Crashtest Security Blog

The ongoing changes of browser support for TLS 1.0 & 1.1

Apr 22, 2020 9:45:00 AM / by Janosch Maier posted in WebApplicationSecurity, SecurityManagement, VulnerabilityAssessment, Cybersecurity

0 Comments

TLS 1.0 and 1.1 have been around for quite some time. TLS 1.0 was released in 1999, TLS 1.1 in 2006. They both should not be used anymore!
There are well known attacks such as Padding Oracle Attacks or BEAST for those versions. That is why Crashtest Security shows TLS 1.0 & 1.1 as critical vulnerabilities.

This article shows general industry guidelines, the usage of the protocol versions, and how different browser vendors are handling the deprecation of TLS 1.0 and TLS 1.1. We also help you to remediate a website or application that still uses TLS 1.0 or 1.1.

Read More

The importance of web application security during the corona outbreak

Apr 8, 2020 10:30:00 AM / by Janosch Maier posted in DevSecOps, VulnerabilityAssessment, Cybersecurity

0 Comments

How can you prevent cyber attacks while rapidly changing to a remote work setup?

The challenge for many companies is to change to a remote work setup on a short notice and with limited preparation. What is more, critical internal systems are connected to more publicly available endpoints these days. There are some short-term actions companies can take now - and some more long-term to stay secure in the long-term.

Read More

What exactly is ... Cross-Site Scripting?

Apr 4, 2019 3:01:55 PM / by Leonard Basse posted in VulnerabilityAssessment

0 Comments

The number of serious vulnerabilities per web application is rising each year. Often developers also have to tackle vulnerabilities that they've never seen before. These Zero Day attacks are the reason why development teams need to proactively search for vulnerabilities within their web application before releasing new features to the public.

Read More

Does Chrome hate website providers?

Feb 16, 2018 9:34:00 AM / by Daniel Schosser posted in VulnerabilityAssessment

0 Comments

Why blocking ads and enforcing https is a good thing

Read More

Who likes the ROBOT?

Dec 16, 2017 8:27:00 AM / by Janosch Maier posted in VulnerabilityAssessment

0 Comments

We don't...

Read More

Multiple Values Access-Control-Allow-Origin

Nov 6, 2017 8:26:00 AM / by Janosch Maier posted in VulnerabilityAssessment

0 Comments

Secure Third Party Access to a REST API

Read More

KRACK: How secure is my Wifi?

Oct 19, 2017 8:23:00 AM / by Janosch Maier posted in VulnerabilityAssessment

0 Comments

And what should I do now?

Read More

Lambda@Edge to configure HTTP Security Headers for CloudFront

Sep 12, 2017 10:20:00 AM / by René Milzarek posted in VulnerabilityAssessment

0 Comments

Security Essentials

Read More

Domain Providers and CAA

Sep 12, 2017 8:16:00 AM / by Janosch Maier posted in VulnerabilityAssessment

0 Comments

Certificate Authorities are not the Problem

Read More

For more information on all topics around continuous security, visit our continuous security page:

Continuous Security Topics