AppSec Observer

Cybersecurity Insights with Contrast CISO David Lindner | 4/19/24

Insight #1 One of the most significant errors an organization can make is assuming they are not a target. This belief..

Cybersecurity Insights with Contrast CISO David Lindner | 4/12/24

Insight #1 I was at the Kernelcon conference last week and heard that Gen AI is going to wreck development because..

Cybersecurity Insights with Contrast CISO David Lindner | 4/5/24

Insight #1 A recent report found that security and privacy concerns are holding back the use of artificial intelligence..

CISA asks software devs to stamp out ‘unforgivable’ SQL injection vulnerabilities

On Wednesday, March 27, CISA and the FBI issued a cry for help: We need to stamp out SQL injection vulnerabilities, and..

Cybersecurity Insights with Contrast CISO David Lindner | 3/29/24

Insight #1 According to Google, zero days being exploited in the wild jumped 50% last year. I just don't understand..

Cybersecurity Insights with Contrast CISO David Lindner | 3/22/24

Insight #1 Things are well and good in the hacker community, as they are now attacking critical water systems. But..

What’s a basketball got to do with Application Security instrumentation?

It's not just any basketball — it’s a sensor-packed basketball.

Cybersecurity Insights with Contrast CISO David Lindner | 3/15/24

Insight #1 If you want insight into how difficult security is, look at the Cybersecurity and Infrastructure Security..

Cybersecurity Insights with Contrast CISO David Lindner | 3/8/24

Insight #1 If you’re not performing routine tabletop exercises to ensure that your organization is protected from..

Cybersecurity Insights with Contrast CISO David Lindner | 3/1/24

Insight #1 As was made clear by the recent blowup over Google’s Gemini image creation tool last week (it generated..

How to use Runtime Security to protect risks to both APIs and legacy COTS

It used to be that the weakest link in the enterprise IT security chain was the user, but times have changed.

Cybersecurity Insights with Contrast CISO David Lindner | 2/23/24

Insight #1 The post quantum encryption era is upon us, and Apple is leading the charge to protect against future..

Elevating Node.js security with the latest v5 Node agent

Node.js is an incredibly popular programming environment, highly regarded for its efficiency and scalability. It powers..

Cybersecurity Insights with Contrast CISO David Lindner | 2/16/24

Insight #1 How are you protecting your web and application programming interface (API) applications from attack? In..

Cybersecurity Insights with Contrast CISO David Lindner | 2/9/24

Insight #1 From toasters to toothbrushes, the Internet of Things (IoT) continues to wreak havoc on the internet. As..

Cybersecurity Insights with Contrast CISO David Lindner | 2/2/24

Insight #1 Ransomware payments dropped to 29% in the last quarter of 2023. Will ransomware be a thing if victims stop..

Critical zero-day Confluence RCE vulnerability blocked by Contrast Runtime Security

If your organization is running an older version of Atlassian Confluence Server that’s affected by CVE-2023-22527 — the..

Cybersecurity Insights with Contrast CISO David Lindner | 1/26/24

Insight #1 Spray and pray: That’s the modus operandi behind the latest successful attack against Microsoft, which..

6 cybersecurity best practices for safeguarding sensitive data

In honor ofData Privacy Week 2024 — the theme of which is “Take Control of Your Data” — here’s a collection of..

Data Privacy Week: Are you ready to become a data privacy snob?

Welcome to Data Privacy Week 2024, brought to us once again courtesy of the National Cybersecurity Alliance (NCA).

Cybersecurity Insights with Contrast CISO David Lindner | 1/19/24

Insight #1 Hackers are not trying to infiltrate your systems 45 billion times per day, regardless of what’s purportedly..

Cybersecurity Insights with Contrast CISO David Lindner | 1/12/24

Insight #1 Have you enabled two-factor (2FA) on your X account? The Securities & Exchange Commission (SEC) hadn't, but..

Cybersecurity Insights with Contrast CISO David Lindner | 1/5/24

Insight #1 In light of 23andMe blaming victims for their data getting breached, I have two things to ask: Users, please..

Cybersecurity Insights with Contrast CISO David Lindner | 12/15/23

Insight #1 2023 saw the "transparency" movement continue for software organizations. In 2024, this will continue, and..

It’s time to replace our broken AppSec tools with something that actually works: Runtime Security

Tell us straight, Santa: Where did these old-school Application Security (AppSec) tools come from? Did you get the..

Cybersecurity Insights with Contrast SVP of Cyber Strategy Tom Kellermann | 12/8

Insight #1 Guard against island hopping. The recent ransomware attack against 60 credit unions was due to the lack of..

Contrast Security recognized in the 2023 Gartner® AppSec Testing Voice of the Customer report

The 2023 Gartner Peer Insights™ “Voice of the Customer”: Application Security Testing report has recognized Contrast..

Contrast discovers MLflow framework zero-day that threatens to poison machine language models

Most Machine Language (ML) tools — including the development frameworks used for managing ML life cycles — are..

Cybersecurity Insights with Contrast SVP of Cyber Strategy Tom Kellermann | 12/1

Insight #1 The upcoming disclosure requirements from the Securities Exchange Commission (SEC) (PDF) are game-changing...

Don’t throw good AppSec money after bad

From the “How does this make sense?” department comes this finding: The more they get breached, the more likely it is..

Cybersecurity Insights with Contrast CISO David Lindner | 11/24

Insight #1 It's the holiday season, and malicious actors are primed to take advantage of all the amazing deals you may..

Let’s talk stats: Why AppSec’s running on broken math

Let’s say your mean time to respond/remediate (MTTR) security issues is 60 days.

Cybersecurity Insights with Contrast CISO David Lindner | 11/17

Insight #1 Organizations are continuing to pay more for top cybersecurity talent, and with the Securities and..

False positives + false negatives = real costs

Alert: Somebody’s running reconnaissance on your network. Alarm: You’ve got a malware infection.

Attack-path mapping your applications

Contrast Security’s 2023Cyber Bank Heists report showed that hackers and cybercrime cartels from Russia, North Korea..

Cybersecurity Insights with Contrast CISO David Lindner | 11/10

Insight #1 The U.S. has launched the Shields Ready campaign: a campaign “about making resilience during incidents a..

Four things CISOs should do NOW to protect from being scapegoated

On Oct. 30, the Securities and Exchange Commission (SEC) charged SolarWinds and its former Chief Information Security..

Contrast expands SAST coverage to 30 new languages

Contrast Security now supports Static Application Security Testing (SAST) coverage for 30 languages and frameworks,..

Cybersecurity Insights with Contrast CISO David Lindner | 11/3

Insight #1 Arecent study has 2/3 of cybersecurity professionals saying they have a shortage of cybersecurity staff. The..

Security Observability: Intelligent security assessment = seeing what others can’t

Just what, exactly, is “security observability?”

Cybersecurity Awareness Month: How Contrast & the threat landscape have evolved

This year marks the 20th year for Cybersecurity Awareness Month (CSAM), and the National Cybersecurity Alliance (NCA)..

Cybersecurity Insights with Contrast CISO David Lindner | 10/27

Insight #1 Virtual CISO (vCISO), CISO on Demand: These services are aka “Please help me short-term with security!” All..

Cybersecurity Insights with Contrast CISO David Lindner | 10/20

Insight #1 It’s time to stop measuring your security organization success by the number of vulnerabilities you find...

The evolution of island hopping

Cyber Bank Heists report sheds light on the evolution of island-hopping cyber threats This year’sCyber Bank Heists..

3 ways Contrast helps to build digital resilience

Cyberattacks, supply-chain issues, flooding, tsunamis, wildfires, equipment failures and even war: The financial sector..

Cybersecurity Insights with Contrast CISO David Lindner | 10/13

Insight #1 Google is now defaulting to the use of passkeys for authentication. This is a huge step in increasing the..

6 of the biggest GitHub application security threats

GitHub is the Megladon of source code hosts, and as such, it sports a gargantuan bulls-eye that flashes neon to hackers..

Cybersecurity Insights with Contrast CISO David Lindner | 10/6

Insight #1 AI voice cloning is a problem: It’s reportedly taken the top spot in scam trends, particularly targeting..

The top 8 AWS root user account best practices

Amazon Web Services (AWS) has revolutionized the way organizations manage their IT infrastructure and applications...

Contrast Security champions Cybersecurity Awareness Month: #SecureOurWorld

Contrast is once again proud to be a Champion for Cybersecurity Awareness Month throughout October, to help in..

Cybersecurity Insights with Contrast CISO David Lindner | 9/29

Insight #1 For years — since 2018 — the National Institute of Standards and Technology (NIST) has said that password..

Learn about the hidden dangers of traditional AppSec tools and why Runtime Security is replacing them: podcast writeup

Are traditional AppSec tools keeping up with advances in software? That was the question The Application Security..

Your WAF doesn't have your back

Why WAFs leave you adrift in the treacherous waters of cybersecurity In the ever-shifting currents of the cybersecurity..

Cybersecurity Insights with Contrast CISO David Lindner | 9/22

Insight #1 There will always be a balance in the psychological acceptability of any security controls put on users...

Contrast Security serves up vulnerability data integrated into AWS Security Hub

In the world of incident response, you need the right information, at the right time, and you need it where you want to..

Cybersecurity Insights with Contrast CISO David Lindner | 9/15

Insight #1 Software Bills of Materials (SBOMs) are nothing more than a data point for determining risk. They shouldn’t..

Why we shouldn't treat the CVSS base score as gospel

On Sept. 6, Cisco issued an urgent fix for an authentication bypass flaw affecting the single sign-on (SSO)..

Cybersecurity Insights with Contrast CISO David Lindner | 9/8

Insight #1 Prompt injection is becoming a serious concern for those using current AI technologies. When using AI, make..

Trust ‘zero trust’ for Application Security

The perimeter cybersecurity model is like the defensive walls that surround ancient cities. For thousands of years,..

3 reasons why upskilling the nation’s cybersec savvy won’t solve the skills gap

The White House recently announced its new National Cyber Workforce and Education Strategy & Implementation (NCWES): a..

Cybersecurity Insights with Contrast CISO David Lindner | 9/1

Insight #1 There will never be an environment that is totally, 100% secure — at least, not one that provides any..

Contrast Assess uncovers Spring-Kafka deserialization zero day

Earlier in August, a Contrast Security customer reported what they initially thought was a false positive: a..

Cybersecurity Insights with Contrast CISO David Lindner | 8/25

Insight #1 When looking at bringing in new security products it’s imperative to clearly outline your goals, which..

Legal liability for insecure software might work, but it's dangerous

Ensuring security in the software market is undeniably crucial, but it is important to strike a balance that avoids..

Cybersecurity Insights with Contrast CISO David Lindner | 8/18

Insight #1 As an industry we need to move away from CVSS base score as the risk measuring stick. It doesn’t work and is..

Cybersecurity Insights with Contrast CISO David Lindner | 8/11

Insight #1 The Biden Administration's requirement for SBOMs has driven more and more organizations (76%) to have SBOM..

Why OWASP’s CycloneDX will make you fall in love with SBOMs

It’s well-established: Triple-DES is a feeble encryption algorithm.

3 crucial steps to inject security into DevOps

According to a new report from Gartner titled3 Essential Steps to Enable Security in DevOps,by 2027, DevSecOps..

The evolution of incident response: A fresh approach to an old problem

In today's world, software is the lifeblood of organizations, powering operations across sectors and industries...

Cybersecurity Insights with Contrast CISO David Lindner | 8/4

Insight #1 While it’s exciting to see the Securities and Exchange Commission (SEC) requiring ( PDF) incident..

Cybersecurity Insights with Contrast CISO David Lindner | 7/28

Insight #1 A recent report by Cohesity sees the top three things being required for cyber insurance coverage as being..

The five dimensions of SBOM quality

In a memo issued on June 9, the Office of Management and Budget clarified details about how agencies will be required..

Financial cybercrime trends: Reverse BEC & ‘shoxing’

Turla — a Russian advanced persistent threat (APT) group closely affiliated with the FSB Russian intelligence agency —..

Cybersecurity Insights with Contrast CISO David Lindner | 7/21

Insight #1 WormGPT is a thing. The tool — being sold on hacker forums and considered “ChatGPT’s evil cousin” — shows..

Treat ALL data — not just PII — as if it’s regulated

Poor, poor Boston Globe.

Why aren’t people patching the MOVEit bug?

Know anything about CL0P, the ransomware gang connected to an attack on the popular MOVEit Transfer file-transfer..

Contrast Assess rescues Snap Finance from drowning in vulnerability flood

It’s enough to make your eyes cross: Floods of vulnerabilities pour in from disparate sources and tools.

Considered harmful: Blindly shifting left

The motivation behind “shift left” security is sound.

Cybersecurity Insights with Contrast CISO David Lindner | 7/14

Insight #1 Big news from Contrast! I’m proud to announce that we’re open sourcing our internal AI policy. By sharing..

Contrast Responsible AI Policy Project: Keeping your business safe in the AI era

Contrast Security is announcing the launch of the Contrast Responsible AI Policy Project, a pioneering initiative in..

Cybersecurity Insights with Contrast SVP of Cyber Strategy Tom Kellermann | 7/7

Insight #1 When responding to a ransomware attack, recognize that most ransomware will deploy a remote-access Trojan..

Cybersecurity Insights with Contrast SVP of Cyber Strategy Tom Kellermann | 6/30

Floor & Decor carpets its security with Contrast

Floor & Decor — the hard-surface flooring retailer based in Smyrna, Georgia that has blossomed to $4.26 billion in..

Cybersecurity Insights with Contrast CISO David Lindner | 6/23

Insight #1 "AI is not going to solve the 20-plus-year-old problem of Application Security, but it will do one of two..

How to avoid DevSecOps indigestion

In a perfect world, DevSecOps spreads security practices onto the software development and delivery processes and gets..

Cybersecurity Insights with Contrast CISO David Lindner | 6/16

Insight #1 " Cyber insurance premiums have skyrocketed (50%) because of ransomware, and there is no end in sight. Not..

A CISO’s response to OWASP’s Top 10 Generative AI vulnerabilities: ‘This will be fun!’

OWASP has spawned a Top Ten list for generative artificial intelligence (AI).

Contrast SCA: Now from repo to runtime

Contrast Security now offers Software Composition Analysis (SCA) both in the code repository as well as in application..

What is CNAPP, and what does it mean to developers?

Thanks to Agile software development, your applications’ attack surface now sprawls across your cloud and your..

Cybersecurity Insights with Contrast CISO David Lindner | 6/9

Insight #1 " Treat AI-generated code as inaccurate and insecure from the start and make sure it goes through all the..

If you’re seeing zero API attacks, you’re probably not detecting them

Last month, an ESG/Data Theorem survey about cloud-native applications and application programming interface (API)..

Get to know our CISO: The fearless, fishy, phish-fighting David Lindner

There are multiple ways to cheat at ice fishing, Contrast Security CISO David Lindner assures me, because he is the..

Cybersecurity Insights with Contrast CISO David Lindner | 6/2

Insight #1 "AI scams are on the rise. It’s time for extra diligence when interacting with anything claiming to be AI."..

NTT DATA uses Contrast to visualize each project's detected vulnerabilities

Contrast Security, the code security platform built for developers and trusted by security, has successfully..

Cybersecurity Insights with Contrast CISO David Lindner | 5/26

Insight #1 "An OWASP Top Ten for Generative AI has spawned. This will be fun to follow!" Insight #2 "It costs more to..

Shift smart instead of following shift-left fairy tales

There’s nothing quite like pushing security testing left — as in, blindly shifting the burden onto the laps of..

On-call support sucks; here’s how to make it suck less

It was the week after Thanksgiving, around 1 a.m., and the company was suffering the equivalent of a heart attack in..

Cybersecurity Insights with Contrast CISO David Lindner | 5/19

Insight #1 " Be extremely careful of ChatGPT lookalikes and fakes as scammers are taking advantage of the buzz and..

Cybersecurity Insights with Contrast CISO David Lindner | 5/12

Insight #1 "Privacy is becoming a problem for many organizations. In a 2023 report by IAPP, 80% of consumers sometimes..

Contrast customer Derek Fisher on how to empower dev & security teams

Derek Fisher — author of the newly published, acclaimed Application Security Program Handbook: A guide for software..

Cybersecurity Insights with Contrast CISO David Lindner | 5/5

Insight #1 " An HBR article was written about boards and cyber security of which I agree. Cyber security is a hot topic..

Who’s your fed buddy?

SAN FRANCISCO — Let’s pretend it’s 1 a.m., Saturday, on a holiday weekend: That bleary-eyed time during which cyber..

Cybersecurity Insights with Contrast CISO David Lindner | 4/28

Insight #1 "If we learned anything from RSA, AI is the new buzzword like “Big Data” or “Zero Trust.” One thing that is..

How to stop users from shooting themselves in the foot

Earlier this month, Germany and South Korea issued a joint cybersecurity advisory warning about an advanced persistent..

Get to know Contrast MSSP program mastermind Ben Goodman

What’s that you say? Log4j is pronounced “Log Forge?!?!” We’ve been pronouncing it wrong since we all started mumbling..

Cybersecurity Insights with Contrast CISO David Lindner | 4/21

Insight #1 "Recent research shows that code written with AI assistance is more insecure. It’s time we get in front of..

An open letter to our customers and partners

Helping software-driven companies take full advantage of the application economy by getting secure code swiftly flowing..

Cybersecurity Insights with Contrast CISO David Lindner | 4/14

Insight #1 " AI, AI, AI, it’s going to help everyone including malicious actors. We will see an AI-based attack in..

Generative AI: Less alert fatigue, more code sloppiness

Contrast CISO David Lindner: Generative AI could revolutionize application development. But before you get all..

What’s great about Kotlin, aka ‘Java without the warts’

Ever wonder why the financial industry is so hopped up on Kotlin?

Securing Kafka in modern application environments: A crucial step for today's businesses

Apache Kafka is one of the most popular platforms for real-time data processing and efficient communication between..

Get ready to fill the CISO-sized hole in your boardroom

Question: Why’s there an empty seat at the boardroom table?

Cybersecurity Insights with Contrast CISO David Lindner | 4/7

Insight #1 " A malicious browser extension, AF, was detected this past week. AF steals your Gmail contents from an..

ChatGPT suggests how RASP can help defend you against ChatGPT

Human mode engaged Readers, real, live, non-AI human Lisa Vaas here to tell you that we’re as fascinated and intrigued..

Cybersecurity Insights with Contrast CISO David Lindner | 3/31

Insight #1 " Microsoft Security Copilot, a generative AI approach to helping secure your systems was announced this..

How IAST helps observability of multiplying, complex apps

Observability has become crucial in software engineering as modern applications grow more complex and distributed. The..

Kudos to GitHub for (gradually) chucking optional MFA out the window

Last year, on May 4, 2022, GitHub laid down the authentication law: GitHub Chief Security Officer and SVP of..

Cybersecurity Insights with Contrast CISO David Lindner | 3/24

Insight #1 " Cybersecurity is no longer just a CISO or CIO problem, it’s a business problem. It’s time for..

Contrast CMO Tara Ryan: From Fresno farmgirl to cybersec doyenne

In honor of Women’s History Month, we ask you to transcend species in order to consider the almond.

Cybersecurity Insights with Contrast CISO David Lindner | 3/17

Insight #1 "Malicious actors are always looking to take advantage of any opportunity. The recent bank runs and closures..

Cybersecurity Insights with Contrast CISO David Lindner | 3/10

Insight #1 " SBOMs provide basic visibility and transparency into your application’s stack. Providing SBOMs should be..

Happy Women’s Day from your cybersecurity sisters

Happy International Women’s Day, happy Women’s History Month!

Biden’s new cybersecurity strategy: The buck must stop with tech firms

Time for the gloves to come off, the U.S. government said on Thursday in a newly aggressive policy on cybersecurity..

Cybersecurity Insights with Contrast CISO David Lindner | 3/3

Insight #1 " June 11th, 2023 is getting closer. Have you started pulling together information for the government’s..

‘Assurance’ isn’t clearing the murky waters of software transparency

Just what, exactly, is “assurance?”

Cybersecurity Insights with Contrast CISO David Lindner | 2/24

Insight #1 " A new report says 98% of organizations partner with breached third parties. It’s inevitable that at some..

Cybersecurity Insights with Contrast CISO David Lindner | 2/17

Insight #1 " It’s a great time to go through a tabletop exercise to make sure all your incident response, disaster..

Even the Secret Service is blown away by cyberattacks on banks

Twenty-four years ago, the World Bank was connecting all the central banks of the world to the internet, so as to..

Cybersecurity Insights with Contrast CISO David Lindner | 2/9

Insight #1 " The recent State of the Union address by President Joe Biden was very light on anything cyber security..

Report: How financial firms are fending off ransomware

Banks, you’ve obviously been taking self-defense lessons, and it shows: The rate of financial institutions (FIs)..

Report: Cybercrooks are after financial insider info

Why are cybercrime cartels ransacking financial institutions (FIs)?

Report: Cyberattacks against financial sector surge 64%

What ever happened to stealth?

JSON-based SQL attacks bypassed WAFs, but not Contrast Protect

Recently, Contrast’s Labs research team came across an article discussing a Web Application Firewall (WAF) bypass.

Cybersecurity Insights with Contrast CISO David Lindner | 2/3

Insight #1 " CISA is establishing a supply chain security risk management office. I love it, it fits, and I hope we see..

Partners, prepare for synergy & lots of lightbulb moments

He’s calling it “revolutionary.”

Connecting the dots: How ecosystem integration influences customer success

Application Security (AppSec) testing is crucial to the Software Development Life Cycle (SDLC) in today's digital age...

Partner or die: Expanding your SaaS footprint in down markets

It is predicted that 2023 will be a challenging year for almost every market, especially the high-tech sector. An..

Cybersecurity Insights with Contrast CISO David Lindner | 1/27

Insight #1 " It really is time for LastPass users to stop using it. They have had many breaches over the past few..

Stop risking cloud security with over-permissive Cloud Custodian roles

Configuring permissions for Cloud Custodian functions can be tricky.

Devs, are you ready to put privacy nutrition labels on your code?

Happy new year to all of us whose eyes have crossed trying to read our cumulative (and ever-growing) ~1 million-word..

Cybersecurity Insights with Contrast CISO David Lindner | 1/20

Insight #1 " Being a great security leader takes empathy and an ability to make hard decisions. It is not someone who..

Cybersecurity Insights with Contrast CISO David Lindner | 1/13

Insight #1 " SBOMS are coming to fruition. Two major components to work through are the creation of an SBOM by..

Sussing out rusty security links in your software supply chain

Let’s talk about rusty supply chains. But first, let’s talk about chocolate.

Cybersecurity Insights with Contrast CISO David Lindner | 1/6

Insight #1 " If your source code is leaked, the first thing you need to do is make sure the malicious actors are not..

Ditch your setlist: Zero-day partiers are already rocking your system

Zero-day exploits are on the rise, and the way you’re trying to handle them isn’t working.

Cybersecurity Insights with Contrast CISO David Lindner | 12/30

Insight #1 " My first cyber security prediction for 2023 is that we will see a major breach due to log4j. With 50% of..

Cybersecurity Insights with Contrast CISO David Lindner | 12/23

Insight #1 " Good deed 1 for this holiday. Help a friend or family member enable MFA on their banking accounts."..

Hardening Log4j defenses with new Contrast Protect JNDI Injection rule

It’s been a year since many Application Security (AppSec), IT and development teams around the globe were sent..

Secure your code amid layoffs

Thus far during November 2022, many tech companies have put in place hiring freezes or conducted layoffs. For example,..

Cybersecurity Insights with Contrast CISO David Lindner | 12/16

Insight #1 " Lobbying from ITIC has pushed back on the recent OMB 22-18 directive to require self-attestations and..

Contrast Security expands its developer experience with a new Learning Hub and Community Platform

The 2022 Forrester Research survey, “Breaches By The Numbers: Adapting To Regional Challenges Is Imperative,” found..

Cybersecurity Insights with Contrast CISO David Lindner | 12/9

Insight #1 " It’s holiday time, and that means phishing attempts will go up. Those 'sales' and 'prize' emails will..

One year after Log4Shell, firms still struggle to hunt down Log4j

It’s been one year since a CVE identifier was made available for the infamous Log4j flaw — CVE-2021-44228, commonly..

Cybersecurity priorities for federal government CTOs

Hey, all you federal CTOs, we see you.

The Top 10 app-attack trends in the financial sector

As the financial sector digitally transforms, it is under siege, as data from Contrast’s platform and other reports..

How Contrast is giving developers control over security

Security affects every digital company, from small startups to global enterprises. Security issues can range from minor..

Cybersecurity Insights with Contrast CISO David Lindner | 12/2

Insight #1 "The fact that log4j is used in ~64% of Java applications and only 50% of those have updated to a fully..

Contrast Scan expands support to TypeScript & Vue.js

JavaScript continues to hold the title as the most utilized programming language by development teams, with a 65% score..

7 AppSec predictions for 2023

Cybersecurity mayhem is looming in the new year: Contrast Security’s SVP of Cyber Strategy Tom Kellermann is predicting..

2023 will bring island hopping & attacks launched from Twitter

This is what Contrast Security experts see when they gaze into the cybersecurity crystal ball: Crooks will exploit the..

Contrast discovers zero-day flaw in popular Quarkus Java framework

While preparing a talk for the recent DeepSec Conference about attacking the developer environment through drive-by..

Cybersecurity Insights with Contrast CISO David Lindner | 11/25

Insight #1 " The recent FTX and Twitter debacles should really have people thinking about the security and privacy of..

Fall lawn cleanup – AppSec style

Every year toward the end of September, I get anxious about the falling leaves. This year, I applied my Application..

Cybersecurity Insights with Contrast Co-founder and CTO Jeff Williams | 11/18

Insight #1 " Feds continue to push aggressive timelines for requiring app/API security “attestations” from software..

Your cybersecurity mission: To defend from within

Traditional network security and endpoint security have failed.

Why API security testing is crucial

Application programming interfaces (APIs) allow businesses to package their internal resources and make them accessible..

Cybersecurity Insights with Contrast SVP of Cyber Strategy Tom Kellermann | 11/11

Insight #1 " DeimosC2 will replace Cobalt Strike as the dominant C2 framework. Find it before it finds you." Insight #2..

How to configure a Ruby agent with Contrast in 5 minutes

An agent is a Contrast tool for application monitoring. Agents monitor, recording security data and the status of the..

Brand protection in an era of island hopping

How many vulnerabilities are lurking, ready to boobytrap your apps and lay your brand open to exploitation by hackers?..

What are message queues?

Many significant concerns arise while developing modern-day applications in the cloud, including uptime, geographic..

Cybersecurity Insights with Contrast SVP of Cyber Strategy Tom Kellermann | 11/4

Insight #1 " The game has changed, today's cybercrime cartels want to hijack your digital transformation and use it to..

How to protect against CVE-2022-42889

A new Common Vulnerability and Exposure (CVE) — CVE-2022-42889, aka Text4Shell — was recently released, adding to the..

OMB M-22-18: Get ready for grilling

Do you swear to tell the truth about your secure software development, the whole truth and nothing but the truth?

Code Patrol: And now our watch begins!

Welcome to Code Patrol: a new podcast from Contrast Security that scrutinizes the tech scene with what I like to call..

Cybersecurity Insights with Contrast CISO David Lindner | 10/28

Insight #1 " CVSS score does not directly relate to the risk to your organization. Please for everyone’s sake,..

Cybersecurity Insights with Contrast CISO David Lindner | 10/21

Insight #1 "Contrast Labs has been monitoring the new CVE, Apache Commons Text interpolation CVE-2022-42889. While..

AppSec and the ‘Ugly-Baby' syndrome

As a developer, have you ever been told your baby is ugly?

It’s SBOM time!

A new memo (PDF) from the Office of Management and Budget (OMB) — M-22-18, published last month — is clear in setting..

Does Cybersecurity Awareness Month matter?

This year, as Contrast Security Chief Information Security Officer David Lindner announced last week, Contrast was once..

CVE-2022-42889: Don’t panic, do patch

There’s a new Common Vulnerability and Exposure (CVE) getting some buzz: Apache Commons Text, which is exploitable via..

Contrast's MTTR is 37x faster than the competition

Security debt — the backlog of known and unresolved vulnerabilities in an organization’s applications — is a drag,..

Cybersecurity Insights with Contrast CISO David Lindner | 10/14

Insight #1 " The White House says “Energy Star” security labels for Internet of Things (IoT) devices are coming! This..

Contrast Security expands its GitHub security coverage with new SCA GitHub Action scan

There are more than 73 million developers currently utilizing GitHub, and rightfully so, since GitHub has become a..

Cybersecurity Insights with Contrast CISO David Lindner | 10/7

Insight #1 " Detecting and reporting phishing is very important for any organization. The easiest way for users to..

Scaling security with the speed of modern software development

What if you could instantly prevent 95%* of the vulnerabilities in your running applications from being exploited? With..

Find JavaScript security vulnerabilities for free with CodeSec vulnerability scanner

According to a 2022 Stack Overflow survey of more than 50K professional developers, JavaScript is the top programming..

Drupal security issues and vulnerabilities faced by developers

Drupal is a PHP-based, fully accessible web content management system (CMS) offered under the terms of the General..

Contrast Scan adds vulnerability testing support for client-side JavaScript including Angular, React, & jQuery

Contrast has expanded its Static Analysis Security Testing (SAST) language coverage to support client-side JavaScript,..

Contrast adds SAST support for client-side JavaScript

Contrast has expanded its Static Analysis Security Testing (SAST) language coverage to support client-side JavaScript,..

RedMonk: Democratizing AppSec with Contrast Security

In this session of RedMonk conversations. Senior analyst Rachel Stephens is joined by Contrast Security co-founder and..

Contrast Security champions Cybersecurity Awareness Month

Another year has passed, and once again Contrast is proud to be a Champion for Cybersecurity Awareness Month throughout..

Defend from within

The enemy is at the gates. The enemy is inside our computer networks. The enemy is within our very code, training its..

Cybersecurity Insights with Contrast CISO David Lindner | 9/30

Insight #1 "Cybersecurity Awareness month starts on October 1, 2022. One of the themes is enabling MFA. If you haven’t..

How to create SBOMs for free with CodeSec by Contrast

A recent Executive Order from the Biden Whitehouse instructs various government agencies to take action to improve our..

Contrast Security Protect shields applications from zero-day attacks

Contrast Security’s Protect solution helps midsize and growth companies defend against emerging zero-day..

Cybersecurity Insights with Contrast CISO David Lindner | 9/23

Insight #1 " Are you scanning your code repositories for secrets? What about your open file or network shares? Breaches..

Cybersecurity Insights with Contrast CISO David Lindner | 9/16

Insight #1 " Removing the entire security team as a cost savings measure will not end up saving you money in the short..

Configure a Python agent with Contrast in five minutes

These days, it’s not enough to scan your code for vulnerabilities before deploying it. You also must implement runtime..

Cybersecurity Insights with Contrast CISO David Lindner | 9/9

Insight #1 " What is holding you back from evaluating a better way to do application security at your organization? I..

Open source brings security risk, but SCA & RASP can help

For a deep dive on the security risks of OSS, listen to Contract CPO Steve Wilson’s conversation with Secure Talk. How..