APPSEC OBSERVER

    The latest trends and tips in DevSecOps through instrumentation and Security Observability.

    Subscribe To Blog

    Dan Amodio, Security Researcher

    Dan grew up tinkering with computers and learning about hacking and programming, and he somehow made a career out of it. He has worked on information security issues—from application security to red teaming—with some of the largest companies across the globe. Outside work he enjoys music, games, and family time.

    Authenticated Remote Code Execution in OpenMRS

    ByDan Amodio, Security Researcher September 17, 2020

    Early in May of 2020, Contrast Labs was exploring different ways in which we could help the community or world combat the increase in attacks against medical and testing facilities. We decided quickly that doing some form of hack-a-thon on OpenMRS

    Continue Reading >>

    Contrast Labs: Apache Struts CVE-2019-0230 and How to Block Attacks

    ByDan Amodio, Security Researcher August 25, 2020

    Note: Special thanks to Alvaro Muñoz (https://twitter.com/pwntester) for correcting us on some very important technical facts in our original copy of this blog.

    Continue Reading >>

    Contrast Labs: Jenkins Maven HPI Plugin Exposes Developer Laptops

    ByDan Amodio, Security Researcher March 9, 2020

    If you are like the development team at Contrast Security and build Jenkins plugins, then you probably find value in the maven-hpi-plugin. The Jenkins Maven HPI Plugin hpi:run target initializes a local Jetty HTTP server with the current plugin..

    Continue Reading >>

    Public WiFi is actually still pretty dangerous

    ByDan Amodio, Security Researcher February 3, 2020

    I wanted to write a short response to an article EFF posted, Why Public Wi-Fi is a Lot Safer Than You Think. It's no secret transport layer security has vastly improved over the years -- so I generally agree with a lot of the points made here. For..

    Continue Reading >>

    TOPICS

    SEARCH

    SUBSCRIBE TO THE BLOG

    Subscribe to the Contrast Blog

    By subscribing to our blog you will stay on top of all the latest appsec news and devops best practices. You will also be informed of the latest Contrast product news and exciting application security events.

    Subscribe to Email Updates

    Contrast Security is the leader in modernized application security, embedding code analysis and attack prevention directly into software. Contrast’s patented deep security instrumentation completely disrupts traditional application security approaches with integrated, comprehensive security observability that delivers highly accurate assessment and continuous protection of an entire application portfolio. This eliminates the need for disruptive scanning, expensive infrastructure workloads, and specialized security experts. The Contrast Application Security Platform accelerates development cycles, improves efficiencies and cost, and enables rapid scale while protecting applications from known and unknown threats.