Crashtest Security Blog

Leon O'Neill

Marketing @ Crashtest Security

Recent Posts

X-XSS-Protection retired, what to do instead?

Dec 15, 2020 5:30:00 PM / by Leon O'Neill


As a vulnerability scanning software we have to constantly develop to keep up with the latest threats and updates. Recently we removed support for the X-XSS-Protection header. 

Read More

5 Ways to Screw Up Your Website Security

Oct 29, 2020 3:00:00 PM / by Leon O'Neill


This was a lot of fun. Ask a DevSecOps engineer “how do I screw up my website security?” and you better take a seat, because the answer will take a while. In short there are lots of ways your security can go wrong. Some mistakes are more critical than others and while many of the pitfalls are widely known, nothing stays still - new vulnerabilities are discovered each day.

If you are not a developer, some of these issues may be too technical, some basic starting points would be HTTP vs HTTPs, we have also written a piece on the cyber security basics. This is also only a distilled version, if you have any other ways to screw up your website security please let me know, I'd love to hear! 

Read More

Open Source Under Attack

Aug 28, 2020 9:30:00 AM / by Leon O'Neill posted in SecurityManagement


Sonatypes annual research “2020 State of the software supply chain” uncovers lots of great insights into the open source world. Open source is such a huge part of modern development that the headline stat of 430% increase year on year of attacks targeting open source projects should be a wake up call for all developers.

Read More

Manual & Automated - A Comprehensive Pentesting Strategy

Aug 7, 2020 2:00:00 PM / by Leon O'Neill posted in WebApplicationSecurity, Cybersecurity, continuous Security


This blog is a joint effort by Alice&Bob.Company and Crashtest Security – a strong partnership enabling thorough vulnerability testing. Penetration Testing is an important function in any cyber security strategy.


A proven method of increasing security is to simulate the attack on yourself and fix vulnerabilities before someone else finds them. Traditionally this has been done manually through a penetration tester (a “pentester”) or ethical hacker, someone who specializes in all the techniques used by attackers. A skilled pentester will work through an exhaustive list of vulnerabilities and attempt to find exploits in every area of a web application. It is a time-consuming process but necessary for any business who takes security seriously.


But what happens when your application is updated frequently? Having a manual pentest every week or even every month is unrealistic for most firms. This is where we see the case for automatic pentesting or continuous vulnerability scanning. By having constant automated pentests with every update you can eliminate the bulk of potential vulnerabilities before they ever reach production. This creates an underlying baseline of security.

Read More

Cyber Security Basics Checklist - 10 steps for beginning your strategy

Aug 3, 2020 8:30:00 AM / by Leon O'Neill posted in SecurityManagement, Cybersecurity


In light of some of recent high-profile attacks; We wanted to share some basic cyber security tips for business of all sizes and provide a simple checklist so that you can audit your company’s cyber security strategy.

Read More

For more information on all topics around continuous security, visit our continuous security page:

Continuous Security Topics