The latest trends and tips in DevSecOps through instrumentation and Security Observability.

Subscribe To Blog

Dan Amodio, Security Researcher

Dan grew up tinkering with computers and learning about hacking and programming, and he somehow made a career out of it. He has worked on information security issues—from application security to red teaming—with some of the largest companies across the globe. Outside work he enjoys music, games, and family time.

Authenticated Remote Code Execution in OpenMRS

Early in May of 2020, Contrast Labs was exploring different ways in which we could help the community or world combat the increase in attacks against medical and testing facilities. We decided quickly that doing some form of hack-a-thon on OpenMRS

Continue Reading >>

Contrast Labs: Apache Struts CVE-2019-0230 and How to Block Attacks

Note: Special thanks to Alvaro Muñoz ( for correcting us on some very important technical facts in our original copy of this blog.

Continue Reading >>

Contrast Labs: Jenkins Maven HPI Plugin Exposes Developer Laptops

If you are like the development team at Contrast Security and build Jenkins plugins, then you probably find value in the maven-hpi-plugin. The Jenkins Maven HPI Plugin hpi:run target initializes a local Jetty HTTP server with the current plugin..

Continue Reading >>

Public WiFi is actually still pretty dangerous

I wanted to write a short response to an article EFF posted, Why Public Wi-Fi is a Lot Safer Than You Think. It's no secret transport layer security has vastly improved over the years -- so I generally agree with a lot of the points made here. For..

Continue Reading >>