Security Penetration Testing Blog

How You Can Generate a Positive ROI through Web Application Security
Feb 27, 2019 / Felix Brombacher

Cyber Crime is a serious threat and is becoming more and more costly and dangerous for companies is widely known by now. Most companies know that cybersecurity is an issue; however, cybercrime’s annual revenue still exceeds the investments in cybersecurity.

Lambda@Edge to configure HTTP Security Headers for CloudFront
/ Felix Brombacher

During the deployment of our frontend to CloudFront we encountered the problem of not being able to configure the HTTP Security Headers, which is an essential configuration for reducing the attack surface of web applications. We resolved this issue using Amazon’s new Lambda@Edge functions to attach the headers before the response is sent to the clients.

Domain Providers and CAA
/ Felix Brombacher

To increase SSL/TLS encryption security on the internet, website administrators can set Certificate Authority Authorization (CAA) records. These DNS records determine which certificate authority (CA) is allowed to issue certificates for this domain. Since September 8th, it is mandatory for CAs to check the existence of an ACC record and comply with its content.

Digitalisation in Germany — Is there still hope?
Feb 21, 2019 / Felix Brombacher

Digitalisation in Germany has become a trend. The coalition contract of the newly formed German government has a whole chapter on the topic, and digitalisation was mentioned in every speaker headline at “Digitaler Staat 2018”. A two-day conference, which some call the public sector’s CeBIT, I attended earlier this month. Now that everyone is talking about the topic let’s do a quick reality check of what has happened in Germany.

How To Choose And Implement A Great Vulnerability Assessment Tool
Feb 20, 2019 / Felix Brombacher

The sheer range of solutions for web application security can be intimidating for CISOs, Development Managers or basically anyone dealing with vulnerable web applications

The 5 Data Breach Stages
Feb 15, 2019 / Felix Brombacher

According to the 2018 Global Risk Report, the World Economic Forum released this year, and Cyberattacks are amongst the Top 5 Risks for Global Stability in terms of Likelihood and Impact. A data breach caused by a cyberattack can indeed have an incredible impact on any country, corporation or a business owner.

How All Organisations Can Learn From The Hacking Attacks On Politicians & Public Figures
Feb 13, 2019 / Felix Brombacher

Politicians seem to enjoy the new ways of communication they can have through the internet. Communication is no longer a one way street from politicians to the public but more of a town hall meeting where everyone is invited to share their opinion. Of course, this is mostly good, but this virtual proximity doesn’t come without downside risk.

Resolve a Terraform Data Source Issue
Nov 29, 2018 / Felix Brombacher

At Crashtest Security, we provision our infrastructure using Terraform. Therefore we can recreate whole Kubernetes clusters within minutes. We use our Terraform setup also to integrate some external tools such as Vault within our cluster.

The 6 Most Important Web Vulnerabilities That Managers Need To Take Care Of
Feb 28, 0201 / Felix Brombacher

The world of IT security can confuse all the different vulnerabilities, exploits and newly emerging trends. In this article, we summarise and shortly explain the top 6 most important web vulnerabilities that managers need to be aware of and tackle constantly.