Automated penetration testing
The Crashtest Security Suite fits the needs of agile development teams programming web applications and APIs. With the black-box approach it checks for common web app vulnerabilities, e.g. the OWASP Top 10. Through automated testing we enable companies to ensure a consistent level of security for the time between the yearly manual penetration tests.
Integration into DevSecOps
Our software integrates smoothly into your development processs. Security scans can be triggered automatically via webhook within your CI/CD pipeline, sheduled or started manually. You can integrate it into common build servers (Jenkins, TeamCity, GitLabs,...) or your own build pipeline. Once integrated, the tests will run continuously in the background allowing for an efficient development process.
How does it work
Add the domain and verify the ownership of the web application. Our scanner then crawls the domain for attacks vectors, testing each of them for the respective vulnerabilities. After the test the detected vulnerabilities can be viewed in the dashboard, PDF report or exported to 3rd party tools. Testing non-publically accessible development systems can be realised via IP-address whitelisting or on-premise installations.
As security company, our highest priority is the protection of your data. It is hosted exclusively in German datacenters, stored in individually encrypted databases and fully compliant with GDPR regulation. For more information about what data we save, what security measures we have in place,git and GDPR questions feel free to reach out to us.