Crashtest Security Blog

Manual & Automated - A Comprehensive Pentesting Strategy

Aug 7, 2020 2:00:00 PM / by Leon O'Neill posted in WebApplicationSecurity, Cybersecurity, continuous Security

0 Comments

This blog is a joint effort by Alice&Bob.Company and Crashtest Security – a strong partnership enabling thorough vulnerability testing. Penetration Testing is an important function in any cyber security strategy.

 

A proven method of increasing security is to simulate the attack on yourself and fix vulnerabilities before someone else finds them. Traditionally this has been done manually through a penetration tester (a “pentester”) or ethical hacker, someone who specializes in all the techniques used by attackers. A skilled pentester will work through an exhaustive list of vulnerabilities and attempt to find exploits in every area of a web application. It is a time-consuming process but necessary for any business who takes security seriously.

 

But what happens when your application is updated frequently? Having a manual pentest every week or even every month is unrealistic for most firms. This is where we see the case for automatic pentesting or continuous vulnerability scanning. By having constant automated pentests with every update you can eliminate the bulk of potential vulnerabilities before they ever reach production. This creates an underlying baseline of security.

Read More

What are the different types of Injection Attacks?

Jul 22, 2020 11:45:00 AM / by Hitesh Raja posted in WebApplicationSecurity, Cybersecurity

0 Comments

 

Types of Injection attacks

Read More

Has Corona infected your data too?

Jul 6, 2020 3:21:49 PM / by Hitesh Raja posted in WebApplicationSecurity, Cybersecurity

0 Comments

As more and more companies insist employees to work from home during this pandemic, the whole cyber security of many companies are at huge risk. Can this lead to a network pandemic for companies and individuals? 

 

Read More

What is TLS, SSL, HTTP, and HTTPS? And how do they work together?

Jun 5, 2020 3:15:00 PM / by Hitesh Raja posted in WebApplicationSecurity, Cybersecurity

0 Comments

TLS, SSL, HTTP, HTTPS, ….Are you not familiar with these terms or concepts? Many professionals may not know the network related terminologies to read a security report. Find out some basic terminologies used by network officials in this blog. 

We wil first explain HTTP, then the difference to HTTPS. Afterwards, we explain the SSL and TLS encryption (which is the difference between HTTP and HTTPS). In the end, we will explain how they all work together. 

Read More

The ongoing changes of browser support for TLS 1.0 & 1.1

Apr 22, 2020 9:45:00 AM / by Janosch Maier posted in WebApplicationSecurity, SecurityManagement, VulnerabilityAssessment, Cybersecurity

0 Comments

TLS 1.0 and 1.1 have been around for quite some time. TLS 1.0 was released in 1999, TLS 1.1 in 2006. They both should not be used anymore!
There are well known attacks such as Padding Oracle Attacks or BEAST for those versions. That is why Crashtest Security shows TLS 1.0 & 1.1 as critical vulnerabilities.

This article shows general industry guidelines, the usage of the protocol versions, and how different browser vendors are handling the deprecation of TLS 1.0 and TLS 1.1. We also help you to remediate a website or application that still uses TLS 1.0 or 1.1.

Read More

Crashtest Security Announces new Features to Easily Scan Modern Web Apps

Apr 2, 2020 7:00:00 PM / by Jan Wiederrecht posted in WebApplicationSecurity, DevSecOps, Startup, JavaScriptScanning

0 Comments

Launch Addresses Agile Security Needs:
Full-blown-SaaS features, Improved and Cleaner Design, JavaScript Scanner

Munich, April 2nd of 2020

Read More

JavaScript Applications: The challenges of automated security testing

Mar 25, 2020 5:00:00 PM / by Jan Wiederrecht posted in WebApplicationSecurity, DevSecOps, JavaScriptScanning, continuous Security

0 Comments

According to the most recent StackOverflow Developer Survey, JavaScript is the most popular programming language amongst professional developers (69,7%). Most modern apps use this frontend technology to dynamically load content from the backend based on the user behavior or other events.

This blog article will explain the differences between JavaScript (Single Page) and traditional (Multi Page) web applications. Afterwards, we will explain the specific difficulties of Single Page applications (SPAs) from a security perspective. Finally, we will address the challenges of automating security tests for SPAs.

Read More

For more information on all topics around continuous security, visit our continuous security page:

Continuous Security Topics