been done manually through a penetration tester (a “pentester”) or ethical hacker, someone who specializes in all the techniques used by attackers. A skilled pentester will work through an exhaustive list of vulnerabilities and attempt to find exploits in every area of a web application. It is a time-consuming process but necessary for any business who takes security seriously.

 

But what happens when your application is updated frequently? Having a manual pentest every week or even every month is unrealistic for most firms. This is where we see the case for automatic pentesting or continuous vulnerability scanning. By having constant automated pentests with every update you can eliminate the bulk of potential vulnerabilities before they ever reach production. This creates an underlying baseline of security.

Read More

Cyber Security Basics Checklist - 10 steps for beginning your strategy

Aug 3, 2020 8:30:00 AM / by Leon O'Neill posted in SecurityManagement, Cybersecurity

0 Comments

In light of some of recent high-profile attacks; We wanted to share some basic cyber security tips for business of all sizes and provide a simple checklist so that you can audit your company’s cyber security strategy.

Read More

What are the different types of Injection Attacks?

Jul 22, 2020 11:45:00 AM / by Hitesh Raja posted in WebApplicationSecurity, Cybersecurity

0 Comments

 

Types of Injection attacks

Read More

Has Corona infected your data too?

Jul 6, 2020 3:21:49 PM / by Hitesh Raja posted in WebApplicationSecurity, Cybersecurity

0 Comments

As more and more companies insist employees to work from home during this pandemic, the whole cyber security of many companies are at huge risk. Can this lead to a network pandemic for companies and individuals? 

 

Read More

What is TLS, SSL, HTTP, and HTTPS? And how do they work together?

Jun 5, 2020 3:15:00 PM / by Hitesh Raja posted in WebApplicationSecurity, Cybersecurity

0 Comments

TLS, SSL, HTTP, HTTPS, ….Are you not familiar with these terms or concepts? Many professionals may not know the network related terminologies to read a security report. Find out some basic terminologies used by network officials in this blog. 

We wil first explain HTTP, then the difference to HTTPS. Afterwards, we explain the SSL and TLS encryption (which is the difference between HTTP and HTTPS). In the end, we will explain how they all work together. 

Read More

Startup Cybersecurity Guidelines: What's needed in your Growth Stage?

May 8, 2020 3:01:01 PM / by Jan Wiederrecht posted in Startup, Cybersecurity

0 Comments

You are running a startup and want to get started on cybersecurity? You just joined a startup and want to implement the first cybersecurity measures? You are interested what cybersecurity activities should be implemented at a particular growth phase of a startup?

You have come to the right place.

From our experience as a cybersecurity startup ourselves and the countless advice we have given to friends, colleagues, and customers, we have summarized our advice into one blog post. First, we will help you to understand what growth phase is most applicable to you. Second, we cover the four growth phases and the applicable growth phases in detail. Third, we will give you an overview over the cybersecurity measures.

Read More

Why should Cybersecurity care about DevOps?

Apr 29, 2020 2:15:00 PM / by Janosch Maier posted in DevSecOps, Cybersecurity, DevOps, continuous Security

0 Comments

This is how you can secure your DevOps Cycle

As a modern cyber security professional for a corporate, you may get a lot of headache when working together with the people responsible for developing applications, the DevOps team (and vice versa). This article tries to explain why this is the case and how to structure good communication for a fruitful together in the company. Plus, it outlines two concrete strategies on how to continuously create more secure applications: security champions and tool integration.

Read More

For more information on all topics around continuous security, visit our continuous security page:

Continuous Security Topics