OWASP Top 10 is established by the Open Web Application Security Project (OWASP) – a non-profit organization producing freely available articles and other information on web application security.
This article explains the advanced project settings and functionalities of the Crashtest Security Suite – and how to earn the sweet fruits of automated pentesting in agile development processes.
How to configure advanced authentication flows such as HTTP Basic Authentication, Login Forms, OAuth2, or SAML for your application
How to setup the Crashtest Security Suite to pentest Application Programming Interfaces (APIs).
How to use webhooks to script the Crashtest Security Suite functionalities. Allows integration in your continuous integration / continuous deployment (CI/CD) pipeline to pentest every release.
Setup and usage of the public API to automate creating projects and scans.
This article shows all current vulnerability scanners of the Crashtest Security Suite.
To collaborate on security, you can create teams, invite your colleagues, and set permissions who can create and edit your projects.
The TLS session resumption functionality is misconfigured. This opens attackers the possibility to steal existing TLS sessions from other users.
The webserver is badly configured regarding revoked certificates. Certificate Revocation Lists (CRLs) and the Online Certificate Status Protocol (OCSP) make sure, that users can verify the integrity of a server certificate.