This FAQ will answer your most burning questions about DevOps.
TLS 1.0 and 1.1 have been around for quite some time. TLS 1.0 was released in 1999, TLS 1.1 in 2006. They both should not be used anymore!
There are well known attacks such as Padding Oracle Attacks or BEAST for those versions. That is why Crashtest Security shows TLS 1.0 & 1.1 as critical vulnerabilities.
This article shows general industry guidelines, the usage of the protocol versions, and how different browser vendors are handling the deprecation of TLS 1.0 and TLS 1.1. We also help you to remediate a website or application that still uses TLS 1.0 or 1.1.
How can you prevent cyber attacks while rapidly changing to a remote work setup?
The challenge for many companies is to change to a remote work setup on a short notice and with limited preparation. What is more, critical internal systems are connected to more publicly available endpoints these days. There are some short-term actions companies can take now - and some more long-term to stay secure in the long-term.
Launch Addresses Agile Security Needs:
Full-blown-SaaS features, Improved and Cleaner Design, JavaScript Scanner
Munich, April 2nd of 2020
According to the most recent StackOverflow Developer Survey, JavaScript is the most popular programming language amongst professional developers (69,7%). Most modern apps use this frontend technology to dynamically load content from the backend based on the user behavior or other events.
This blog article will explain the differences between JavaScript (Single Page) and traditional (Multi Page) web applications. Afterwards, we will explain the specific difficulties of Single Page applications (SPAs) from a security perspective. Finally, we will address the challenges of automating security tests for SPAs.
You have just started using the built-in Kubernetes functionality on Docker for Mac? It is a promising alternative to docker compose if you want to mirror your system infrastructure for local development. If you are using Kubernetes in production, you can easily use your existing pod definitions on your machine without the need of setting up a Kubernetes cluster like minikube yourself. This short blog post will show you how to collect all logs for your local cluster.
With the corona crisis, a lot of people started to play Cards against Humanity over Zoom meetings. Soon after, Cards against Developers was getting a lot of attention. In this blog post, we want to highlight the following topics:
- Why we created a card game as a security company
- Cards against Developers: How to play online
- Adding your own card sets to online games
Let us know if you enjoy this blog post!
If you are curious what Crashtest Security is doing when we are not playing Cards against Developers: Check out our super simple online vulnerability scanner.
You want to bring your agile development and application security to the next level? You have heard the buzzword "DevSecOps" so many times? You are still asking yourself where to start?
We have gathered six quick wins on how you can get started with DevSecOps.
The number of serious vulnerabilities per web application is rising each year. Often developers also have to tackle vulnerabilities that they've never seen before. These Zero Day attacks are the reason why development teams need to proactively search for vulnerabilities within their web application before releasing new features to the public.
… the project of web application security will never be truly finished!
The sheer range of solutions when it comes to web application security can be intimidating for CISOs, Development Managers or basically anyone dealing with vulnerable web applications.
For more information on all topics around continuous security, visit our continuous security page:
.png?width=1024&name=DevSecOps%20-%20Pillar%20(3).png)
