Security Penetration Testing Blog

A Comprehensive Guide to SSL and TLS Security Misconfiguration and How to Avoid Them
Jul 20, 2021 / Borislav Kiprin

Cryptographic protocols are crucial elements of communication networks since they enable machines to communicate privately by establishing secure connections. Secure Sockets Layer (SSL) and Transport Layer Security (TLS)protocols are used to encrypt network connections today, enabling data privacy and integrity by ensuring data in transit is difficult to read. However, just like any form of technology, these protocols have their flaws and vulnerabilities.

Performing A Vulnerability Assessment – The Ultimate Approach
Jul 13, 2021 / Borislav Kiprin

In the current technology landscape, as hackers devise increasingly sophisticated methods to target potential flaws of a system, organizations are always at risk of cyberattacks. To mitigate such risks, organizations use vulnerability assessment (VA) as the process of reviewing security threats and the risks such threats pose to the environment. 

Interpreting Scan Status
Jul 08, 2021 / Borislav Kiprin

This article shows you how to interpret the Scan Status in the details page and what the different errors mean.

Scan Errors Troubleshooting
/ Borislav Kiprin

The following article explains the scan errors you might encounter while using Crashtest Security Suite, what they mean and how you can troubleshoot them.

The Ultimate Guide to Privilege Escalation and Prevention in 2021
Jul 05, 2021 / Borislav Kiprin

Technology acts as an essential enabler to organizational growth by bringing a plethora of benefits and challenges, such as privilege escalation. However, while the right tech stack enables enhanced efficiency, a poorly configured one might more often turn out to be a disaster. Among all them, security remains one of the most common challenges that organizations deal with. With the growth in technology adoption among legacy business models, there is an increasing pattern of sophisticated hacking attacks that target vulnerable points to bring down systems almost entirely.

Manual Scan Target Verification
Jun 04, 2021 / Borislav Kiprin

Sometimes, users can not use file upload and API Endpoints as verification methods — this is why we also offer manual scan target verification on some occasions.

Advanced Scan Configuration
Apr 19, 2021 / Borislav Kiprin

This article shows Crashtest Security Suite’s Advanced Scan Configuration. Crashtest Security Suite’s crawlers have various intelligent algorithms that aim to reduce the number of pages crawled automatically. These algorithms are necessary and beneficial because, in web applications, there are often views on data for which scanning one example representative view covers the other views.

Insecure Network Services (Open Port Scanner)
Apr 08, 2021 / Borislav Kiprin

Insecure network services can be exposed if ports are open on a webserver which is not absolutely necessary. Find out, how you can fix the problem.

User Guides Crashtest Security Suite
Apr 05, 2021 / Borislav Kiprin

Read these user guides on how to get the most out of the Crashtest Security Suite and get the most out of the vulnerability scanner.

General Security-Related Questions
/ Borislav Kiprin

The Basic Security-Related Questions article helps you find the answers to the technical terminology behind Crashtest Security Suite.