SECURITY INFLUENCERS BLOG

Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

START FREE TRIAL

Authenticated Remote Code Execution in OpenMRS

Early in May of 2020, Contrast Labs was exploring different ways in which we could help the community or world combat the increase in attacks against medical and testing facilities. We decided quickly that doing some form of hack-a-thon on OpenMRS..

Continue Reading >>

XML External Entity (XXE) Pitfalls With JAXB

The Java XML Binding (JAXB) runtime that ships with OpenJDK 1.8 uses a default configuration that protects against XML external entity (XXE) attacks. Contrast researched this secure default configuration and found that developers should not rely..

Continue Reading >>

Contrast Labs: Blocking Spring View Manipulation Attacks

 

Continue Reading >>

WHY OBSERVABILITY IS THE NEXT BIG THING IN SECURITY

Accelerate cloud migrations with security observability across your development life cycle.

Continue Reading >>

Contrast Labs: Apache Struts CVE-2019-0230 and How to Block Attacks

Note: Special thanks to Alvaro Muñoz (https://twitter.com/pwntester) for correcting us on some very important technical facts in our original copy of this blog.

Continue Reading >>

Contrast Application Security Platform Accepted Into Department of Defense Platform One

The U.S. Department of Defense (DoD) takes cybersecurity to new levels. Platform One, a program based out of the U.S. Air Force Office of the Chief Software Officer, builds and secures technology tools across the military that are used to “guide,..

Continue Reading >>

What Role Should Social Media Play in Discovering Vulnerabilities?

New research from the Pacific Northwest National Laboratory (PNNL) Data Sciences and Analytics Group shows that 25% of vulnerabilities appear on social media before the National Vulnerability Database (NVD). And it takes an average of nearly 90..

Continue Reading >>

The Risks Associated with OSS and How to Mitigate Them

ByJoe Coletta August 11, 2020
OSS

Open source has become nearly ubiquitous with Agile and DevOps. It offers development teams the ability to quickly and easily scale their software development life cycles (SDLC). At the same time, open-source software (OSS) components can..

Continue Reading >>

Application Vulnerabilities Spike, .NET Applications Appear in the Attack Crosshairs

COVID-19 transformed businesses overnight. Suddenly, more than half of the workforce found themselves working from home and most businesses could no longer meet with customers and prospects in person. Those with mature digital strategies had a..
Continue Reading >>

How to Accurately and Continuously Identify and Remediate OSS Library Risks

 

Continue Reading >>

SUBSCRIBE TO THE BLOG