Skip to content

Arshan Dabirsiaghi, Co-Founder, Chief Scientist

Arshan is an accomplished security researcher with 10+ years of experience advising large organizations about application security. Arshan has released popular application security tools, including AntiSamy and JavaSnoop.

Subscribe Now
    Topics
    Log4Shell By The Numbers

    Log4Shell By The Numbers

    We monitor many thousands of applications with Contrast Assess (IAST), Contrast SCA, and Contrast Protect (RASP) so we..

    WAF, RASP and Log4Shell

    WAF, RASP and Log4Shell

    Log4Shell has done an excellent job of making the case for Runtime Application Self-Protection (RASP). Here’s the quick..

    IAST Is the Only Way to Accurately Detect SSRF

    IAST Is the Only Way to Accurately Detect SSRF

    With server-side request forgery (SSRF) becoming a more important bug class in the era of microservices, I wanted to..

    Modern Problems: Traditional Security Scanning Wasn’t Built for Today’s Pipelines

    Modern Problems: Traditional Security Scanning Wasn’t Built for Today’s Pipelines

    Over the past 20 years, source-code scanning using static analysis has been a principal method for testing the security..

    process-zip-files

    Pulling Back the Curtain On: Zip File Overwrites

    Zip file overwrites are a cool but rare vulnerability that can occur on apps that work with user-supplied zip files...

    signature-binary

    Pulling Back the Curtain on RASP

    If you set out to build a new WAF today (which, believe it or not, people are still doing), everyone would have some..

    EQUIFAX-struts-webinar0917.png

    Struts 2, Equifax and You

    It's hard to overstate what's happening here. The FBI, New York and Massachusetts Attorneys General, and Congress are..

    VULNERABILITY ALERT: CVE-2017-9805 – Struts S2-052 Exploit Released, Protection Offered

    VULNERABILITY ALERT: CVE-2017-9805 – Struts S2-052 Exploit Released, Protection Offered

    On Tuesday, September 5, 2017, a critical new Remote Code Execution (RCE) vulnerability was disclosed against all..

    CVE-2017-5638 – Struts 2 S2-045 Exploit Released – Protection Offered

    On March 6, a new remote code execution vulnerability was disclosed1 against Struts 2 (2.3.5-2.3.31 and 2.5-2.5.10.)..