Crashtest Security – New Features to Scan Modern Web Apps

In this article:

Identify Security Vulnerabilities in Your Web Apps and APIs
Try for free now

Launch Addresses Agile Security Needs:
Full-blown-SaaS features, Improved and Cleaner Design, JavaScript Scanner

Munich, April 2nd of 2020


Crashtest Security is one of the Top 50 startups in Germany and a leading cybersecurity provider for web applications and APIs.

Today, they announced their revolutionary JavaScript scanner, setting the new standard for modern web application security. The detection of attack vectors for web applications with JavaScript frontend that dynamically loads new content (e.g., single-page applications) was a tedious, manual process in the past.

The Crashtest Security Scanner’s superior logic identifies attack vectors completely automated in the front, backend, and communication between the two. The scanner identified and checked more than 5000 pages for possible attack vectors in one of Germany’s top 5 online shops. Unfortunately, they only showed 20 pages.

Crashtest Security also applied their well-known secret sauce of a dead-simple user interface to need the domain to start the scan. “This mix of a simple interface and the powerful technology behind it is unmatched in the security software world,” said one of the numerous beta-testers.

But wait, there is more: In combination with the launch of the JavaScript scanner, Crashtest Security also enables buying the product completely online, plus an improved and cleaner software design and corporate branding. Felix Brombacher, the CEO, is very happy: “The combination of the easiest scanner for the latest web application technology and automated billing makes the usage of Crashtest Security especially easy for growing companies with modern and agile software development teams. We specifically see good traction with startups in their scale phase.”

Crashtest Security Discount

Detailed overview of the new features:

Full-blown SaaS

Customers can now buy the software functionality online via credit card. The software comes in three pre-defined packages (Starter, Advanced, Professional), starting as low as € 35 per month. Of course, with rising automation needs, the price goes up, but the users save time. The software is still open for a 14-day free trial without any credit card required. You can experience the full value during the trial: Click here.

Improved and Cleaner Design

improved design

According to their design principle, “Complex security testing should be simple to use,” Crashtest Security relaunches their corporate design. The new logo and design show all aspects of the brand, including software, homepage, logo, and marketing content. The new design especially focuses on creating a smoother registration process experience and improved in-software guidance. The new logo shows the abundance of attack vectors that can be used these days to attack applications. The logo signifies the agility that security needs and that continuous testing are the only way to be protected.

JavaScript Scanner

According to the most recent StackOverflow Developer Survey, JavaScript is the most popular programming language amongst professional developers (69,7%). Most modern apps use this frontend technology to dynamically load content based on the user’s behavior or other events.

In the past, automatic testing of dynamic web applications was difficult due to the changes in the content and the attack vectors between the front end, backend, and communication. Competitor products require the user to manually create click sequences and specifying specific value entries to discover attack vectors. This takes a lot of time and requires frequent changes to the security tool setup (i.e., when the software changes).

The setup of one specific attack vector could easily take 5 to 15 minutes. Imagine implementing this for 20 attack vectors – and the next deployment, the app logic changes. Another 2 hours to be invested.

This is the core problem that the JavaScript Scanner solves. The automatic detection of attack vectors can be run automatically for every scan and adjust the logic based on the deployed version.

During our extensive beta tests with more than 50 participants, we detected 5000 pages with possible attack vectors in one of Germany’s top 5 online shops. However, their currently used software only showed 20 attack vectors. Of course, this does not necessarily mean that there are actual security vulnerabilities, but it would never be tested if the possible attack vector is not identified.

Setting up a project with the new JavaScript scanner is just as easy as before: Entering the domain is required to start the scan.

And finally, the best part: This superior JavaScript is included in the Advanced package, which starts at € 69 per month – tests your app now.

Get a quick security audit of your website for free now

We are analyzing
Scanning target
Scan status: In progress
Scan target:
Date: 25/05/2023
Crashtest Security Suite will be checking for:
Information disclosure Known vulnerabilities SSL misconfiguration Open ports
Complete your scan request
Please fill in your details receive the
quick security audit by email.
Security specialist is analyzing your scan report.
То verify your identity please provide your phone/mobile:
Thank you.
We have received your request.
As soon as your security audit is ready, we will notify you.