Crashtest Security Blog

JavaScript Applications: The challenges of automated security testing

Mar 25, 2020 5:00:00 PM / by Jan Wiederrecht posted in WebApplicationSecurity, DevSecOps, JavaScriptScanning, continuous Security

0 Comments

According to the most recent StackOverflow Developer Survey, JavaScript is the most popular programming language amongst professional developers (69,7%). Most modern apps use this frontend technology to dynamically load content from the backend based on the user behavior or other events.

This blog article will explain the differences between JavaScript (Single Page) and traditional (Multi Page) web applications. Afterwards, we will explain the specific difficulties of Single Page applications (SPAs) from a security perspective. Finally, we will address the challenges of automating security tests for SPAs.

Read More

Container Security: Collect Kubernetes Logs on Docker for Mac

Dec 6, 2019 2:28:00 PM / by Janosch Maier posted in Kubernetes, Skript, Docker, Programming

0 Comments

You have just started using the built-in Kubernetes functionality on Docker for Mac? It is a promising alternative to docker compose if you want to mirror your system infrastructure for local development. If you are using Kubernetes in production, you can easily use your existing pod definitions on your machine without the need of setting up a Kubernetes cluster like minikube yourself. This short blog post will show you how to collect all logs for your local cluster.

Read More

Cards Against Developers - Why Developers create a Card Game

Oct 1, 2019 3:48:00 PM / by Janosch Maier posted in team building, Startup, Cybersecurity

0 Comments

With the corona crisis, a lot of people started to play Cards against Humanity over Zoom meetings. Soon after, Cards against Developers was getting a lot of attention. In this blog post, we want to highlight the following topics:

Let us know if you enjoy this blog post!

If you are curious what Crashtest Security is doing when we are not playing Cards against Developers: Check out our super simple online vulnerability scanner

Read More

Six Quick Wins in DevSecOps

Jun 18, 2019 9:53:46 AM / by Janosch Maier posted in DevSecOps, DevOps, Continuous Delivery, continuous Security

0 Comments

You want to bring your agile development and application security to the next level? You have heard the buzzword "DevSecOps" so many times? You are still asking yourself where to start?
 
We have gathered six quick wins on how you can get started with DevSecOps.
Read More

What exactly is ... Cross-Site Scripting?

Apr 4, 2019 3:01:55 PM / by Leonard Basse posted in VulnerabilityAssessment

0 Comments

The number of serious vulnerabilities per web application is rising each year. Often developers also have to tackle vulnerabilities that they've never seen before. These Zero Day attacks are the reason why development teams need to proactively search for vulnerabilities within their web application before releasing new features to the public.

Read More

How to choose and implement a great vulnerability assessment tool

Feb 18, 2019 6:41:00 PM / by Leonard Basse posted in SecurityManagement

0 Comments

the project of web application security will never be truly finished!

The sheer range of solutions when it comes to web application security can be intimidating for CISOs, Development Managers or basically anyone dealing with vulnerable web applications.

Read More

How you can generate a positive ROI through web application security

Jan 28, 2019 8:55:00 AM / by Leonard Basse posted in SecurityManagement

0 Comments

 

The fact, that Cyber Crime is a serious threat and is becoming more and more costly and dangerous for companies is widely known by now. Most companies know, that cyber security is an issue, however the annual revenue of cyber crime still exceeds the investments in cyber security.

Read More

How all organisations can learn from the hacking attack on politicians & public figures

Jan 15, 2019 8:38:00 AM / by Leonard Basse posted in SecurityManagement

0 Comments

Politicians seem to enjoy the new ways of communication they can have through the internet. Communication is no longer a one way street from politicians to the public but more of a town hall meeting where everyone is invited to share their opinion. Of course this is mostly good, but this virtual proximity doesn’t come without downside risk.

Read More

Terraform Security: Resource does not have attribute

Nov 29, 2018 8:19:00 AM / by Janosch Maier posted in DevSecOps, Kubernetes, Skript, continuous Security

0 Comments

Resolve a Terraform data source issue

 

Read More

The 5 Stages of a Data Breach

Nov 13, 2018 11:11:00 AM / by Leonard Basse posted in SecurityManagement

0 Comments

 

According to the 2018 Global Risk Report the World Economic Forum released this year, Cyberattacks are amongst the Top 5 Risks for Global Stability in terms of Likelihood and Impact. A data breach caused by a cyber attack can indeed have an incredible impact on any country, corporation or business owner.

Read More

For more information on all topics around continuous security, visit our continuous security page:

Continuous Security Topics