Learn what you need to do to set up the Crashtest Security Suite to pentest Application Programming Interfaces (APIs) and remediate vulnerabilities.
How to use webhooks to script the Crashtest Security Suite functionalities. Allows integration in your continuous integration / continuous deployment (CI/CD) pipeline to pentest every release.
Setup and usage of the public API to automate creating projects and scans.
This article presents an overview of all Crashtest Security Suite current vulnerability scanners. You may test using Quick Scan or Full Scan options.
To collaborate on security, you can create teams, invite your colleagues, and set permissions who can create and edit your projects.
The TLS session resumption functionality is misconfigured. This opens attackers the possibility to steal existing TLS sessions from other users.
The webserver is badly configured regarding revoked certificates. Certificate Revocation Lists (CRLs) and the Online Certificate Status Protocol (OCSP) make sure, that users can verify the integrity of a server certificate.
The X.509 certificate issued for this domain cannot be trusted. Clients such as browsers will show warnings or not be able to connect if they cannot trust the certificate. Read here, how you can configure trusted certificates.
The webserver does not offer HTTP Strict Transport Security (HSTS). HSTS enforces HTTPS connections. This prevents downgrade attacks to an insecure HTTP connection.
The domains DNS zone does not specify any Certification Authority Authorization (CAA) record. This means that all certificate authorities (CAs) are allowed to issue certificates for this domain.
Copyright © Crashtest Security GmbH 2021. All rights reserved.