APPSEC OBSERVER

    The latest trends and tips in DevSecOps through instrumentation and Security Observability.

    Subscribe To Blog

    Erik Costlow, Director of Developer Relations

    Erik Costlow was Oracle’s principal product manager for Java 8 and 9, focused on security and performance. His security expertise involves threat modeling, code analysis, and instrumentation of security sensors. He is working to broaden this approach to security with Contrast Security. Before becoming involved in technology, Erik was a circus performer who juggled fire on a three-wheel vertical unicycle.

    SolarWinds Hack Exposes Long Overdue Prioritization of Software Security

    ByErik Costlow, Director of Developer Relations December 22, 2020

    With more news emerging on the SolarWinds cyberattack, its severity and ubiquitous reach continue to expand. Many are now heralding it as the “hack of the decade.” It exposed “god access” to the perpetrators, allegedly granting access to over ..

    Continue Reading >>

    What Role Should Social Media Play in Discovering Vulnerabilities?

    ByErik Costlow, Director of Developer Relations August 13, 2020

    New research from the Pacific Northwest National Laboratory (PNNL) Data Sciences and Analytics Group shows that 25% of vulnerabilities appear on social media before the National Vulnerability Database (NVD). And it takes an average of nearly 90..

    Continue Reading >>

    Assessing API Security Risks, Plotting a Solution

    ByErik Costlow, Director of Developer Relations July 9, 2020

    Application programming interfaces (APIs) are increasingly opening paths to vulnerabilities further down in application architectures. But legacy security testing approaches and firewalls are an inefficient and ineffective approach to securing..

    Continue Reading >>

    Protect Sensitive Data, Reduce Risk, and Gain Regulatory Compliance with Embedded Data Security

    ByErik Costlow, Director of Developer Relations May 22, 2020

    Sensitive data often leaks out through applications. The privacy risk is not developer negligence, but rather misplaced trust in pre-General Data Protection Regulation (GDPR) solutions and infrastructure. Enterprises should turn to modern AppSec..

    Continue Reading >>

    Changing the AppSec Game with Security Instrumentation

    ByErik Costlow, Director of Developer Relations April 2, 2020

     

    Continue Reading >>

    Security Concerns Remain with Containers and Kubernetes Per New Report

    ByErik Costlow, Director of Developer Relations March 11, 2020

    When it comes to organizational growth and the fast pace of doing business, DevOps is a key enabler in the transformation of a company. Containers play a significant role in this evolution, helping organizations to modernize faster by making it..

    Continue Reading >>

    Coalfire PCI Compliance & Contrast Security

    ByErik Costlow, Director of Developer Relations August 5, 2019

    Contrast Assess and Protect recently went through an independent evaluation by CoalFire, a respected Payment Card Industry (PCI) and Payment Application (PA) Qualified Security Assessor Company (QSAC).

    Continue Reading >>

    Contrast Protect + WAF: A Day in the Life of a User

    ByErik Costlow, Director of Developer Relations May 30, 2019

    A Web Application Firewall can watch network data, but the architecture does not enable them to see how that data is actually used. As a result, they sound an equal alarm for all attack attempts without raising the importance for attacks that could..

    Continue Reading >>

    Contrast Security is Fully Compatible with Amazon Corretto

    ByErik Costlow, Director of Developer Relations December 6, 2018

    Amazon recently released Corretto, a Java 8 runtime that is fully-compatible and license-compliant. Both Contrast Assess and Protect are fully compatible with Corretto – no changes are required to code or anything else for users of Amazon’s Java..

    Continue Reading >>

    CVE-2018-11776 Struts2

    ByErik Costlow, Director of Developer Relations August 24, 2018

    Contrast and Struts2 CVE-2018-11776

    On August 22, a new CVE and exploit appeared for the Struts2 web application framework: Struts2 CVE-2018-11776. Struts2 CVE-2018-11776 adds to the list of older Struts/Struts2 CVEs. Like the Struts2..

    Continue Reading >>

    TOPICS

    SEARCH

    SUBSCRIBE TO THE BLOG

    Subscribe to the Contrast Blog

    By subscribing to our blog you will stay on top of all the latest appsec news and devops best practices. You will also be informed of the latest Contrast product news and exciting application security events.

    Subscribe to Email Updates

    Contrast Security is the leader in modernized application security, embedding code analysis and attack prevention directly into software. Contrast’s patented deep security instrumentation completely disrupts traditional application security approaches with integrated, comprehensive security observability that delivers highly accurate assessment and continuous protection of an entire application portfolio. This eliminates the need for disruptive scanning, expensive infrastructure workloads, and specialized security experts. The Contrast Application Security Platform accelerates development cycles, improves efficiencies and cost, and enables rapid scale while protecting applications from known and unknown threats.