Crashtest Security Blog

Startup Cybersecurity Guidelines: What's needed in your Growth Stage?

May 8, 2020 3:01:01 PM / by Jan Wiederrecht posted in Startup, Cybersecurity


You are running a startup and want to get started on cybersecurity? You just joined a startup and want to implement the first cybersecurity measures? You are interested what cybersecurity activities should be implemented at a particular growth phase of a startup?

You have come to the right place.

From our experience as a cybersecurity startup ourselves and the countless advice we have given to friends, colleagues, and customers, we have summarized our advice into one blog post. First, we will help you to understand what growth phase is most applicable to you. Second, we cover the four growth phases and the applicable growth phases in detail. Third, we will give you an overview over the cybersecurity measures.

Read More

Why should Cybersecurity care about DevOps?

Apr 29, 2020 2:15:00 PM / by Janosch Maier posted in DevSecOps, Cybersecurity, DevOps, continuous Security


This is how you can secure your DevOps Cycle

As a modern cyber security professional for a corporate, you may get a lot of headache when working together with the people responsible for developing applications, the DevOps team (and vice versa). This article tries to explain why this is the case and how to structure good communication for a fruitful together in the company. Plus, it outlines two concrete strategies on how to continuously create more secure applications: security champions and tool integration.

Read More

The ongoing changes of browser support for TLS 1.0 & 1.1

Apr 22, 2020 9:45:00 AM / by Janosch Maier posted in WebApplicationSecurity, SecurityManagement, VulnerabilityAssessment, Cybersecurity


TLS 1.0 and 1.1 have been around for quite some time. TLS 1.0 was released in 1999, TLS 1.1 in 2006. They both should not be used anymore!
There are well known attacks such as Padding Oracle Attacks or BEAST for those versions. That is why Crashtest Security shows TLS 1.0 & 1.1 as critical vulnerabilities.

This article shows general industry guidelines, the usage of the protocol versions, and how different browser vendors are handling the deprecation of TLS 1.0 and TLS 1.1. We also help you to remediate a website or application that still uses TLS 1.0 or 1.1.

Read More

The importance of web application security during the corona outbreak

Apr 8, 2020 10:30:00 AM / by Janosch Maier posted in DevSecOps, VulnerabilityAssessment, Cybersecurity


How can you prevent cyber attacks while rapidly changing to a remote work setup?

The challenge for many companies is to change to a remote work setup on a short notice and with limited preparation. What is more, critical internal systems are connected to more publicly available endpoints these days. There are some short-term actions companies can take now - and some more long-term to stay secure in the long-term.

Read More

Cards Against Developers - Why Developers create a Card Game

Oct 1, 2019 3:48:00 PM / by Janosch Maier posted in team building, Startup, Cybersecurity


With the corona crisis, a lot of people started to play Cards against Humanity over Zoom meetings. Soon after, Cards against Developers was getting a lot of attention. In this blog post, we want to highlight the following topics:

Let us know if you enjoy this blog post!

If you are curious what Crashtest Security is doing when we are not playing Cards against Developers: Check out our super simple online vulnerability scanner

Read More

For more information on all topics around continuous security, visit our continuous security page:

Continuous Security Topics