3 short steps to get started with automated penetration testing: Login, Project Setup, Scan Start
This guide explains how to set up the Crashtest Security Suite to get you started with automated penetration tests. Our sign-up process is designed for a fast setup and you should be able to run your first scan within 2 minutes. Let us guide you through the process:
Step 1: Login
To use the Crashtest Security Suite, log in with your user credentials on: https://www.crashtest.cloud. You will see your empty dashboard. Click the Plus Button to create your first project.
Step 2: Create a project
Next, you need to define some general project parameters.
Define the project type
First, you can define the type of project that shall be scanned. You can choose between:
- Multi Page Application
A traditional application written with a server-side programming language. We will cover a multi page application project in this quick setup.
- Application Programming Interface (API)
A REST API. For this type of project, you need a Swagger 2.0 file which describes the API for proper scanning. Please go to this link for more information on API scanning.
If the application you would like to scan is a Single Page Application, please choose API as project type and directly scan the API. If you need any help with the setup, you can always contact our support for specific guidance on your situation.
Define the project details
Second, you define the basic information of your project:
The name of the project which is shown in the dashboard and PDF report
Optional text to better identify your project
The protocol which will be used to scan your project (i.e. "http" / "https")
The domain name or IP address of the project. The security scanners will run all tests on this URL.
Define Project Scope
Third, you define the scope for the scan you want to run.
- "Quick Scan"
This setting ensures that only non-invasive scanners will be executed.
- "Full Scan"
This choice executes all security scanners and should only be performed on easily reproducible staging-systems with no live customer data.
Our scanners may damage the tested system. These damages might include, but are not limited to the following list:
- Sending arbitrary form requests that may pollute databases with random data
- Creating workload spikes that might impact the user experience of other users when performing multiple requests at the same time (adjustable via "throttle"-setting)
- Publishing production data (which might contain privacy-sensitive customer data) through altering SQL database requests
For a complete list of all security scanners and an overview under which setting they are used, please refer to our complete list of scanners.
Step 3: Starting the Scan
...And you are almost done! After creating the project, it will appear in the project list on your dashboard.
Now you are ready to start you first scan. Simply press the"Start" button.
Alternatively, you can open the project page by clicking on the project name and clicking on "Start Scan".
If you have feedback of any sort, positive or negative, please write us.
Happy automated Pentesting!
We hope you found this user guide useful. The next step in your journey to continuous security is to interpret your scan results.