Crashtest Security Blog

What are the different types of Injection Attacks?

Jul 22, 2020 11:45:00 AM / by Hitesh Raja posted in WebApplicationSecurity, Cybersecurity

0 Comments

 

Types of Injection attacks

Read More

Has Corona infected your data too?

Jul 6, 2020 3:21:49 PM / by Hitesh Raja posted in WebApplicationSecurity, Cybersecurity

0 Comments

As more and more companies insist employees to work from home during this pandemic, the whole cyber security of many companies are at huge risk. Can this lead to a network pandemic for companies and individuals? 

 

Read More

What is TLS, SSL, HTTP, and HTTPS? And how do they work together?

Jun 5, 2020 3:15:00 PM / by Hitesh Raja posted in WebApplicationSecurity, Cybersecurity

0 Comments

TLS, SSL, HTTP, HTTPS, ….Are you not familiar with these terms or concepts? Many professionals may not know the network related terminologies to read a security report. Find out some basic terminologies used by network officials in this blog. 

We wil first explain HTTP, then the difference to HTTPS. Afterwards, we explain the SSL and TLS encryption (which is the difference between HTTP and HTTPS). In the end, we will explain how they all work together. 

Read More

The ongoing changes of browser support for TLS 1.0 & 1.1

Apr 22, 2020 9:45:00 AM / by Janosch Maier posted in WebApplicationSecurity, SecurityManagement, VulnerabilityAssessment, Cybersecurity

0 Comments

TLS 1.0 and 1.1 have been around for quite some time. TLS 1.0 was released in 1999, TLS 1.1 in 2006. They both should not be used anymore!
There are well known attacks such as Padding Oracle Attacks or BEAST for those versions. That is why Crashtest Security shows TLS 1.0 & 1.1 as critical vulnerabilities.

This article shows general industry guidelines, the usage of the protocol versions, and how different browser vendors are handling the deprecation of TLS 1.0 and TLS 1.1. We also help you to remediate a website or application that still uses TLS 1.0 or 1.1.

Read More

Crashtest Security Announces new Features to Easily Scan Modern Web Apps

Apr 2, 2020 7:00:00 PM / by Jan Wiederrecht posted in WebApplicationSecurity, DevSecOps, Startup, JavaScriptScanning

0 Comments

Launch Addresses Agile Security Needs:
Full-blown-SaaS features, Improved and Cleaner Design, JavaScript Scanner

Munich, April 2nd of 2020

Read More

JavaScript Applications: The challenges of automated security testing

Mar 25, 2020 5:00:00 PM / by Jan Wiederrecht posted in WebApplicationSecurity, DevSecOps, JavaScriptScanning, continuous Security

0 Comments

According to the most recent StackOverflow Developer Survey, JavaScript is the most popular programming language amongst professional developers (69,7%). Most modern apps use this frontend technology to dynamically load content from the backend based on the user behavior or other events.

This blog article will explain the differences between JavaScript (Single Page) and traditional (Multi Page) web applications. Afterwards, we will explain the specific difficulties of Single Page applications (SPAs) from a security perspective. Finally, we will address the challenges of automating security tests for SPAs.

Read More

For more information on all topics around continuous security, visit our continuous security page:

Continuous Security Topics