Security Penetration Testing Blog

OWASP Top 10
Apr 03, 2021 / Borislav Kiprin

OWASP Top 10 is established by the Open Web Application Security Project (OWASP) – a non-profit organization producing freely available articles and other information on web application security.

Advanced Project Settings
/ Borislav Kiprin

This article explains the advanced project settings and functionalities of the Crashtest Security Suite – and how to earn the sweet fruits of automated pentesting in agile development processes.

Advanced Authentication Flows
/ Borislav Kiprin

How to configure advanced authentication flows such as HTTP Basic Authentication, Login Forms, OAuth2, or SAML for your application

How to scan an API
/ Borislav Kiprin

How to setup the Crashtest Security Suite to pentest Application Programming Interfaces (APIs).

Using Webhooks – Start DevSecOps
/ Borislav Kiprin

How to use webhooks to script the Crashtest Security Suite functionalities. Allows integration in your continuous integration / continuous deployment (CI/CD) pipeline to pentest every release.

How to use the Crashtest Security API
/ Borislav Kiprin

Setup and usage of the public API to automate creating projects and scans.

Current Scanner Overview
/ Borislav Kiprin

This article shows all current vulnerability scanners of the Crashtest Security Suite.

Team and Permission Management
/ Borislav Kiprin

To collaborate on security, you can create teams, invite your colleagues, and set permissions who can create and edit your projects.

Harden TLS Session Resumption
/ Borislav Kiprin

The TLS session resumption functionality is misconfigured. This opens attackers the possibility to steal existing TLS sessions from other users.

Certificate Revocation
/ Borislav Kiprin

The webserver is badly configured regarding revoked certificates. Certificate Revocation Lists (CRLs) and the Online Certificate Status Protocol (OCSP) make sure, that users can verify the integrity of a server certificate.