APPSEC OBSERVER

The latest trends and tips in DevSecOps through instrumentation and Security Observability.

Subscribe To Blog

CONTRAST LABS REVEALS DEPENDENCY CONFUSION VULNERABILITY IN MICROSOFT TEAMS

When the COVID-19 pandemic forced a large percentage of the world’s office workers to begin working remotely a year ago, organizations were forced to scramble to greatly accelerate their digital transformation. Deployments that may have been..

Continue Reading >>

DEPENDENCY CONFUSION: A NEW THIRD-PARTY RISK FOR THE SOFTWARE FACTORY

The SolarWinds attack has been extensively covered over the past two months—and rightly so. It has been characterized as among the worst hacks of the past 10 years, targeting SolarWinds’ software factory and compromising the code in software..

Continue Reading >>

AS 2020 CLOSED OUT, MORE APPLICATIONS HAD SERIOUS VULNERABILITIES AND ATTACK LIKELIHOOD REMAINED ELEVATED

As we look back on 2020, I think we all would agree that it was a year like no other. What we now know is that for many of the same months we were working from home and experiencing myriad other disruptions in our lives, state-sponsored cyber..

Continue Reading >>

CONTRAST V.5 BETA RISKSCORE RELEASE HELPS WITH APPSEC PRIORITIZATION CHALLENGES

The massive SolarWinds hack is a stark reminder of the importance of application security, but as most readers of this blog are aware, this event is unique only because of its size. The truth is that attacks on applications are rapidly growing in..

Continue Reading >>

How Contrast Simplified and Streamlined Its New Hire Onboarding Process

A hiring team spends a great deal of time identifying and interviewing candidates before making an offer. On average, it takes 58 days between posting a software engineering opening and making an offer of acceptance. Within that window of making..

Continue Reading >>

Application Risk From 4 of Top 5 Vulnerability Attack Types Grows, .NET Applications Become Bigger Target for Attacks

Industries across the spectrum are seeing rapid changes in their threat landscape. With the arrival of COVID-19, healthcare companies quickly became top targets for bad actors. The Chief Information Security Officer (CISO) of Johnson and Johnson..

Continue Reading >>

Kaizen Gaming Makes Winning Bet on Application Security

The online gaming industry is projected to grow at a compound annual growth rate (CAGR) of 12.9% between now and 2027. This rapidly growing industry segment offers cyber criminals a broad attack surface to steal personally identifiable..

Continue Reading >>

SolarWinds Hack Exposes Long Overdue Prioritization of Software Security

With more news emerging on the SolarWinds cyberattack, its severity and ubiquitous reach continue to expand. Many are now heralding it as the “hack of the decade.” It exposed “god access” to the perpetrators, allegedly granting access to over ..

Continue Reading >>

Contrast Labs: Apache Struts CVE-2020-17530

On December 8, 2020, Apache published a security bulletin providing details for CVE-2020-17530, a forced double Object-Graph Navigation Language (OGNL) evaluation vulnerability in Apache Struts 2.0.0 to 2.5.25 that provides attackers arbitrary..

Continue Reading >>

95% of Organizations Admit To at Least One Successful Application Exploit in Past Year

ByPatrick Spencer December 15, 2020

Findings and Insights from Contrast Security’s 2020 State of DevSecOps Report

Continue Reading >>

SUBSCRIBE TO THE BLOG