APPSEC OBSERVER

The latest trends and tips in DevSecOps through instrumentation and Security Observability.

Subscribe To Blog

Secure Coding with Go

All Systems Go—Except Application Security

Google Go (also known as Golang) continues its role as a popular software language that enables developers to ship quality code at a rapid pace. Its genesis can be traced back to when Google engineers..

Continue Reading >>

A Single Security Platform That Actualizes DevSecOps

ByMahesh Babu May 4, 2021
Security and Development Are Out of Synch

When bringing new applications to market, speed has become a top priority. Nearly 80% of organizations say their development team is under growing pressure to shorten release cycles. Companies are..

Continue Reading >>

CONTRAST STUDY FINDS THAT LESS THAN 10% OF APPLICATION CODE IS ACTIVE THIRD-PARTY LIBRARY CODE

2021 State of Open-source Security Report Examines Real-world Software Supply Chains

Prompted by the devastating SolarWinds attack, the White House is reportedly preparing an executive order on software security to be released in the next several..

Continue Reading >>

Automation Paves the Way for Interactive Application Penetration Testing

Adoption of DevOps is increasing the rate of software deployment. A recent survey by DevOps Research and Assessment (DORA) and Google Cloud found that elite DevOps performers—nearly 7,000 of the companies surveyed—have 208 times more frequent..

Continue Reading >>

CONTRAST LABS REVEALS DEPENDENCY CONFUSION VULNERABILITY IN MICROSOFT TEAMS

When the COVID-19 pandemic forced a large percentage of the world’s office workers to begin working remotely a year ago, organizations were forced to scramble to greatly accelerate their digital transformation. Deployments that may have been..

Continue Reading >>

DEPENDENCY CONFUSION: A NEW THIRD-PARTY RISK FOR THE SOFTWARE FACTORY

The SolarWinds attack has been extensively covered over the past two months—and rightly so. It has been characterized as among the worst hacks of the past 10 years, targeting SolarWinds’ software factory and compromising the code in software..

Continue Reading >>

AS 2020 CLOSED OUT, MORE APPLICATIONS HAD SERIOUS VULNERABILITIES AND ATTACK LIKELIHOOD REMAINED ELEVATED

As we look back on 2020, I think we all would agree that it was a year like no other. What we now know is that for many of the same months we were working from home and experiencing myriad other disruptions in our lives, state-sponsored cyber..

Continue Reading >>

CONTRAST V.5 BETA RISKSCORE RELEASE HELPS WITH APPSEC PRIORITIZATION CHALLENGES

The massive SolarWinds hack is a stark reminder of the importance of application security, but as most readers of this blog are aware, this event is unique only because of its size. The truth is that attacks on applications are rapidly growing in..

Continue Reading >>

How Contrast Simplified and Streamlined Its New Hire Onboarding Process

A hiring team spends a great deal of time identifying and interviewing candidates before making an offer. On average, it takes 58 days between posting a software engineering opening and making an offer of acceptance. Within that window of making..

Continue Reading >>

Application Risk From 4 of Top 5 Vulnerability Attack Types Grows, .NET Applications Become Bigger Target for Attacks

Industries across the spectrum are seeing rapid changes in their threat landscape. With the arrival of COVID-19, healthcare companies quickly became top targets for bad actors. The Chief Information Security Officer (CISO) of Johnson and Johnson..

Continue Reading >>

SUBSCRIBE TO THE BLOG