Continuous
Security

Continuous Security

Continuous security is a developer’s Nirvana. Always being secure while developing any software is a 
dream state that is unrealistic to accomplish. However, if we strive to achieve this elusive goal, we might end 
up with software that is secure that an attacker needs many resources before breaching the application.

Crashtest Security provides software developers with automated vulnerability scanning software for web applications and APIs. However, we also want to share our knowledge and best practices around cybersecurity 
in all agile software development related topics.

Do you have a specific topic you would like to learn more about? Please write to us! We promise to release content for your topic within a week.

mag image 1 Continuous Security

icon Continuous SecurityContinuous Delivery

To introduce continuous security topics, we start with one of the core principles: “continuous delivery”. This topic covers some general terms and definitions around DevOps and agile development. A continuous delivery process enables teams to take developed code and publish it automatically in a production environment. This process typically includes various tests and is the core enabler to automate and standardize security tests in software development.

If you have never heard of DevOps or the term “continuous security”, we recommend starting with our basic FAQ on all topics around DevOps. We introduce the general topic, why DevOps is introduced to software development teams, and some benefits. We also cover some basic technologies that drive the success of DevOps and agile development. Plus, you’ll get references for further readings.

If you want to understand the real-life benefits of a continuous delivery workflow, read our blog post, “Why Continuous Delivery is Important”. We share a user’s story from a friendly startup trying to implement text changes in their software. The user understood Heroku, Bitbucket, and the basics of code repository workflows quite quickly. Unfortunately, due to the lack of continuous delivery processes, the changes could not be checked without the agency.

Our final content on continuous delivery goes into more detail and addresses the cybersecurity angle in much more detail. If you are interested in the bits and bytes of secure DevOps Processes and red teaming, read our blog on “Why should cybersecurity care about DevOps?”. This article discusses the implications of security teams when it comes to DevOps and continuous delivery. We dive deeper into two concrete elements that cybersecurity should address: security champions and standardization through tools. Even as an experienced pentester or developer, you will learn something new.

WHO WE ARE

über uns 2 Continuous Security

Crashtest Security is a Munich based start-up that redefines web application vulnerability scans.

As an innovator within cyber security for web applications, Crashtest Security develops automated vulnerability assessment solutions that suit the needs of the agile developer or DevSecOps. The clear vulnerability insights provide transparency and actionable steps to enable efficient risk mitigation and particularly reducing the risk of getting hacked.

Our Vision

Crashtest Security is a synonym for (automated) pentests. The Crashtest Security Suite substitutes traditional pentests and supports developers in their daily work by continuously scanning their web application.

Our Mission

We protect companies from hacking attacks by facilitating DevSecOps. An easy integration into the agile development environment helps companies to connect innovation with web application security.

Join Our Team

Benefits

DOWNLOAD OUR
FREE EXAMPLE
SECURITY REPORT
NOW

knowledge image Continuous Security

Table of content

New Project 1 Continuous Security

Download the Whitepaper

Learn how you can implement Continuous Security into your agile development.

Download

icon2 Continuous SecurityContainer Security

Our following content sections cover two technologies that drive and accelerate DevOps adoption in organisations. This part covers the infrastructure component, namely container security.

Containers create a virtual layer between the infrastructure and the code on top of it. This helps developers always have the same conditions – development, testing, or production environments. Containers can be configured to include specific network, compute, and storage resources and installations of operating systems and software on top. While the virtualisation of the infrastructure and base-layer software makes it easier for developers, it is also a security concern.

We are preparing a guide that covers the best practices when it comes to container security. These best practices cover learnings we have incorporated ourselves and are a great starting point for any startup or larger organisation when setting up the initial architecture. In technical deep-dives, we cover the container security itself (i.e. Docker) and go into the orchestration layer (Kubernetes). Read the cybersecurity startup best practices for container security soon!

For everybody a little more advanced, we have two specific How-to articles around containers:

Collect Kubernetes Logs on Docker for Mac” gives you a neat workaround for collecting logs with a bash script. This works great on your local cluster when using the built-in Kubernetes functionality on Docker for Mac.

For all Terraform, Kubernetes, and Vault users out there, we have a solution if you run into a “resource does not have attribute” error. We have a short script for you to automatically create a Kubernetes service account and use the JWT token to provision Vault in the cluster.

icon3 Continuous SecurityTOOLS AND INTEGRATIONS

Now that we covered the basics of continuous delivery and technical aspects, we can start with the advanced integrations and tools that can be integrated into DevOps workflows. We will specifically cover tools to enable security tests. Below is an overview of the different tools you can use in a DevOps environment.

mag image 3 Continuous Security

First, we have an article that will help you understand the deeper aspects of DevOps by providing further helpful resources. The materials cover culture, the first hands-on app development experience, end-to-end workflow mapping, automation, and KPI topics. Check out this article here: Learn more about DevOps.

We have a 30-minute tutorial on building your own DevSecOps pipeline for you! This tutorial will walk you step-by-step through setting up an app in Heroku, creating a simple CI/CD workflow with CircleCI, and integrating two tools: A SAST test (Python safety check) and a DAST test (Crashtest Security). You will also learn about basic GitHub push/pull/commit functionality.

illustration 1 Continuous Security

Subscribe to our newsletter

Stay in touch with Crashtest Security updates and great content about cybersecurity.

Subscribe