Arshan Dabirsiaghi, Co-Founder, Chief Scientist

Arshan is an accomplished security researcher with 10+ years of experience advising large organizations about application security. Arshan has released popular application security tools, including AntiSamy and JavaSnoop.

Subscribe to Blog

Topics

16 December 2021

Log4Shell By The Numbers

We monitor many thousands of applications with Contrast Assess (IAST), Contrast SCA, and Contrast Protect (RASP) so we..

14 December 2021

WAF, RASP and Log4Shell

Log4Shell has done an excellent job of making the case for Runtime Application Self-Protection (RASP). Here’s the quick..

20 September 2021

IAST Is the Only Way to Accurately Detect SSRF

With server-side request forgery (SSRF) becoming a more important bug class in the era of microservices, I wanted to..

1 September 2021

Modern Problems: Traditional Security Scanning Wasn’t Built for Today’s Pipelines

Over the past 20 years, source-code scanning using static analysis has been a principal method for testing the security..

8 October 2019

Pulling Back the Curtain On: Zip File Overwrites

Zip file overwrites are a cool but rare vulnerability that can occur on apps that work with user-supplied zip files...

5 September 2019

Pulling Back the Curtain on RASP

If you set out to build a new WAF today (which, believe it or not, people are still doing), everyone would have some..

13 September 2017

Struts 2, Equifax and You

It's hard to overstate what's happening here. The FBI, New York and Massachusetts Attorneys General, and Congress are..

7 September 2017

VULNERABILITY ALERT: CVE-2017-9805 – Struts S2-052 Exploit Released, Protection Offered

On Tuesday, September 5, 2017, a critical new Remote Code Execution (RCE) vulnerability was disclosed against all..

10 March 2017

CVE-2017-5638 – Struts 2 S2-045 Exploit Released – Protection Offered

On March 6, a new remote code execution vulnerability was disclosed1 against Struts 2 (2.3.5-2.3.31 and 2.5-2.5.10.)..

1 2 3 Next

BY USE CASE

BY DEPARTMENT

BY INDUSTRY

GITHUB ACTIONS BLOG SERIES, PART 1: PIPELINE NATIVE CODE ANALYSIS

"Contrast speeds up the delivery pipeline – we fix issues earlier in the development lifecycle. Great for any company trying to achieve a DevSecOps approach to application security.”

Contrast Incident Response Hub

Arshan Dabirsiaghi, Co-Founder, Chief Scientist

Log4Shell By The Numbers

WAF, RASP and Log4Shell

IAST Is the Only Way to Accurately Detect SSRF

Modern Problems: Traditional Security Scanning Wasn’t Built for Today’s Pipelines

Pulling Back the Curtain On: Zip File Overwrites

Pulling Back the Curtain on RASP

Struts 2, Equifax and You

VULNERABILITY ALERT: CVE-2017-9805 – Struts S2-052 Exploit Released, Protection Offered

CVE-2017-5638 – Struts 2 S2-045 Exploit Released – Protection Offered

BY USE CASE

BY DEPARTMENT

BY INDUSTRY

GITHUB ACTIONS BLOG SERIES, PART 1: PIPELINE NATIVE CODE ANALYSIS

"Contrast speeds up the delivery pipeline – we fix issues earlier in the development lifecycle. Great for any company trying to achieve a DevSecOps approach to application security.”

Contrast Incident Response Hub

Arshan Dabirsiaghi, Co-Founder, Chief Scientist

Subscribe to the Blog

Log4Shell By The Numbers

WAF, RASP and Log4Shell

IAST Is the Only Way to Accurately Detect SSRF

Modern Problems: Traditional Security Scanning Wasn’t Built for Today’s Pipelines

Pulling Back the Curtain On: Zip File Overwrites

Pulling Back the Curtain on RASP

Struts 2, Equifax and You

VULNERABILITY ALERT: CVE-2017-9805 – Struts S2-052 Exploit Released, Protection Offered

CVE-2017-5638 – Struts 2 S2-045 Exploit Released – Protection Offered

Subscribe to the Contrast Blog