Types of Injection attacks
Jul 22, 2020 11:45:00 AM / by Hitesh Raja posted in WebApplicationSecurity, Cybersecurity
Types of Injection attacks
Jul 6, 2020 3:21:49 PM / by Hitesh Raja posted in WebApplicationSecurity, Cybersecurity
As more and more companies insist employees to work from home during this pandemic, the whole cyber security of many companies are at huge risk. Can this lead to a network pandemic for companies and individuals?
Jun 5, 2020 3:15:00 PM / by Hitesh Raja posted in WebApplicationSecurity, Cybersecurity
TLS, SSL, HTTP, HTTPS, ….Are you not familiar with these terms or concepts? Many professionals may not know the network related terminologies to read a security report. Find out some basic terminologies used by network officials in this blog.
We wil first explain HTTP, then the difference to HTTPS. Afterwards, we explain the SSL and TLS encryption (which is the difference between HTTP and HTTPS). In the end, we will explain how they all work together.
May 8, 2020 3:01:01 PM / by Jan Wiederrecht posted in Startup, Cybersecurity
You are running a startup and want to get started on cybersecurity? You just joined a startup and want to implement the first cybersecurity measures? You are interested what cybersecurity activities should be implemented at a particular growth phase of a startup?
You have come to the right place.
From our experience as a cybersecurity startup ourselves and the countless advice we have given to friends, colleagues, and customers, we have summarized our advice into one blog post. First, we will help you to understand what growth phase is most applicable to you. Second, we cover the four growth phases and the applicable growth phases in detail. Third, we will give you an overview over the cybersecurity measures.
Apr 29, 2020 2:15:00 PM / by Janosch Maier posted in DevSecOps, Cybersecurity, DevOps, continuous Security
As a modern cyber security professional for a corporate, you may get a lot of headache when working together with the people responsible for developing applications, the DevOps team (and vice versa). This article tries to explain why this is the case and how to structure good communication for a fruitful together in the company. Plus, it outlines two concrete strategies on how to continuously create more secure applications: security champions and tool integration.
Apr 24, 2020 2:11:20 PM / by Jan Wiederrecht posted in DevSecOps, DevOps, Continuous Delivery, continuous Security
This FAQ will answer your most burning questions about DevOps.
Apr 22, 2020 9:45:00 AM / by Janosch Maier posted in WebApplicationSecurity, SecurityManagement, VulnerabilityAssessment, Cybersecurity
TLS 1.0 and 1.1 have been around for quite some time. TLS 1.0 was released in 1999, TLS 1.1 in 2006. They both should not be used anymore!
There are well known attacks such as Padding Oracle Attacks or BEAST for those versions. That is why Crashtest Security shows TLS 1.0 & 1.1 as critical vulnerabilities.
This article shows general industry guidelines, the usage of the protocol versions, and how different browser vendors are handling the deprecation of TLS 1.0 and TLS 1.1. We also help you to remediate a website or application that still uses TLS 1.0 or 1.1.
Apr 8, 2020 10:30:00 AM / by Janosch Maier posted in DevSecOps, VulnerabilityAssessment, Cybersecurity
The challenge for many companies is to change to a remote work setup on a short notice and with limited preparation. What is more, critical internal systems are connected to more publicly available endpoints these days. There are some short-term actions companies can take now - and some more long-term to stay secure in the long-term.
Apr 2, 2020 7:00:00 PM / by Jan Wiederrecht posted in WebApplicationSecurity, DevSecOps, Startup, JavaScriptScanning
Munich, April 2nd of 2020
Mar 25, 2020 5:00:00 PM / by Jan Wiederrecht posted in WebApplicationSecurity, DevSecOps, JavaScriptScanning, continuous Security
According to the most recent StackOverflow Developer Survey, JavaScript is the most popular programming language amongst professional developers (69,7%). Most modern apps use this frontend technology to dynamically load content from the backend based on the user behavior or other events.
This blog article will explain the differences between JavaScript (Single Page) and traditional (Multi Page) web applications. Afterwards, we will explain the specific difficulties of Single Page applications (SPAs) from a security perspective. Finally, we will address the challenges of automating security tests for SPAs.
For more information on all topics around continuous security, visit our continuous security page:
Call us:
+49 (0) 89 215 41 665