Skip to content

Arshan Dabirsiaghi, Co-Founder, Chief Scientist

Arshan is an accomplished security researcher with 10+ years of experience advising large organizations about application security. Arshan has released popular application security tools, including AntiSamy and JavaSnoop.

Subscribe Now
    Topics
    BlogFailuretoLognch1116.png

    Failure to Lognch

    I had to fight tooth and nail to get this blog title -- I hope it made you shoot air out of your nose with a little..

    Library-Security-1.jpg

    How Can Devs Keep Up with the Library Security Devil?

    So, you don’t have the budget to buy Contrast, but you want your developers to be on top of the security of your open..

    IAST & the Villainous Library Named

    IAST & the Villainous Library Named "commons-httpclient-3.1.jar"

    Let’s talk about commons-httpclient-3.1.jar. I get asked about this library all the time. It’s an HTTP communication..

    The Client Is Not Always Right!

    The Client Is Not Always Right!

    J’accuse! I often get the question, “How well does your product handle iOS?” I’d like to explain why I think this..

    Serialization Must Die: Act 2: XStream (Jenkins CVE-2016-0792)

    Serialization Must Die: Act 2: XStream (Jenkins CVE-2016-0792)

    NOTE: Before you begin reading, you may want to visit the first article in this series: Serialization Must Die: Act 1:..

    Serialization Must Die: Act 1: Kryo

    Serialization Must Die: Act 1: Kryo

    When @frohoff, @gebl and @breenmachine all combined to melt Java security (in what I’m hereafter conflating under the..

    Third-Party Software Library and Airbag Grenades

    Third-Party Software Library and Airbag Grenades

    Recently Contrast Security ran some analysis of our customers’ 3rd party software usage, which is a huge security blind..

    A New, Open Source Tool Proves: Even After Patching, Deserializing Will Still Kill You

    A New, Open Source Tool Proves: Even After Patching, Deserializing Will Still Kill You

    With all the talk about Java serialization vulnerabilities, I thought I'd share a new, open source tool I built for you..

    Java Agents, Memory, and the Importance of Measuring

    Java Agents, Memory, and the Importance of Measuring

    "How much memory do I need to add to my JVM to account for Contrast?" Man, these questions sound really simple, don't..

    Prev 1 2 3 Next