»Crashtest Security allows us to make security scans easily accessible for development teams to establish a higher security baseline.«Said Moftakhar, IT Security & Privacy
Challenges Faced By DATEV
+ Handle more incremental changes
Instead of handling a few significant releases with manual pentests, the product teams/workstreams should be able to do security testing for small, incremental changes.
+ Automate Security Testing
To become more efficient, security testing efforts have to be automated as well as possible to establish a solid baseline and provide the security team more time to focus on topics that need in-depth analysis.
+ Embed security in the development process
A “Shift Left“ of security measures to support developers already during the development of new features with advice on security vulnerabilities
How did Crashtest Security Solve These Challenges?
+ Many changes mean pentesting and security scanning cannot be done manually. The product teams have the opportunity to test each update and every modification with Crashtest Security.
+ With the basic vulnerabilities already covered through Crashtest Security, the (internal) security engineers and (external) pentesters can focus on security issues that require human attention.
+ Automatic Scanning trigger within the development process means every update & release can be scanned before hitting production. Developers get alerted of issues
DATEV Found These Benefits
So how does DATEV benefit from the usage of Crashtest Security?
+ Freeing up resources of the security engineers in the development teams due to faster detection and remediation advice.
+ Reducing the number of manual pentests needed each year due to the raised security baseline.
+ Through the reduced number of penetration tests, there is also a reduction in related efforts within the development and central security teams.
Through continuous vulnerability assessments via the Crashtest Security Suite, DATEV’s security baseline is raised significantly in the intervals between manual pentests.
Why Crashtest Security?
DATEV chose Crashtest Security to provide automated vulnerability scanning software for their web applications and APIs.
By implementing Crashtest Security to scan before deployment automatically, DATEV is working towards eliminating vulnerabilities earlier in the development process and detecting them before deploying the web apps and APIs to production.
How DATEV integrated Crashtest Security
DATEV is using Crashtest Security within its agile development teams. The security scanners are integrated into the CI/CD Pipeline and configured to test automatically, either event-based (e.g., before every release), on a schedule, or on-demand. As a result, new teams are onboarded in less than a half day, making security testing effortless and readily available for the developers.
DATEV is one of Germany’s leading software development companies, focused on developing business software for its cooperative members and clients. With the Cloud Strategy DATEV 2025, one of the primary goals is to improve automation. After switching to an agile development process, it was time to integrate automated security testing efforts into the development process.