APPSEC OBSERVER

The latest trends and tips in DevSecOps through instrumentation and Security Observability.

Subscribe To Blog

Contrast Security’s Approach to SCA Enables Vulnerability Prioritization and Faster Remediation

ByJoe Coletta November 11, 2020
Open Source Is a Mainstay in Modern Development

It goes without saying that modern applications are rarely built from scratch today. Open-source software (OSS) communities are well-organized and licensing is usually pretty clear. Thus, when..

Continue Reading >>

Eating Our Own Cooking at Contrast: Securing and Protecting TeamServer

It’s very rare that one has an opportunity to experience the development of a major software solution from the ground up and use that very product to secure and protect it at the same time. This is precisely what we’ve been able to do at Contrast..

Continue Reading >>

Contrast Receives 4.8/5.0 in 2020 Gartner Peer Insights ‘Voice of the Customer’: AST Customers’ Choice

Technology companies that fail at delivering unparalleled customer experiences and demonstrating business value simply cannot survive in today’s digital era. Too often, there is a significant gap between what products are capable of doing and..

Continue Reading >>

85% of Developers in the Technology Industry Deploy Daily, Yet 8 in 10 Aren’t Going Fast Enough

ByPatrick Spencer October 12, 2020

Organizations aspire to reach perfection and often look to emulate best practices of peer organizations to do so. When it comes to software development, global technology leaders like Google, Amazon, Uber, Apple, and others immediately come to..

Continue Reading >>

Authenticated Remote Code Execution in OpenMRS

Early in May of 2020, Contrast Labs was exploring different ways in which we could help the community or world combat the increase in attacks against medical and testing facilities. We decided quickly that doing some form of hack-a-thon on OpenMRS

Continue Reading >>

XML External Entity (XXE) Pitfalls With JAXB

The Java XML Binding (JAXB) runtime that ships with OpenJDK 1.8 uses a default configuration that protects against XML external entity (XXE) attacks. Contrast researched this secure default configuration and found that developers should not rely..

Continue Reading >>

Contrast Labs: Blocking Spring View Manipulation Attacks

 

Continue Reading >>

WHY OBSERVABILITY IS THE NEXT BIG THING IN SECURITY

Accelerate cloud migrations with security observability across your development life cycle.

Continue Reading >>

Contrast Labs: Apache Struts CVE-2019-0230 and How to Block Attacks

Note: Special thanks to Alvaro Muñoz (https://twitter.com/pwntester) for correcting us on some very important technical facts in our original copy of this blog.

Continue Reading >>

Contrast Application Security Platform Accepted Into Department of Defense Platform One

The U.S. Department of Defense (DoD) takes cybersecurity to new levels. Platform One, a program based out of the U.S. Air Force Office of the Chief Software Officer, builds and secures technology tools across the military that are used to “guide,..

Continue Reading >>

SUBSCRIBE TO THE BLOG