Skip to content

Resources

Analyst Reports, eBooks, On-Demand Webinars, White Papers & more.

 

Show All
  • Show All
  • Case Study
  • eBook
  • White Paper
  • Reports & Solution Briefs
  • Contrast Labs
  • Webinar
  • Video
  • Podcast

IDC Link: Contrast Security Targets Developers with Free DevSecOps Solution

06/22/2022, 12:00 AM

Contrast Security’s newest free developer security tool, CodeSec, has gained a lot of attention in the market. As such, IDC — a global provider of market intelligence, advisory services and events for the information technology sector — provided its insight in a recent report that entails what CodeSec offers and how it aims to help developers.
Read Report

Demo: CodeSec by Contrast

06/08/2022, 12:00 AM

Over the years, the need for code to be deployed faster has never been greater. However, speed often comes at a cost. With security vulnerabilities on the rise and new ones appearing every day, developers need fast, accurate and simple-to-integrate security tools that allow them to deploy code quickly without disrupting their workflow. That is why Contrast is proud to introduce CodeSec: A seamless CLI tool that brings Contrast's enterprise-level security testing right to the developer's laptop. Make code and serverless security simple and efficient with quick scan times, market-leading accuracy, actionable results and seamless integration.
 
Watch Now

2022 Gartner® Magic Quadrant™ for Application Security Testing

05/05/2022, 12:00 AM

Contrast Security was named a “Visionary” in the 2022 Gartner “Magic Quadrant for Application Security Testing.”
Read Report

2022 IDC MarketScape Report

05/05/2022, 12:00 AM

Contrast Security was named a "Major Player" in the 2022 IDC MarketScape: Worldwide Application Security Testing, Code Analytics, and Software Composition Analysis 2022 Vendor Assessment. 
Read Report

Securing the Software Supply Chain in Modern Development Pipelines

04/07/2022, 12:00 AM

Watch this on-demand webinar recording to hear from industry experts in software security and engineering discuss how to lock down your software supply chain at scale.  
 
Watch Now

Transforming the Role of the Security Analyst

03/09/2022, 12:00 AM

ESG analyst discusses how to move from gatekeeper to developer enabler.

 
Download Whitepaper

Developers: Own Your Security Destiny

03/09/2022, 12:00 AM

ESG analyst discusses how to ship secure, tested code and rapidly remediate issues without headaches.

 
Download Whitepaper

2021 Application Security Observability Report

02/15/2022, 12:00 AM

A "Can't Miss" report based on real-world data from thousands of applications that highlights vulnerability and attack trends, security debt, benchmarks on the vulnerability escape rate, and much more.

Download the Report

Preparing for the Next Zero-Day Vulnerability

02/15/2022, 12:00 AM

Join Larry Maccherone, DevSecOps Transformation lead at Contrast Security, and Farshad Abasi, Chief Security Officer at Forward Security for an interactive discussion about how to future-proof against emerging threats on the horizon so your organization is prepared to respond instantly to zero-day vulnerabilities like Log4Shell.

Register Now

State of Serverless Application Security Report

02/15/2022, 12:00 AM

Read this detailed research Report to discover key trends, insights, and benchmarks on serverless application security.

Download the Report

How To Keep Up With the Rapidly Expanding Scope of the OWASP Top Ten

02/15/2022, 12:00 AM

Read this eBook to learn how to use out-of-the-box policy management and reporting in the Contrast application security platform.

Read the eBook

Pipeline-Native Scanning for Modern Application Development

02/15/2022, 12:00 AM

Read this White Paper to learn why organizations have been slow to move off of legacy SAST approaches and how Contrast Scan offers a transformative alternative with demand-driven static analysis.

Download the White Paper

3 Ways Contrast Helps Safeguard the Software Supply Chain

02/15/2022, 12:00 AM

Read this eBook to learn how Contrast enables organizations to secure and protect their software supply chain.

Read the eBook

Pipeline-Native Static Analysis: Why It is the Future of SAST

02/15/2022, 12:00 AM

Read this eBook to learn the benefits of a pipeline-native static analysis approach and what it entails.

Read the eBook

Quickly and Easily Scale and Secure Your Serverless Applications With Contrast Serverless Application Security

02/15/2022, 12:00 AM

It is time to get on the serverless train. Forrester predicts that 25% of developers will be using serverless technologies by next year.

Download the White Paper

State-Of-The-Art Protection And Observability Is Appsec Exactly Where It Is Needed— In Production Runtimes

02/15/2022, 12:00 AM

This eBook examines how runtime application protection and observability delivers a state-of-the-art approach to application security. Readers will gain the information needed to evaluate runtime application protection and observability solutions and how they augment perimeter defenses (such as WAFs).

Read the eBook

Lack of Security Observability Thwarts Application Security

02/15/2022, 12:00 AM

Read this white paper to discover how reliance on outdated application security tools clouds observability that is critical to spotting and remediating vulnerabilities in applications.

Download the White Paper

Perimeter Security Noise leaves Applications Vulnerable to Attacks

02/15/2022, 12:00 AM

Read the White Paper to learn how traditional perimeter security lacks sufficient visibility to differentiate which attacks can impact a running application.

Download the White Paper

American College of Radiology

02/09/2022, 12:00 AM

American College of Radiology selected Contrast, because it was providing really good information about the findings of vulnerabilities and context on how to fix them. Contrast has assisted in educating American College of Radiology’s developers to not just fix the issues but also to prevent them from happening again in the future.

Watch Now

Zero Trust for Application Workloads

02/03/2022, 12:00 AM

Watch this On-Demand session from ATARC’s Zero Trust Virtual Summit. Erik Costlow, Sr Director at Contrast focuses on the Zero Trust Maturity Model, Pillar #4 that hones in on Application Workloads.

Watch Now

Serverless Application Security Testing for AWS Lambda

02/02/2022, 12:00 AM

Watch this recording to see how teams who are adopting a modern application development, are also pairing with modern application security. With a product focus on AWS Lambda, Tal Melamed, security expert and product architect at Contrast Security discusses Contrast Serverless Application Security.

Watch Now

Outdated Application Security Tools Put Federal Agencies at Risk

02/02/2022, 12:00 AM

Read this White Paper to discover how Federal agencies are challenged to accelerate development cycles due to legacy application security approaches.

Download the White Paper

Log4j Vulnerability Demo

02/01/2022, 12:00 AM

Watch this simple demo from Jeff Williams, Contrast CTO, showing how the Log4j vulnerability and exploit work.

Watch Now

Log4j Vulnerability: What you can do now

02/01/2022, 12:00 AM

The most serious of vulnerabilities was just found in the most used logging framework, but DevSecOps teams can quickly identify what’s impacted and where they focus their time.

Watch Now

Contrast Community Edition Product Brief

02/01/2022, 12:00 AM

Contrast CE is a free, full-strength application security platform that provides "always-on" IAST, RASP, and SCA for Java and .NET Core applications and APIs. Contrast Community Edition delivers the power of Contrast Assess and Contrast Protect and is used by all sizes of an organization - from large global enterprises to one-person development teams.

Read the Solution Brief

Contrast Security And Secure Code Warrior Solution Brief

01/06/2022, 12:00 AM

Read this Solution Brief to learn how Contrast and Secure Code Warrior combine to deliver just-in-time learning for developers.

Read the Solution Brief

Contrast Assess Market-Defining Application Security Testing for Modern Agile and DevOps Teams

01/08/2021, 12:00 AM

Contrast is a revolutionary application security solution that transforms an organization’s ability to secure their software by making applications self-protecting. This whitepaper covers how Contrast Assess’ unique Application Security Testing solution, sometimes referred to as Interactive Application Security Testing (IAST), makes software capable of assessing itself continuously for vulnerabilities, while providing the highest accuracy, efficiency, and coverage

Read Whitepaper

American College of Radiology

American College of Radiology has agile methodologies in their SDLC, which means security tools have to shift left, allowing developers to have access to security tools. Learn how Contrast enabled American College of Radiology to leverage technology for security by finding errors as they run.

Watch Now

Financial Services

Read this Case Study to learn how this North American insurance subsidiary increased awareness among developers about application security risk and safe-coding practices.

Read Case Study

Unit 4

Significantly Reduces False Positives And Speeds Devops Cycles With Contrast Application Security Platform.

Read Case Study

CM.com

Improves Security and Efficiency While Reducing Risk.

Read Case Study

Go Agent Demo

A demonstration of how the Go agent helps teams find vulnerabilities in their custom code, with an explanation of how the technology works.

Watch Now

Kaizen Gaming

Read this Case Study to learn how Kaizen Gaming shifted application security left to improve risk while driving efficiencies for development and security teams.

Read Case Study

Contrast CEO, Alan Naumann, on Contrast

Our CEO discusses how software is affecting business transformation, the growing risks inherent in the pace of modern development, how security can evolve to scale, and why Contrast is uniquely positioned to deliver an application security posture that is effective.

Watch Now

Envestnet | Yodlee

Business and technology innovation was being hampered by traditional legacy security and infrastructure tools. This digital healthcare company required a solution that could quickly and seamlessly accelerate the company’s digital future by migrating securely to a cloud infrastructure.

Read Case Study

GreenSky

In terms of multi-tasking, GreenSky had “multiple irons in the fire” across their DevOps environment. The company was facing the standard technology growing pains and realized they needed greater flexibility and scalability. Contrast Security was able to secure over 150 of their applications migrated from on-premises to an AWS cloud platform.

Read Case Study

Regional Credit Union

Read how Contrast Assess helped this regional credit union identify vulnerabilities in custom code and instruct developers on how to remediate them. Additionally with Contrast Protect, this company can accurately block attacks in real-time, across all environments.

Read Case Study

Banking Financial Services

Reducing Application Vulnerabilities and Overall Business Risk.

Read Case Study

Retail E-commerce

Transforming an Application Security Vision into a Reality at a Large Retail and E-Commerce Company.

Read Case Study

Financial Services Firm

Achieve Complete Application Security Test Coverage for the Entire Software Portfolio.

Read Case Study

OWASP Co-Founders Discuss the OWASP Top 10 2021

Organizations will recalibrate how they measure application risk and reevaluate strategies based on the OWASP Top 10 2021. Hear two of the original co-founders of OWASP assess the new Top 10 and provide their perspectives.

Watch Now

Key Insights and Benchmarks from Contrast's 2021 Application Security Observability Report

Hear our panel of experts discuss the second annual 2021 Application Security Observability Report. We will cover key insights and industry benchmarks on an array of different application security areas.

Watch Now

Key Takeaway from the Kaseya Software Supply Chain Attack

Hear a panel of experts discuss how bad actors were able to hack the Kaseya application, and get recommendations on what you can do to avoid becoming victims to software supply chain attacks.

Watch Now

The Future of SAST: Pipeline-Native Static Analysis

One of the “can’t miss events” in 2021. Join this webinar to learn how pipeline-native static analysis is a major breakthrough—delivering exponential improvements in scan times, accuracy, and more without compromising development speed.

Watch Now

4 Dimensions of Modern Application Security

Application security is no longer one- or two-dimensional. Join our expert panel on this webinar and learn about the four dimensions of modern application security.

Watch Now

What True DevSecOps Controls and Metrics Look Like

Join this webinar to learn what controls and metrics you need in place to implement a successful DevSecOps program.

Watch Now

How to Determine What Your Open-Source Risks Look Like

Join us as we discuss key findings in Contrast Labs’ newly released “2021 Open-source Security Report.” Learn what percentage of libraries contain vulnerabilities, how many CVEs are in an application, and much more.

Watch Now

U.S. Air Force’s Chief Software Officer Shares Perspectives on Application Security

60% of Public Agencies Use DevOps and Agile But It Takes An Average of 500 Days to Complete a Federal IT Project. Something is amiss! Join us for our two subject-matter experts for this Fireside Chat and discover why modern DevSecOps is the answer for federal agencies.

Watch Now

Unleashing Software's Potential with an Application Security Platform

Join us to discover why security roadblocks inhibit developer efficiencies while slowing down development cycles. A platform approach to application security solves these challenges, collapsing the different silos between application security tools for full observability across applications and application programming interfaces (APIs).

Watch Now

Security Observability Summit

Contrast Security hosted the industry's first Security Observability Summit. You will experience one inspiring keynote, two comprehensive breakouts, and nine eye-opening sessions.

Watch Now

From the Inside Out

Contrast Security held a virtual event with a panel of AppSec experts for an exclusive inside look on how you not only can get control of runaway security debt, but can actually reduce it dramatically. This moderated panel of AppSec pros shared stories about their own experiences and the strategies they employed to reduce security debt permanently. You will come away with key insights and tactics about how you can overcome security debt within your own organization.

Watch Now

Bringing an End to Security Roadblocks

Most traditional application security (AppSec) requires a slew of tedious manual processes that are failing modern DevOps teams in both efficiency and effectiveness. Since these legacy AppSec tools cannot keep pace with modern DevOps, security teams have long struggled to control and limit the amount of serious application vulnerabilities. Watch this webinar to learn how a modernized approach to AppSec can meet the needs of both security and DevOps teams.

Watch Now

Assessing the Risk from the Confluence of an Expanded Application Attack Surface and Advanced Threat Landscape

Join us to gain insights on how the confluence between the rapidly expanding application attack surface and the evolving threat landscape poses serious risk. After mapping out the challenges, our expert panel will share insights around strategies and tactics that organizations can tap to bolster their application risk postures and ensure their applications are protected.

Watch Now

Application Security Jumps to the Top of the CISO's List of Priorities

As the modern-day CISOs role continues to expand, CISOs must mitigate both business risk and execute successful cybersecurity strategies. This is especially true when it comes to the risk of application development vulnerabilities that can result in dire financial consequences—ranging from diminished brand reputation to severe financial loss. Tune in for a special moderated webinar that will feature insights from a seasoned executive recruiter and CISO practitioner about what it takes to manage an effective application security strategy.

Watch Now

RASP for Attack Visibility, Web Application Observability, and Simple Scaling

Let’s face it—traditional web application firewalls (WAFs) simply can’t keep pace with the demands of digital transformation in DevOps environments. Applications are deployed faster and leaner than ever before and AppSec professionals need protection that moves beyond the traditional and simplistic perimeter defenses a WAF can offer. Join this webinar for a discussion about how RASP delivers an innovative application security alternative that adapts and reacts in real time. With RASP, teams gain the necessary attack visibility, application observability, and scalability they require.

Watch Now

Defining and Stopping the "Plague" of Application Security False Positives

False positives in application security are the kiss of death. They kill time, confidence, and ultimately, the application if they detract from security’s ability to focus on the critical vulnerabilities. Attend this webinar to get a better perspective on how pervasive the issue of false positives is, and the impact these erroneous alerts have on an organization—from the effects of alert fatigue to the impediments on a company’s digital transformation.

Watch Now

DZone Webinar: Securing APIs At Devops Speed

With attack-automation tools working around the clock, there’s no REST for the wicked. The increasing speed of DevOps and continuous deployment paves the way for teams to obtain security through on-demand self-service – securing APIs from the inside rather than the outside. Watch this on demand webinar if you are a Developer who wants to push code faster by removing the obstacles of securing APIs as mandated by your security teams.

Watch Now

Security Instrumentation is the Future of All Software

Uncompromised code. Imagine it. Well, a technology exists that can make it a reality: Instrumentation. The state of Application Security is in a flux, and it is for good reason. After literally decades of attempts to improve software security, the proverbial needle has barely moved. Join Jeff Williams, Contrast Security's CTO and co-founder of OWASP for a webinar to learn how AppSec professionals can benefit from instrumenting applications.

Watch Now

SAP Concur Cloud Journey

The journey of cloud migration isn’t a straight and narrow path, and enterprise DevSecOps teams generally use a variety of tools to reach their goal. In this webinar, we will deep dive into SAP Concur’s journey, and how they are leveraging Contrast Security’s embedded application security model and AWS in tandem to “shift left”, create a seamless developer experience, and deliver secure application workloads on the cloud.

Watch Now

What the WAF: Understanding and Augmenting What the WAF Cannot See

A Web Application Firewall (WAF) has limited capabilities to secure your code during production. Using a Runtime Application Self-Protection (RASP) tool will work from within the application via instrumentation and easily deploys in your DevOps, Cloud and Container environments. We’ll highlight what WAFs can and cannot see and why they require RASP to function at its fullest.

Watch Now

Cloud-Native Security: Processes and Tools for Real-World Transformation

Cloud-native platforms not only make it easier to support the kind of cultural shift necessary for continuously shipping software, they make it easier to practice good security and reduce the available attack surface. But an attack on the application itself can undermine all platform controls. Learn to secure your code in runtime at scale for cloud-native production applications.

Watch Now

Cloud-Native Security: Understanding the Why & How

Join Jeff Williams, Co-Founder & CTO of Contrast Security, and David Zendzian, CTO of Compliance and Security at Pivotal, for a discussion on best practices to ensure an organization's Cloud-Native Transformation is secure at the speed of DevOps.

Watch Now

Modern Software Assurance Strategies for Government Agencies

Join in to discuss the principles of DevOps with an innovative approach of IT security known as DevSecOps. DevSecOps introduces automated security much earlier in the Software Development Life Cycle (SDLC) to minimize vulnerabilities and bring security closer to IT and govrnment business objectives.

Watch Now

Embedding Security in a Modern DevOps Pipeline – A Customer Perspective

Hear directly from a customer's perspective on how Beeline, the world leader in contingent workforce solutions, aligned their Development, Operations, and Security practitioners to set up a fully automated continuous integrated and continuous delivery (CI/CD) pipeline and incorporated application security early in the process.

Watch Now

Targeted Defense: The Future of Defending Applications in Production

Development teams have struggled with a massive security backlog for how rapid they need to work to release software. Protecting your legacy applications is critical to your business and therefore necessary for your organization to have better production controls. Listen in to learn Contrast Security's new Targeted Defense Platform using RASP technology to defend your applications in production.

Watch Now

Contrast Security Demo & Overview

Watch a demo presented by Jeff Williams, CTO and Co-Founder of Contrast Security, and Ed Amoroso, former CISO at AT&T and Founder of TAG Cyber.

Watch Now

Next Generation Application Security

See how Contrast Security works with Agile & DevOps processes to accomplish maximum security at maximum speed for all application deployments.

Watch Now

DevOps Ready Security

Short video to learn how Contrast Security enables development and operations teams to deliver secure code while working at DevOps speed.

Watch Now

Introduction to Contrast Assess

Learn how Interactive Application Security Testing (IAST) uses instrumentation to find and remediate vulnerabilities and insecure libraries. We will compare Contrast Assess to other legacy security testing methodologies.

Watch Now

Contrast Assess as Part of the SDLC

Contrast Assess deploys an intelligent agent that instruments the application with smart sensors to analyze code in real-time from within the application. No need to disrupt and change the way you work.

Watch Now

The Contrast Advantage

Jeff Williams, CTO and Co-Founder of Contrast Seucurity, explains what it means to have "self-protecting" software.

Watch Now

Contrast Protect Advantages Over WAF

Watch first hand how Contrast Protect (RASP solution) avoids the need for WAF's by working from the inside of a running application to provide better visibility and accuracy to find and block attacks.

Watch Now

The Challenge of Secure Coding

Nick Holland, Director of Banking & Payments at the Information Security Media Group, and Jeff Williams, CTO and Co-founder of Contrast Security, discuss the challenges of writing secure code.

Watch Now

Realistic Approaches to AppSec & the Future of Cyber Security

Hear a conversation with Contrast Security's Co-Founder & CTO, Jeff Williams and former CISO of AT&T, Ed Amoroso, as they discuss how to approach application security and what the future of cyber security looks like. (10:18)

Watch Now

Continuous Application Security with Tim Chase from Nielsen

In this brief video, hear Tim Chase, Director of Application Security and Architecture at Nielson, discuss the importance of continuous application security and what he thinks the future will hold for security testing, including DevSecOps. (02:15)

Watch Now

New Serverless Application Security Solution Is a Transformative Breakthrough

Contrast’s Head of Cloud-native Security Research Tal Melamed and Director of Product Marketing Blake Connell sat down with the Inside AppSec Podcast team to discuss the Contrast Serverless Application Security solution and what differentiates it from current application security approaches on the market.

Listen to Podcast

Key Insights on Application Vulnerabilities and Attacks (New Report) – Part 2

Hear our two guests discuss key findings in the 2021 AppSec Observability Report and how the RiskScore Index, which catalogues 19 different vulnerability types, enables organizations to pinpoint which vulnerabilities post the highest risk by combining vulnerability and attack data.

Listen to Podcast

Digital Transformation in Financial Services Accelerates, Application Security Struggles to Keep Up

In this Inside AppSec Podcast with Contrast’s CISO David Lindner and Director of Developer Relations Erik Costlow, we explore key findings in Contrast Security’s 2021 State of Application Security in Financial Services Report.

Listen to Podcast

Contrast Labs Researcher Finds Dependency Confusion Vulnerability in Microsoft Teams

In this Inside AppSec Podcast, Contrast Security's Director of Security Research Matt Austin discusses how he found the dependency confusion vulnerability in Microsoft Teams and what risk it posed.

Listen to Podcast

ASG Technologies

Automating Application Security to Protect Corporate Data Assets at the Speed of Business.

Read Case Study

Tillster

Serving Up and Delivering Digital Applications On Time.

Read Case Study

Insurance

Venerable insurance subsidiary deploys an application security solution that integrates and works seamlessly with developer tools.

Read Case Study

How to Scale Governance, Compliance, and Security through GitHub Actions

Watch this On-Demand webinar to learn how to scale aspects of governance, compliance and security across different application teams, codebases and microservices architectures.

Watch Now

Shift Left: Easier Said than Done

Shift Left. A phrase that is easy to say, but a strategy that many organizations struggle to effectively implement. Watch this talk, presented by industry expert Larry Maccherone, to learn how to overcome the top 5 reasons that “shift left” is hard.

Watch Now

How to Win the DevSecOps Transformation

World class Application Security programs were not built in a day. The journey to success and meeting the new normals of code velocity require a coordinated effort between Engineering, DevOps and Security. Hear from Forrester's Sandy Carielli and Contrast Security's Larry Maccherone on how to quickly align goals, incentives and remove friction in better securing code across the entire SDLC.

Watch Now

Assessing the Current and Future States of Serverless Application Security

This panel of serverless experts discuss findings and insights from a new report on serverless application security. Viewers will learn what serverless application rates look like, how early serverless adopters are using application security, if serverless applications pose the same risk as traditional application environments, how teams want to consume serverless application security, and much more.

Watch Now

CloudBee & Contrast Security

Two technical experts from Contrast and Cloudbees discuss governance, compliance, and security across different aspects of the SDLC. Watch this webinar to learn how automation enables organizations to realize the full potential of digital transformation, enforce compliance consistency, and enable developers to deliver secure code faster than before.

Watch Now

How To Unearth Application Vulnerabilities Hiding in Custom and Third Party Code

Today’s IT environments are increasingly complex and layered, jampacked with new collaboration applications, operational management platforms, authentication tools, malware protection software, the list goes on. With so many apps, it’s all too easy to focus your vulnerability remediation efforts on third-party software libraries and published CVEs and call it done.

Watch Now

5 Ways to Rapid DevSecOps Adoption

Teams that are working to develop and ship code fast are running into barriers when it comes to security. Solving this takes a combination of best practices and automation technology and should help them build secure code from the start vs trying to bolt it on later. In this panel discussion, Forrester principal analyst Chris Condo along with Larry Maccherone, DevSecOps Transformation, Contrast Security and Erik Costlow, Developer Relations, Contrast Security discuss 5 best practices that leading companies use to go fast while remaining secure.

Watch Now

Best Practices for Securing the Proliferation of APIS

Hear a panel of experts discuss the importance of API security and why traditional solutions fall short. Learn how APIs are designed and how design decisions impact security.

Watch Now

Learn How to Stop SQL Injection and Other Common Application Attack in Their Tracks

In response to the cascade of successful cyber exploits, President Biden issued an executive order that mandates the need for strengthening cybersecurity. Contrast Protect does just that for production applications.

Watch Now

Why Interactive Security Analysis for GO Application is Needed

Learn how Contrast can help application security teams improve the security of Go applications with the industry’s first interactive application security analyzer for the Go language.

Watch Now

New Report Highlights Digital Acceleration in Financial Services Is Creating Application Cyber Risks

Get insights and recommendations from a guest panel of Contrasters and GuidePoint Security on new survey findings published in a just-released State of Financial Services and AppSec Report.

Watch Now

How To Streamline AppSec With Interactive Pentesting

Discover what next-generation pentesting looks like when combined with interactive application security testing (IAST).

Watch Now

How Dependency Confusion Poses a Serious Risk in the Software Supply Chain

Join us as we discuss how a new dependency confusion vulnerability can wreak havoc and create widespread risk across the software supply chain.

Watch Now

What to Include in a New Risk-Scoring Model-and How to Use It

Join us as we discuss why simply assigning a severity rating is inadequate and how Contrast is developing an open-source risk-scoring algorithm that will be used as the basis for its RiskScore.

Watch Now

New Open-Source Dependency Confusion Vulnerability Threatens Software Supply Chain

In this Inside AppSec Podcast, Contrast Labs discusses why dependency confusion poses a serious threat and how Contrast developed and added new capabilities to its command-line interface so that customers can detect and remediate the vulnerability before bad actors exploit it.

Listen to Podcast

Kaizen Gaming Embraces Application Security Instrumentation, Sees Tangible Returns

Hear Kaizen Gaming's Technical Security Manager Aggelos Karonis discuss why he and his team turned to application security using instrumentation based on Contrast Security.

Listen to Podcast

State of DevSecOps Report: 95% of Organizations Experienced a Successful Application Exploitation in the Past Year

Hear Contrast Security's CTO and Co-Founder Jeff Williams discuss key findings in Contrast's 2020 State of DevSecOps Report.

Listen to Podcast

Serious Vulnerabilities Increase, .NET Applications Targeted by 4 of 5 Top Attack Types

In this Inside AppSec podcast, Contrast Security's CISO and Data Scientist discuss findings from the September–October 2020 Application Security Intelligence Report from Contrast Labs.

Listen to Podcast

Developers and Application Security Practices in the Technology Sector

Hear Contrast Security’s CTO and Co-Founder Jeff Williams discuss the survey findings from a recent report and provide his unique perspective on what they mean—from challenges to opportunities.

Listen to Podcast

Contrast-on-Contrast Case Study and Business Value Analysis: Key Insights and Learnings

Hear the Contrast VP of engineering discuss how his team has used the Contrast Application Security Platform to secure and protect TeamServer, the UI, and analytics engine for the Contrast platform. Learn about the business value his team has achieved using the Contrast platform over a legacy application security approach.

Listen to Podcast

DevSecOps Consultant Discusses AppSec Trends and Provides Career Insights and Recommendations

Hear EVOTEK's IT Strategist Greg Sternberg discuss how DevOps and AppSec must be thought of together and key trends that he sees taking place in DevSecOps.

Listen to Podcast

SQL Injection Vulnerability and .NET Application Attacks Spike

Contrast Security’s CISO David Lindner and Data Scientist Katharine Watson discuss key highlights and insights from the May-June bimonthly “Application Security Intelligence Report” from Contrast Labs.

Listen to Podcast

Key Takeaways from Contrast’s “2020 Application Security Observability Report”

Listen to Contrast’s CTO and Co-Founder Jeff Williams discuss key highlights and explore actionable insights, including how time to remediate directly ties to risk management, from the “2020 Application Security Observability Report.”

Listen to Podcast

Serious Vulnerabilities Increase 23% Per New Bimonthly AppSec Intelligence Report

Hear Contrast Security’s Data Scientist Katharine Watson and Union University’s Assistant Professor of Computer Science Brian Glas discuss key findings from the March-April Bimonthly AppSec Intelligence Report.

Listen to Podcast

Instrumentation Disrupts Application Security—from Development Through Production

Hear Contrast’s CTO and Co-Founder Jeff Williams discuss instrumentation and why it offers a much more efficient, effective application security model.

Listen to Podcast

When Application Vulnerabilities Are First Reported on Social Media: Strategies and Recommendations

Listen to Erik Costlow from Contrast Security discuss the implications of posting newly discovered software vulnerabilities on social media and how it impacts security and development teams.

Listen to Podcast

What It Takes to Be a Winning CISO/CSO Candidate (Part 1)

Listen to this Inside AppSec podcast with André Tehrani, a partner at Recrewmint, on what skills and experience organizations are looking for in a CISO/CSO

Listen to Podcast

The Risky Business of Open Source (Part 1)

Listen to this Inside AppSec podcast with Contrast Security’s Sr. Product Marketing Manager for Contrast OSS, Joe Coletta, about the trends in OSS and the risks of OSS.

Listen to Podcast

A Look at the AppSec Marketplace and Contrast Security in 2020

Listen to this podcast on Contrast Security’s AppSec paradigm shift: we embed security instrumentation in software and automate vulnerability identification and remediation verification.

Listen to Podcast

Defining What Is Needed—and Why—in Runtime Application Self-Protection (RASP) (Part 2)

Listen to this podcast with Contrast Security’s Head of Product Marketing for Contrast Protect, Derek Rogerson, on how RASP addresses the failings of perimeter security.

Listen to Podcast

Findings on Vulnerabilities and Attacks from the Latest Contrast Labs AppSec Intelligence Report

Listen to this podcast that discusses findings and takeaways from Contrast Lab’s bimonthly report for January-February 2020.

Listen to Podcast

Integrated Security Instrumentation Is the Future of AppSec

Listen to this podcast about the AppSec paradigm shift: security sensors integrated into application routes enable developers to manage vulnerabilities as they write code.

Listen to Podcast

What Security and Development Teams Need to Know About the New NIST 800-53 IAST and RASP Standards

Listen to this podcast about the latest release from NIST that spells out new requirement for instrumentation in IAST and RASP.

Listen to Podcast

Mapping the Benefits of Route Intelligence

Listen to this Inside AppSec Podcast that explores Route Intelligence and what it means for developers and security professionals with three experts from Contrast Security.

Listen to Podcast

How to Secure APIs at DevOps Speed

Read this eBook to understand why APIs are difficult to secure and what AppSec approach is needed to identify and remediate API vulnerabilities.

Read the eBook

Bringing An End To Security Roadblocks

Read the eBook to discover how AppSec still requires many manual processes, which slows Agile and DevOps CI/CD pipelines and frustrates developers.

Read the eBook

How Manual Application Vulnerability Management Delays Innovation and Increases Business Risk

Read the eBook to learn how legacy AppSec approaches lack visibility across an application’s attack surface, yielding both false negatives and false positives.

Read the eBook

A Comprehensive Approach to Analyzing and Protecting Software

Read the eBook to learn how traditional approaches to AppSec add more noise than protection, as they rely on a patchwork of disparate tools and processes.

Read the eBook

March - April 2021: Contrast Labs' Application Security Intelligence Report

This report is based on aggregate vulnerability and attack telemetry for custom code from customers whose applications are covered by Contrast Assess and Contrast Protect

Read the Report

July - August 2020: Contrast Labs' Application Security Intelligence Report

This report analyzes composite data from Contrast Labs to update readers on vulnerability and attack trends as observed with applications covered by Contrast Assess and Contrast Protect.

Read the Report

March - April 2020: Contrast Labs' Application Security Intelligence Report

This report leverages aggregate data collected by Contrast Assess and Contrast Protect for insights around both application vulnerabilities and targeted attacks.

Read the Report

January - February 2020: Contrast Labs' Application Security Intelligence Report

This report analyzes composite data from Contrast Labs to update readers on vulnerability and attack trends as observed with applications covered by Contrast Assess and Contrast Protect.

Read the Report

Contrast Scan Is Faster, More Accurate, and More Efficient

Read this white paper to learn how Contrast Scan uses pipeline-native static analysis to transform legacy SAST with faster speed and dramatically better accuracy.

Download the White Paper

Protecting APIs: An Uphill Battle

Read Contrast Security’s White Paper, “Protecting APIs: An Uphill Battle,” to understand the increased risk organizations face when they try to use legacy application security tools and processes to protect their Application Programming Interfaces (APIs).

Download the White Paper

How Legacy Application Security Requires Experts, Time, and Cost That Degrade DevOps Efficiencies

Read this White Paper to learn how legacy AppSec involves too many tools and requires too much time and too many experts to manage.

Download the White Paper

Why Lack of Application Security Skills and Experts Hamstrings Digital Transformation Initiatives

Read this White Paper to learn how the application security skills gap is affecting the ability of organization's to embrace digital transformation.

Download the White Paper

The Truth About AppSec False Positives

Read this White Paper to learn more about why AppSec false positives occur and how security and development teams struggle to address them.

Download the White Paper

Route Coverage through Instrumentation and Automated Vulnerability Management

Read the White Paper to find out how security instrumentation uses route intelligence to determine application route coverage—which ones have and have not been exercised.

Download the White Paper

Contrast Integrates into Kenna Security to Deliver Better Vulnerability Risk Management

Read this Solution Brief to learn how Contrast vulnerability and attack data integrates into Kenna. VM where it is combined with threat intelligence and advanced data science to help organizations prioritize risk remediation.

Read the Solution Brief

Contrast Labs Application Security Intelligence Bimonthly Report

Read this Bimonthly AppSec Intel Report to learn about key vulnerability, attack, and RiskScore trends during May-June 2021.

Download the Report

2021 APPLICATION SECURITY OBSERVABILITY REPORT - Executive Summary

Read this Executive Summary to glean key insights and benchmarks from the 2021 Application Security Observability Report.

Download the Report

Contrast Scan: Modern Application Security Scanning

Read this Solution Brief to learn how Contrast Scan is pipeline native and improves scan times 10x and remediation times 45x.

Read the Solution Brief

Purpose-Built AppSec Integration with Microsoft Azure

Read this Solution Brief to learn how the Contrast Application Security Platform has built-in integration with Microsoft Azure and what the benefits look like for Contrast customers.

Read the Solution Brief

Contrast Application Security Platform

Read this Federal Solution Brief to understand how Contrast Security addresses critical requirements such as DOD Platform One, NIST, and much more.

Read the Solution Brief

Contrast Application Security Platform

Read this Solution Brief to learn how the Contrast platform delivers a comprehensive DevSecOps approach that makes security continuous and integrates seamlessly with modern software.

Read the Solution Brief

Contrast OSS Helps DevOps Manage and Triage Hidden Third-Party Library Risk

Read this Solution Brief to learn how third-party library risks can be detected and remediated with Contrast OSS.

Read the Solution Brief

AppSec Solution Guide for Complying with New NIST SP 800-53 IAST and RASP Requirements

Read this Solution Guide to learn what implications the new IAST and RASP guidelines in the NIST Cybersecurity Framework have on application security.

Read the Solution Brief

Contrast OSS Product Brief

Contrast OSS delivers automated open source risk management by embedding security and compliance controls into applications throughout their lifecycle. Read this product brief to learn that Contrast OSS is the only solution that can identify vulnerable open source component to prevent exploitation at runtime.

Read the Solution Brief

Why DevSecOps Is Challenged By Modern Software Development

Join us to discover key findings and insights on Contrast Security’s 2020 State of DevSecOps Report. Our panel of practitioners will share their insights and recommendations on the extensive findings in the report. Attendees will leave with an in-depth understanding of key DevSecOps trends and best practices.

Watch Now

Simplify Vulnerability Remediation with Runtime Library Usage

Far too many software composition analysis (SCA) tools serve up a slew of irrelevant vulnerabilities in open-source libraries and frameworks that aren’t actively used, leaving developers frustrated when it comes to securing open-source code. Join us with key insights from AppSec professionals and come away with a stronger understanding of how to deliver developers the data they need to fix vulnerabilities, fast.

Watch Now

Contrast-on-Contrast Case Study: How We're Using Our Application Security Platform from Development to Production

At Contrast Security, we’ve been “eating our own cooking” to secure and protect TeamServer—the assessment analysis engine and UI that powers the Contrast Application Security Platform. Join this webinar and we will share some tangible business value outcomes that we've achieved using the Contrast Application Security Platform. Join the List Now!

Watch Now

How To Transition To A Modern Software Security Model

Medtronic embraced a modern application development approach to DevSecOps; increasing scale, eliminating noise from false positives, and bridging the gap between development and security teams. Watch this webinar to hear how Medtronic accelerated cloud migration and increased software delivery.

Watch Now

A Five-Step Plan to Vulnerability Management Success

Join us to discover a new approach for effective vulnerability management. Observability is key when it comes to the five-step plan that security and development teams need to implement for effective vulnerability management. By implementing this five-step plan, attendees will drive more effective threat prevention and achieve better risk management.

Watch Now

Digital Transformation Thwarted: When Your AppSec Tools, Scanning, and Resources Become Your Mr. Hyde

Join us to understand how Dr. Jekyll AppSec has turned into Mr. Hyde—not only in terms of the productivity of security teams but in the risk applications pose. Key takeaways include why traditional tools drive operational inefficiencies, how old security tools generate huge volumes of alerts that are inaccurate and often meaningless, and why old scanning and testing tools require AppSec professionals with highly specialized expertise and skills that are in high demand.

Watch Now

Managing Open-Source Security for Modern-Day DevOps

Is managing open-source software (OSS) with legacy tools causing more harm than good? This is often the case when it comes to outdated software composition analysis (SCA) tools that bury teams with false positives and require a series of tedious manual processes that waste valuable time. Tune in with us for a webinar that will explain how these SCA tools fall short when it comes to managing OSS risk, as well as how to untangle the confusion and find a security strategy that doesn’t stop DevOps in its tracks.

Watch Now

Assessing Custom and Open-Source Risk with Vulnerability and Attack Data

Get a sneak peek at our latest Contrast Labs findings, in this webinar you’ll learn what vulnerabilities and attacks in custom and open-source coded applications are the critical causes for concern. Effective web application security isn’t only about identifying vulnerabilities and attacks, as a matter of fact, that leads to alert fatigue. Today it’s about prioritizing and focusing and identifying what matters—sifting out the chaff from the wheat. Attend this webinar to get that leg up in your efforts.

Watch Now

The Best Route To AppSec Automation

In this webinar, our panel discusses how modern software development is the driver of an organization’s digital transformation and how application security is transforming to meet the modern demands. Learn how to empower faster code releases and scale application security through automation.

Watch Now

Why Agile & DevOps Demand New Approach to Securing Applications.

This moderated webinar panel tells you why Agile and DevOps requires a new approach to application security. This includes a cultural transformation that touches on everything that is needed for today’s modern software development environment—from strategies for building a strong security posture, to continuous protection through the software development life cycle, to automating workflows.

Watch Now

Security in a DevOps World: Unlocking Velocity and Innovation

Learn how to leverage application security instrumentation techniques in DevSec and SecOps (DevSecOps) to increase both developer and security productivity. Watch this webinar today to understand how the combined benefits of Microsoft and Contrast Security can help you accelerate innovation with Security in a DevOps world.

Watch Now

Securing APIs at DevOps Speed

Development teams and leaders want to push code faster and write good code while reducing interference from security teams. The only way to achieve these objectives is to rethink AppSec by integrating it into the DevOps pipeline. Attend this webinar if you are a Developer who wants to push code faster by removing the obstacles of securing APIs as mandated by your security teams.

Watch Now

A Comprehensive Approach to Application Security

Traditional approaches to AppSec have relied on a patchwork of separate disconnected tools and processes that add more friction than value by spending far too much time on scans and pentesting. We have a better idea. This talk will present our unified platform that provides continuous and comprehensive AppSec across the SDLC by seamlessly weaving AppSec into your applications themselves, protecting applications from cradle to grave.

Watch Now

Embracing DevSecOps with Embedded Application Security

Traditional approaches to application security create unacceptable drag and scaling problems for DevOps, while security staffing and tooling requirements to support “more code, faster” create untenable economics. This webinar will be a discussion and hands-on workshop showing the transformative impact of embedding application security into applications themselves.

Watch Now

Building a Modern, Scalable, and Effective Application Security Program

Over the past 20 years, there have been a dozen different major theories on how you should implement an application security program. The answer is a new modern approach to achieving application security that directly measures security outcomes instead of indirect measurements of processes or teams.

Watch Now

Key Application Security Strategies for Your Cloud Migration

Organizations are migrating from traditional legacy technologies to embracing today's Digital Transformation with modern cloud computing. These activities, in turn, are driving the need for stronger security. This webinar will help you understand how Contrast solves this problem by using instrumentation within the application to protect wherever they are deployed and automatically report and block attacks.

Watch Now

Securing Java Web Applications and APIs in minutes...for FREE...Seriously!

We've all suffered from a difficult, inaccurate, and frustrating security tool. What if there was a security tool that was as easy and powerful to use as AppDynamics? In this webinar, we will help you get up and running with Contrast Security's Community Edition FREE and full-strength tool for anyone to use. Start securing your code, lock down open source libraries, identify attacks, and prevent exploits using our free AppSec solution.

Watch Now

Securing Java Web Applications and APIs in minutes...for FREE...Seriously!

We've all suffered from a difficult, inaccurate, and frustrating security tool. What if there was a security tool that was as easy and powerful to use as AppDynamics? In this webinar, we will help you get up and running with Contrast Security's Community Edition FREE and full-strength tool for anyone to use. Start securing your code, lock down open source libraries, identify attacks, and prevent exploits using our free AppSec solution.

Watch Now

Scaling Rugged DevOps to Thousands of Applications

Tim Chase, Director of Application Security and Architecture at Nielsen, discusses how he scales Rugged DevOps and achieves continuous protection during development and operations by instrumenting the software application portfolio, assessing and protecting applications in parallel, and deploying integrations that provide instant notifications.

Watch Now

Contrast Security Advantages Over WAF – SQL Query Example

Watch this short video to see how Contrast Security protects applications and blocks SQL injections attacks better than WAF's.

Watch Now

Securing Government Applications with Contrast Security

Listen to Contrast CTO, Jeff Williams, discuss how Contrast is modernizing government agencies approach to application security.

Watch Now

The Time is Now for Contrast

Businesses are transforming. Innovation is being driven by software development. Learn how Contrast is leading the security evolution to ensure that innovation is secure.

Watch Now

Contrast Demo for Applications Running in AWS

Watch a step-by-step demo of how developers can reduce false positives, manual processes, and security roadblocks by embedding security directly into software through instrumentation.

Watch Now

Contrast Security Product Highlights

Watch a short high-level overview of Contrast Assess and Contrast Protect to see how we make software self-protecting to prevent vulnerabilities and block attacks.

Watch Now

Contrast High-level Overview

A short explanation to learn how Contrast Security uses instrumentation to deploy and accurately identify application vulnerabilities in minutes without experts or legacy SAST and DAST tools.

Watch Now

Introduction to Contrast Protect

Contrast Protect leverages Runtime Application Self-Protection (RASP) and patented deep security instrumentation to protect applications against cyber attacks in real-time, making it the most accurate, fastest and scalable application security solution.

Watch Now

Boost Application Security with Self-Protecting Software

Terry Sweeny, Editor at DARKReading, and Jeff Williams, CTO and Co-founder at Contrast Security, discuss the need for a modern approach with more accurate tools to help development teams code without the need to stop and scan.

Watch Now

Cybersecurity and Digital Transformation

Contrast Security CEO Alan Naumann chats with former CISO of AT&T Ed Amoroso on the importance of software security, DevOps initiatives, and the future of digital transformation.

Watch Now

Instrumenting Application Security

In this video, hear Scott Parson, Senior Enterprise Security Architect of a Fortune 500 Financial Company, discuss the importance of continuous application security and how automation and cloud infrastructure has impacted his organizations approach to application security. (02:25)

Watch Now

Investing in the AppSec Market

In this video, Jeff Williams, Co-Founder & CTO of Contrast Security, talks with John Monagle of General Catalyst, in regard to investing in application security, how the DevOps movement is changing the market, and Contrast Security's role in this transformation. (03:15)

Watch Now

Dark Reading Interview with Jeff Williams

Hear Brian Gillooly, VP of Events Content & Strategy, at Dark Reading in an in-depth conversation with Jeff Williams, Co-Founder & CTO of Contrast Security. Topics included revolutionary changes taking place in both application security and DevOps as well as Jeff’s prestigious nomination as one of the three finalists in the "Most Innovative Thought Leader" category for his work as a cyber security innovator. (12:57)

Watch Now

What does IAST mean to you?

Watch this short video and hear from Director of Test, John Scarborough on how he defines Interactive Application Security Testing (IAST). (00:39)

Watch Now

DevOps teams and AppSec?

Establishing a DevOps-ready security program is possible. In this video, hear from three folks who have successfully built and scaled the DevOps functions within their organizations. (01:31)

Watch Now

What does RASP mean to you?

Watch this short video and hear how Steve Herrod, Managing Director of General Catalyst Partners, defines and uses RASP technology as a decision-making tool. (00:35)

Watch Now

Key Takeaways From a New Serverless Application Security Report

Hear a panel of serverless application security experts discuss key findings and insights from a new survey report on serverless application security in this Inside AppSec Podcast.

Listen to Podcast

Behind-the-Scenes Perspectives on the Compilation, Analysis, and Publication of the 2021 OWASP Top Ten

Hear OWASP Top Ten Co-Lead and Union University Professor Brian Glas discuss how the data was compiled and analyzed for the new 2021 OWASP Top Ten categories.

Listen to Podcast

Why More Isn't Better When It Comes to AppSec and Why Less Is Better

Hear Contrast's Chief Scientist and Co-founder Arshan Dabirsiaghi and Head of Product Marketing Mahesh Babu discuss why the assumption that more is better is misguided and why a completely new #AppSec approach is needed.

Listen to Podcast

Key Takeaways and AppSec Recommendations From the 2021 OWASP Top Ten

This Inside AppSec Podcast features Contrast Security's CTO and Co-founder Jeff Williams and CISO David Lindner who explore changes and additions to the Top Ten and how organizations should use the Top Ten to manage their application risks.

Listen to Podcast

Serious Vulnerabilities Per Application Jump in Latest Bimonthly AppSec Intelligence Report

This Inside AppSec Podcast discusses what vulnerability types saw the biggest increases and which ones are the most concerning.  

Listen to Podcast

Key Insights on Application Makeup: Custom and Open-source Code (New Report) – Part 3

Special guests explore findings in Contrast Security's 2021 Application Security Observability Report on application code composition. While the average application contains 80% open-source code, only 6% of that code is exercised.

Listen to Podcast

Key Insights on Security Debt and Vulnerability Escape Rate Trends (New Report) – Part 1

This episode of Inside AppSec showcases the importance of just-in-time security training, which is confirmed via findings in Contrast’s newly formulated vulnerability escape rate—the average number of new vulnerabilities introduced each month in an application over the past year.

Listen to Podcast

Java Applications Under Attack Barrage in Latest Contrast Labs Bimonthly AppSec Intel Report

Listen to this Inside AppSec podcast interview with Contrast Security CTO and Co-founder Jeff Williams and Sr. Data Analyst and Scientist Katharine Watson to get more details on the key findings in the March–April 2021 Bimonthly AppSec Intelligence Report from Contrast Labs.

 

Listen to Podcast

CVE-2020-17091: Remote Code Execution Vulnerability in Microsoft Teams Found by Contrast Labs

Listen to this Inside AppSec podcast and hear Contrast Labs’ Director of Security Research Matt Austin discuss how he discovered a Remote Code Execution (RCE) vulnerability in Microsoft Teams and worked with Microsoft to confirm it.

Listen to Podcast

Contrast DevSecOps Platform Now Includes Pipeline-native Static Analysis

Hear Contrast Security's Chief Strategy Officer Surag Patel and Sr. Product Marketing Director Mahesh Babu discuss the addition of Contrast Scan to the Contrast Application Security Platform in this Inside AppSec Podcast.

 

Listen to Podcast

Navigating Open-source Security Obstacles and Mapping Out Solution Requirements

In this Inside AppSec Podcast, Contrast open-source subject-matter experts Joe Coletta and Pauline Logan take a look at some of the key findings in the Open-source Security Report and examine core capabilities in Contrast OSS and the Contrast Application Security Platform.

Listen to Podcast

Open-source Library Risks Expose the Software Supply Chain

Listen to this Inside AppSec Podcast with Contrast Security subject-matter experts Joe Coletta and Pauline Logan to learn about the risks of open-source code and why you must heed the risk signals to avoid exposing applications to malicious attacks.

Listen to Podcast

Software Supply Chain Is a Priority in the Latest Contrast Security Bimonthly AppSec Intel Report

In this Inside AppSec podcast, Contrast Security's CISO David Lindner and Sr. Data Analyst and Data Scientist Katharine Watson discuss highlights and key takeaways in the report.

Listen to Podcast

Modern Application Security Now Available for Golang Applications

n this Inside AppSec podcast, learn how the industry’s first interactive security analyzer for Go applications virtually eliminates false positives and dramatically improves the efficiency of both application security and development teams.

Listen to Podcast

Right and Wrong DevSecOps Metrics: Measuring What Counts

In this Inside AppSec podcast, listeners will learn what DevSecOps metrics matter—and which ones don’t—and how the Contrast Application Security Platform empowers security teams to build data-driven application security programs that reduce risks and improve efficiency.

Listen to Podcast

Recommendations for Protecting Applications in Production from Known and Unknown Attacks

In this Inside AppSec podcast, we discuss how perimeter-defense approaches are ineffective in blocking many types of threats and are highly inefficient to deploy and manage—often stretching SecOps teams to breaking points.

Listen to Podcast

Breaking Down Findings & Insights From Contrast Security's 2021 State of Open-source Security Report

Hear Contrast Security experts discuss findings and insights from the new 2021 State of Open-source Security Report by Contrast Labs.

Listen to Podcast

Application Security Findings and Insights From Kenna Security's Latest Research Report

This Inside AppSec Podcast interview with Kenna Security CTO and Co-founder Ed Bellis explores application security findings and insights from the Prioritization to Prediction Volume 6 report.

Listen to Podcast

Vulnerabilities Continue To Plague .NET Applications, Injection Attacks Ratchet Up in Concern

In this Inside AppSec Podcast, Contrast Security's CISO David Lindner and Sr. Data Analyst and Data Scientist Katharine Watson discuss these and other findings from the November–December 2020 report

Listen to Podcast

Building a Risk-Scoring Model for Applications: Initial Algorithm and the Underlying Data Elements

In this Inside AppSec podcast episode, our expert panel explores the reasons Contrast developed an algorithmic RiskScore, and how it plans to release it as an open-source project, and how organizations can contribute and leverage it.

Listen to Podcast

Reexamining Application Security Following the SolarWinds Hack

Hear Contrast Security’s CTO and Co-Founder Jeff Williams discuss emerging details around the SolarWinds hack and implications for application security. 

Listen to Podcast

What It Takes To Get a 4.8/5.0 Score for Gartner Peer Insights Customers' Choice

Contrast Security scored the highest in the Gartner Peer Insights Customers' Choice for Application Security Testing category. Hear our panel discuss what Contrast does to ensure customers have great experiences and support using its technology.

Listen to Podcast

DoD Officer Builds a Successful InfoSec Career, Including Transition to the Private Sector

Hear Jimmy Xu from Trace3 discuss how he became interested in InfoSec and how he built a successful career in the DoD that set the stage for a transition into the private sector. He also provides insights into key cloud and application security trends.

Listen to Podcast

Serious Vulnerabilities Increase While Overall Vulnerabilities Decrease in July-August

In this Inside AppSec podcast episode hear Contrast Security’s CISO David Lindner and Data Scientist Katharine Watson discuss Contrast Labs’ latest bimonthly research findings.

Listen to Podcast

Application Security Through the Lens of Risk Management

Hear award-winning author and risk assessment and policy development expert Doug Landoll discuss strategies that can be deployed to assess application risk, how security frameworks can be used to mitigate and manage that risk, what the future of application risk management may look like, and more.

Listen to Podcast

An Interview with New Contrast Board Member and Industry Cybersecurity and APM Pioneer Joe Sexton

Hear new Contrast Security Board Member Joe Sexton discuss application security from the perspective of the board and the opportunities security instrumentation offers to security, development, and operations leaders.

Listen to Podcast

“DevOps Trends and Best Practices: A Perspective from the Trenches”

Hear JJ Asghar, Developer Advocate at IBM, discuss what is trending in DevOps and what tips and tactics DevOps leaders and professionals can use to eliminate or minimize the hurdles they face.

Listen to Podcast

Exploring the Risks of Python in Applications and How to Protect Your Applications from Them

Listen to this Inside AppSec podcast about the growing number of developers using Python programming language and the need for modern AppSec to secure Python-based applications.

Listen to Podcast

Strategies and Tactics Managing Open-Source Risk (Part 2)

Listen to this Inside AppSec podcast with Contrast Security’s Sr. Product Marketing Manager for Contrast OSS, Joe Coletta, on what organizations need to do when securing OSS.

Listen to Podcast

How Culture Defines a Company and Enables a Laser Focus on Customers

Listen to this podcast with Babak Dehnad, VP of People at Contrast, on Contrast as an Inc. magazine Best Workplace and some of the key reasons why Contrast was selected as a winner.

 

Listen to Podcast

API Security Requirements: Mapping Vulnerabilities That Matter

Listen to this podcast with Contrast Security’s Director of Developer Relations, Erik Costlow, on API vulnerabilities and how DevSecOps professionals can tackle them.

Listen to Podcast

Building a Business Case to Get Beyond the Application Perimeter Defense (WAF) Status Quo (Part 1)

Listen to this podcast with Contrast Security’s Head of Product Marketing for Contrast Protect, Derek Rogerson, on how WAFs run on the perimeter and lack the context to identify risks.

Listen to Podcast

Developers Need Integrated Application Security Tooling

Read this eBook to learn how application security can become a shared, collaborative concern that unites development, operations, and security teams without inhibiting aggressive deliver schedules.

Read the eBook

Federal Agencies Must Transition to Instrumentation Based Application Security

Read this eBook to discover what federal agencies need to look for in application security in order to fully embrace and realize digital transformation--including Agile and DevOps.

Read the eBook

The DevSecOps Guide to Managing Open Source Risk

Read the eBook to learn how organizations need to manage OSS risks using AppSec powered by security instrumentation that unlocks automation.

Read the eBook

Using Security Instrumentation to Analyze and Protect Software

Read the eBook to discover how most companies forego robust security testing to accelerate time to market—leaving their organizations at risk.

Read the eBook

May - June 2020: Contrast Labs' Application Security Intelligence Report

This report leverages aggregate data from Contrast Security customers to provide insights about the vulnerabilities in software that we protect—and attacks on those applications.

Read the Report

Contrast Delivers Pipeline-native security for federal developers

Read this White Paper to learn how development teams with Federal agencies can use pipeline-native security from Contrast.

Download the White Paper

Advanced Threat Landscape and Legacy Application Security Ratchet Up Risk

Read this White Paper to learn how advances in the threat landscape create new application security challenges.

Download the White Paper

Understanding the Risks of Open-Source Software

Read the White Paper to find out how increased use of third-party OSS accelerates time to market but also increases software risk.

Download the White Paper

A Major Roadblock to Business Innovation

Read the White Paper to learn how AppSec tools and processes are a big drag on DevOps, as they are unable to keep pace with modern software development.

Download the White Paper

Contrast Security and Secure Code Warrior

Read this Solution Brief to learn how Secure Code Warrior integrates with the Contrast Application Security Platform to deliver just-in-training security to developers.

Read the Solution Brief

How Contrast Protect Integrates With Microsoft Azure Sentinel And Amplifies Enterprise Defenses

Read this Solution Brief to understand how the Contrast Application Platform integrates with Azure Sentinel to deliver consolidated security views to security practitioners

Read the Solution Brief

Contrast Application Security Platform Solution Brief

The Contrast Application Security Platform is designed to integrate with Agile and DevOps processes by operating within the application itself. Contrast leverages instrumentation to embed security within the application runtime that solves the challenges legacy application security tools present in modern software environments.

Read the Solution Brief

Contrast Labs Application Security Intelligence Bimonthly Report March—April 2021

Read this Report to learn about RiskScores for 19 different vulnerability types as well as vulnerability and attack trends in the latest Bimonthly AppSec Intel Report.

Download the Report

Contrast Oss: Automated Open-Source Security Without The Noise

Read this Solution Brief to learn how Contrast OSS offers a new approach to SCA by prioritizing the risk that matters most and streamlines remediation by analyzing which libraries are actually in use during application runtimes.

Read the Solution Brief

2021 State Of Application Security In Financial Services Report

Read this Report to discover how application security in financial services is failing to keep pace, incurs huge inefficiencies, and fails to stop successful attack exploits.

Download the Report

Contrast Labs Application Security INTELLIGENCE BiMonthly Report Jan-Feb 2021

Read the January-February 2021 AppSec Intel Report from Contrast Labs to learn about the hottest trends in application security based on real-world data.

Download the Report

Contrast Protect: Runtime Application Protection And Observability

Read this Solution Brief to learn how Contrast Protect delivers runtime application protection and observability.

Read the Solution Brief

Contrast Security Integration With Devops Chat Tools

Read about Contrast's integrations with common chat tools such as Slack and Microsoft Teams to help improve workflow orchestration and accelerate application delivery.

Read the Solution Brief

Contrast Security Integration with DevOps Ticketing Systems

Read this Solution Brief to learn how the Contrast Application Security Platform integrates with ticketing systems.

Read the Solution Brief

Contrast Security Integration with CI/CD Pipelines

Read this Solution Brief to learn how Contrast integrates security testing with existing tools and workflows that developers use in their DevOps and Agile environments.

 
Read the Solution Brief

The State of DevSecOps Report

Read Contrast Security’s “The State of DevSecOps Report” to learn how global organizations are addressing DevSecOps, what benchmarks exist, and how they are overcoming the challenges.

Download the Report

Locking Down Docker Security with Instrumentation in the Contrast Platform

Read this Solution Brief to learn how Contrast helps secure and protect Docker containers.

Read the Solution Brief

How Contrast Security Supports and Improves Government Reference Designs

Read this Solution Brief to understand how Contrast Security supports and improves government reference designs.

Read the Solution Brief

Keeping Kubernetes Secure with Instrumentation

Read this Solution Brief for an overview of why and how the Contrast Application Security Platform enables organizations to secure and protect applications running in Kubernetes-enabled containers.

Read the Solution Brief

Facilitating Secure Journeys to the Cloud with the Contrast Application Security Platform

Read this Solution Brief to understand how the Contrast Application Security Platform helps facilitate secure journeys to the cloud.

Read the Solution Brief

Contrast Assess with Interactive Application Security Testing (IAST)

Read the solution brief to learn how Contrast Assess uses instrumentation to embed security directly into the development pipeline.

Read the Solution Brief

Automatically Identify Software Vulnerabilities and Verify Their Remediation with Route Intelligence

Read the solution brief to learn how adding Route Intelligence capabilities to Contrast Assess delivers comprehensive security visibility while automating the workflows.

 

Read the Solution Brief

Contrast Protect Product Brief

Contrast Protect's instrumentation enables our agent to perform attack detection and response with more insight, at a deeper level than other solutions. We take a seven-step approach that is more robust and comprehensive to improve the likelihood of blocking zero-day attacks and detecting probe attempts.

Read the Solution Brief

Experience Contrast today

See how you could get secure code moving on the Contrast Secure Code Platform