Crashtest Security Blog

Janosch Maier

Co-Founder @ Crashtest Security. I write and give workshops regarding Web Security
Find me on:

Recent Posts

Why should Cybersecurity care about DevOps?

Apr 29, 2020 2:15:00 PM / by Janosch Maier posted in DevSecOps, Cybersecurity, DevOps, continuous Security

0 Comments

This is how you can secure your DevOps Cycle

As a modern cyber security professional for a corporate, you may get a lot of headache when working together with the people responsible for developing applications, the DevOps team (and vice versa). This article tries to explain why this is the case and how to structure good communication for a fruitful together in the company. Plus, it outlines two concrete strategies on how to continuously create more secure applications: security champions and tool integration.

Read More

The ongoing changes of browser support for TLS 1.0 & 1.1

Apr 22, 2020 9:45:00 AM / by Janosch Maier posted in WebApplicationSecurity, SecurityManagement, VulnerabilityAssessment, Cybersecurity

0 Comments

TLS 1.0 and 1.1 have been around for quite some time. TLS 1.0 was released in 1999, TLS 1.1 in 2006. They both should not be used anymore!
There are well known attacks such as Padding Oracle Attacks or BEAST for those versions. That is why Crashtest Security shows TLS 1.0 & 1.1 as critical vulnerabilities.

This article shows general industry guidelines, the usage of the protocol versions, and how different browser vendors are handling the deprecation of TLS 1.0 and TLS 1.1. We also help you to remediate a website or application that still uses TLS 1.0 or 1.1.

Read More

The importance of web application security during the corona outbreak

Apr 8, 2020 10:30:00 AM / by Janosch Maier posted in DevSecOps, VulnerabilityAssessment, Cybersecurity

0 Comments

How can you prevent cyber attacks while rapidly changing to a remote work setup?

The challenge for many companies is to change to a remote work setup on a short notice and with limited preparation. What is more, critical internal systems are connected to more publicly available endpoints these days. There are some short-term actions companies can take now - and some more long-term to stay secure in the long-term.

Read More

Container Security: Collect Kubernetes Logs on Docker for Mac

Dec 6, 2019 2:28:00 PM / by Janosch Maier posted in Kubernetes, Skript, Docker, Programming

0 Comments

You have just started using the built-in Kubernetes functionality on Docker for Mac? It is a promising alternative to docker compose if you want to mirror your system infrastructure for local development. If you are using Kubernetes in production, you can easily use your existing pod definitions on your machine without the need of setting up a Kubernetes cluster like minikube yourself. This short blog post will show you how to collect all logs for your local cluster.

Read More

Cards Against Developers - Why Developers create a Card Game

Oct 1, 2019 3:48:00 PM / by Janosch Maier posted in team building, Startup, Cybersecurity

0 Comments

With the corona crisis, a lot of people started to play Cards against Humanity over Zoom meetings. Soon after, Cards against Developers was getting a lot of attention. In this blog post, we want to highlight the following topics:

Let us know if you enjoy this blog post!

If you are curious what Crashtest Security is doing when we are not playing Cards against Developers: Check out our super simple online vulnerability scanner

Read More

Six Quick Wins in DevSecOps

Jun 18, 2019 9:53:46 AM / by Janosch Maier posted in DevSecOps, DevOps, Continuous Delivery, continuous Security

0 Comments

You want to bring your agile development and application security to the next level? You have heard the buzzword "DevSecOps" so many times? You are still asking yourself where to start?
 
We have gathered six quick wins on how you can get started with DevSecOps.
Read More

Terraform Security: Resource does not have attribute

Nov 29, 2018 8:19:00 AM / by Janosch Maier posted in DevSecOps, Kubernetes, Skript, continuous Security

0 Comments

Resolve a Terraform data source issue

 

Read More

tuwat

Jan 5, 2018 8:35:00 AM / by Janosch Maier posted in Events

0 Comments

Crashtest Security on the 34C3

Read More

Who likes the ROBOT?

Dec 16, 2017 8:27:00 AM / by Janosch Maier posted in VulnerabilityAssessment

0 Comments

We don't...

Read More

Multiple Values Access-Control-Allow-Origin

Nov 6, 2017 8:26:00 AM / by Janosch Maier posted in VulnerabilityAssessment

0 Comments

Secure Third Party Access to a REST API

Read More

For more information on all topics around continuous security, visit our continuous security page:

Continuous Security Topics