Crashtest Security Blog

Crashtest Security Announces new Features to Easily Scan Modern Web Apps

Apr 2, 2020 7:00:00 PM / by Jan Wiederrecht

Launch Addresses Agile Security Needs:
Full-blown-SaaS features, Improved and Cleaner Design, JavaScript Scanner

Munich, April 2nd of 2020


Crashtest Security is one of the Top 50 startups in Germany and a leading cybersecurity provider for web applications and APIs.

Today, they announced the launch of their revolutionary JavaScript scanner, setting the new standard for modern web application security. The detection of attack vectors for web applications with JavaScript frontend that dynamically loads new content (e.g. single-page applications) was a tedious, manual process in the past.

The superior logic of the Crashtest Security Scanner identifies attack vectors completely automated in the frontend, the backend, and the communication between the two. The scanner identified and checked more than 5000 pages for possible attack vectors in one of the top 5 online shops in Germany. Their only showed 20 pages.

Crashtest Security also applied their well-known secret sauce of a dead-simple user interface so that the scan only needs the domain to start the scan. “This mix of a simple interface and the powerful technology behind is unmatched in the security software world” said one of the numerous beta-testers.

But wait, there is more: In combination with the launch of the JavaScript scanner, Crashtest Security also enables buying the product completely online, plus an improved and cleaner software design and corporate branding. Felix Brombacher, CEO, is very happy: “The combination of the easiest scanner for the latest web application technology and automated billing makes the usage of Crashtest Security especially easy for growing companies with modern and agile software development teams. We specifically see good traction with startups in their scale phase.”

Crashtest Security SaaS Features Launch

Detailed overview over the new features:

Full-blown SaaS

Customers can now buy the software functionality online via credit card. The software comes in three pre-defined packages (Starter, Advanced, Professional), starting as low as 35 per month. With rising automation needs, the price goes up – but the saved time for the users as well. The software is still open for a 14-day free trial without any credit card required. You can experience the full value during the trial: Click here.

Improved and Cleaner Design

According to their design principle “Complex security testing should be simple to use”, Crashtest Security relaunches their corporate design. The new logo and design show in all aspects of the brand, including software, homepage, logo, and marketing content. The new design especially focuses on creating a smoother registration process experience, as well as an improved in-software guidance. The new logo shows the abundance of attack vectors that can be used these days to attack applications. In addition, the logo signifies the agility that security needs and that continuous testing is the only way to be always protected.

New Software Design Example: Dashboard 

JavaScript Scanner

According to the most recent StackOverflow Developer Survey, JavaScript is the most popular programming language amongst professional developers (69,7%). Most modern apps use this frontend technology to dynamically load content from the backend based on the user’s behavior or other events.

In the past, automatic testing of dynamic web applications was difficult due to the changes in the content and the attack vectors between frontend, backend, and the communication of the two. Competitor products require the user to manually create click sequences and specifying specific value entries for the discovery of attack vectors. This takes a lot of time and requires frequent changes to the security tool setup (i.e. when the software flow changes).

The setup of one specific attack vector could easily take 5 to 15 minutes. Imagine implementing this for 20 attack vectors – and the next deployment, the app logic changes. Another 2 hours to be invested.

This is the core problem that the JavaScript Scanner solves. The automatic detection of attack vectors can be run automatically for every scan to and adjust the logic based on the currently deployed version.

During our extensive beta tests with more than 50 participants, we detected 5000 pages with possible attack vectors in one of the top 5 online shops in Germany. Their currently used software only showed 20 attack vectors. This does not necessarily mean that there are actual security vulnerabilities, but if the possible attack vector is not identified, it would never be tested.

Setting up a project with the new JavaScript scanner is just as easy as before: Entering the domain is all that is required to start the scan.

And finally, the best part: This superior JavaScript is included in the Advanced package, which starts at 69 per month – test your app now.

Topics: WebApplicationSecurity, DevSecOps, Startup, JavaScriptScanning

Jan Wiederrecht

Written by Jan Wiederrecht

For more information on all topics around continuous security, visit our continuous security page:

Continuous Security Topics