Skip to content

Contrast Incident
Response Hub

The latest news, solutions and best practices for vulnerability management and incident response.

Leverage modern-day solutions to defend against modern-day attacks and deliver cyber-resilient applications across your business. 

blog-icon-01

our blog

lab-icon-01

contrast labs

podcast-icon-01

inside appsec podcast

ciso-icon-01

Weekly CISO Update

Incident Response

spring

Spring4Shell
Zero-Day Vulnerability

On March 29, 2022, a Chinese cybersecurity research firm leaked an attack that could impact most enterprise Java applications, globally.

Ukraine

Heightened
Cyber Risk

Contrast Security Works with Global Businesses to Strengthen Security Controls and Increase Transparency Amidst Heightened Cyber Risk ...

critical-infra-act-

Cyber Incident Reporting For Critical Infrastructure Act of 2022

Share on Email Cyber Incident Reporting For Critical Infrastructure Act of 2022On March 15, 2022...

Apache_Log4j_Logo

Log4J Vulnerability
Resource Center

Log4j is a programming library (ie. pre-written code) that appears in millions of computer applications globally. It is free, open-source, and has been widely-used since 2001.

dhs-logo

DHS Warning - Imminent National Cyberthreats

Due to the ongoing degradation in Ukrainian and Russian relations, today, intelligence agencies from major NATO member nations have issued a warning against imminent...

2021 AppSec Observability Report

A "Can't Miss" report based on real-world data from thousands of applications that highlights vulnerability and attack trends, security debt, benchmarks on the vulnerability escape rate, and much more.

Get Report
Screen Shot 2022-02-15 at 12-59-26 PM

Contrast Labs

Contrast Labs provides analysis of real-world application security data. This section highlights the reports interpreted from various months of researching application vulnerability and attack trends. Every Application Security Intelligence Report highlights investigations on these two datasets to compile the Contrast RiskScore for each vulnerability type.

Screen Shot 2022-02-15 at 1.04.39 PM

March - April 2021: Contrast Labs' Application Security Intelligence Report

This report is based on aggregate vulnerability and attack telemetry for custom code from customers whose applications are covered by Contrast Assess and Contrast Protect

Labs_Aug 2020_Reband-1

July - August 2020: Contrast Labs' Application Security Intelligence Report

This report analyzes composite data from Contrast Labs to update readers on vulnerability and attack trends as observed with applications covered by Contrast Assess and Contrast Protect.

Screen Shot 2022-02-15 at 1.05.29 PM

May - June 2020: Contrast Labs' Application Security Intelligence Report

This report leverages aggregate data from Contrast Security customers to provide insights about the vulnerabilities in software that we protect—and attacks on those applications.

Screen Shot 2022-02-15 at 1.06.24 PM

March - April 2020: Contrast Labs' Application Security Intelligence Report

This report leverages aggregate data collected by Contrast Assess and Contrast Protect for insights around both application vulnerabilities and targeted attacks.

Screen Shot 2022-02-15 at 1.03.10 PM

January - February 2020: Contrast Labs' Application Security Intelligence Report

This report analyzes composite data from Contrast Labs to update readers on vulnerability and attack trends as observed with applications covered by Contrast Assess and Contrast Protect.

Screen Shot 2022-02-15 at 1.03.10 PM

May - June 2021: Contrast Labs' Application Security Intelligence Report

This report analyzes composite data from Contrast Labs to update readers on vulnerability and attack trends as observed with applications covered by Contrast Assess and Contrast Protect.

Incident Response Solutions from Contrast

contrast-protect

Contrast Protect

Always-on application and API protection from targeted attacks with no code changes required.

contrast-sca-02

Contrast SCA

Automatically catalogue your third-party software risk across the software lifecycle - from build, to test, through production.

contrast-assess

Contrast Assess

Flag underlying vulnerabilities in applications before it becomes a disclosed CVE or major incident - all without having to launch a single scan.

contrast-scan

Contrast Scan

Code analysis that’s tailor-made for modern CI pipelines that delivers 10x faster scans, and actionable findings to ensure rapid fixes.

contrast-serverless

Contrast Serverless

Identify custom and open-source vulnerabilities embedded in serverless applications in just three clicks.