How to configure advanced authentication flows such as HTTP Basic Authentication, Login Forms, OAuth2, or SAML for your application
How to setup the Crashtest Security Suite to pentest Application Programming Interfaces (APIs).
How to use webhooks to script the Crashtest Security Suite functionalities. Allows integration in your continuous integration / continuous deployment (CI/CD) pipeline to pentest every release.
Setup and usage of the public API to automate creating projects and scans.
This article shows all current vulnerability scanners of the Crashtest Security Suite.
To collaborate on security, you can create teams, invite your colleagues, and set permissions who can create and edit your projects.
The TLS session resumption functionality is misconfigured. This opens attackers the possibility to steal existing TLS sessions from other users.
The webserver is badly configured regarding revoked certificates. Certificate Revocation Lists (CRLs) and the Online Certificate Status Protocol (OCSP) make sure, that users can verify the integrity of a server certificate.
The X.509 certificate issued for this domain cannot be trusted. Clients such as browsers will show warnings or not be able to connect if they cannot trust the certificate. Read here, how you can configure trusted certificates.
The webserver does not offer HTTP Strict Transport Security (HSTS). HSTS enforces HTTPS connections. This prevents downgrade attacks to an insecure HTTP connection.