Crashtest Security Blog

Manual & Automated - A Comprehensive Pentesting Strategy

Aug 7, 2020 2:00:00 PM / by Leon O'Neill posted in WebApplicationSecurity, Cybersecurity, continuous Security

0 Comments

This blog is a joint effort by Alice&Bob.Company and Crashtest Security – a strong partnership enabling thorough vulnerability testing. Penetration Testing is an important function in any cyber security strategy.

 

A proven method of increasing security is to simulate the attack on yourself and fix vulnerabilities before someone else finds them. Traditionally this has been done manually through a penetration tester (a “pentester”) or ethical hacker, someone who specializes in all the techniques used by attackers. A skilled pentester will work through an exhaustive list of vulnerabilities and attempt to find exploits in every area of a web application. It is a time-consuming process but necessary for any business who takes security seriously.

 

But what happens when your application is updated frequently? Having a manual pentest every week or even every month is unrealistic for most firms. This is where we see the case for automatic pentesting or continuous vulnerability scanning. By having constant automated pentests with every update you can eliminate the bulk of potential vulnerabilities before they ever reach production. This creates an underlying baseline of security.

Read More

Why should Cybersecurity care about DevOps?

Apr 29, 2020 2:15:00 PM / by Janosch Maier posted in DevSecOps, Cybersecurity, DevOps, continuous Security

0 Comments

This is how you can secure your DevOps Cycle

As a modern cyber security professional for a corporate, you may get a lot of headache when working together with the people responsible for developing applications, the DevOps team (and vice versa). This article tries to explain why this is the case and how to structure good communication for a fruitful together in the company. Plus, it outlines two concrete strategies on how to continuously create more secure applications: security champions and tool integration.

Read More

What is DevOps? (The non-technical FAQ)

Apr 24, 2020 2:11:20 PM / by Jan Wiederrecht posted in DevSecOps, DevOps, Continuous Delivery, continuous Security

0 Comments

This FAQ will answer your most burning questions about DevOps.

Read More

JavaScript Applications: The challenges of automated security testing

Mar 25, 2020 5:00:00 PM / by Jan Wiederrecht posted in WebApplicationSecurity, DevSecOps, JavaScriptScanning, continuous Security

0 Comments

According to the most recent StackOverflow Developer Survey, JavaScript is the most popular programming language amongst professional developers (69,7%). Most modern apps use this frontend technology to dynamically load content from the backend based on the user behavior or other events.

This blog article will explain the differences between JavaScript (Single Page) and traditional (Multi Page) web applications. Afterwards, we will explain the specific difficulties of Single Page applications (SPAs) from a security perspective. Finally, we will address the challenges of automating security tests for SPAs.

Read More

Six Quick Wins in DevSecOps

Jun 18, 2019 9:53:46 AM / by Janosch Maier posted in DevSecOps, DevOps, Continuous Delivery, continuous Security

0 Comments

You want to bring your agile development and application security to the next level? You have heard the buzzword "DevSecOps" so many times? You are still asking yourself where to start?
 
We have gathered six quick wins on how you can get started with DevSecOps.
Read More

Terraform Security: Resource does not have attribute

Nov 29, 2018 8:19:00 AM / by Janosch Maier posted in DevSecOps, Kubernetes, Skript, continuous Security

0 Comments

Resolve a Terraform data source issue

 

Read More

SecDevOps - No agility without security

Aug 17, 2018 2:29:00 PM / by Jan Wiederrecht posted in DevSecOps, DevOps, Continuous Delivery, continuous Security

0 Comments

The concept of DevOps and agility is nothing new for most companies and developers circling the sun. The most well known frameworks (e.g. Scrum, XP etc.) are applied in many development teams and lead to a number of benefits for teams, companies and customers. Evidence shows that agile methods cause better performances in comparison to the outdated waterfall method. For many companies the outdated waterfall method is the largest contributor to project failure. Another problem with traditional step-by-step programming is that products do not exactly meet the demand of customers and need to be redesigned which takes time and costs money. Through DevOps, development teams work closely with the customer and need to adjust fewer things at the end of the project.

Read More

Why Continuous Delivery is Important

Sep 28, 2017 8:22:00 AM / by Janosch Maier posted in DevSecOps, Continuous Delivery, continuous Security

0 Comments

Good Workflows for the whole company

Read More

For more information on all topics around continuous security, visit our continuous security page:

Continuous Security Topics