Crashtest Security is an innovative startup from Munich. It redefines web application vulnerability scans by developing automated vulnerability assessment solutions for agile developers or DevSecOps. Their mission is to protect companies from cyberattacks, and their vision is to be a synonym for automated penetration tests.
What problem are you trying to solve?
Since this topic has been discussed for some time now, many companies are becoming more digital. This results in higher use of web applications and APIs, which unfortunately leads to a vast attack surface for cybercriminals. That’s the reason why it’s vital for companies to take appropriate measures that protect sensitive data.
How are you solving that problem?
Crashtest Security has an easy-to-use solution: An Automated Vulnerability Scanner to secure the personal and company data stored in these applications. Other than our competitors, we offer an automated solution included in the CI/CD pipeline. This means that potential security vulnerabilities are discovered during the development process and not afterward, saving developers time.
How has the pandemic impacted your company?
The pandemic has had a significant impact on our business and how we work, such as working remotely. In addition, the pandemic has led to an increase in digitalization.
People are making more applications available to the public, which provides a larger attack surface for hackers. This also includes enabling employees to access company data from the home/remote office as well. For us, this means a growing market with increasing demand.
Where do you see your company going in 5 years?
Our vision is that security testing will become as established in the agile development cycle as writing functional or unit tests. This is the reason why we’re working on our Vulnerability Scanner every day.
We want to create a straightforward product for developers to use and integrate because security should not be a blocker in the development process. Instead, it should enable developers to create end-to-end secure applications.
What is the next big challenge in information security?
The goal is always to come as close to human security testing as possible. While we cover the OWASP Top 10 and several other attack vectors, we strive to make web app scanning to the next level. That means looking at what manual pentesters are doing and trying to automate those attacks as much and as well as possible.
One of the main pain points for software developers is to test the roles and access management with every release. Hence we developed a privilege escalation scanner that does precisely this. Currently, our focus is on vertical privilege escalation, while in the future, we also plan on integrating the horizontal privilege escalation.
Next up is mimicking human behavior on the website to exploit vulnerabilities in the application’s business logic. This is a typical task that is currently only reserved for manual pentesters. The automation of these tasks will be an absolute key challenge.
How do people get involved/buy into your vision?
Nowadays, IT Security is a buzzword jungle with many acronyms and very diverse topics, so it is hard to find the right solutions. Moreover, security testing for modern applications, in particular, is still quite young; hence we have to convince our customers with superior quality, which we are pursuing – among other things – by a security product “made in Germany.” Our goal is to get people involved by testing the product for free and converting them into security specialists at their company. We can accomplish this goal through a very easy-to-use and integrated security scanning tool.