Skip to content

Cybersecurity Insights with Contrast CISO David Lindner | 10/21

    
Cybersecurity Insights with Contrast CISO David Lindner | 10/21

Insight #1

"Contrast Labs has been monitoring the new CVE, Apache Commons Text interpolation CVE-2022-42889. While there was some initial concern from the industry that it is at the caliber of log4shell, the reality is that it is not nearly as widespread or exploitable. The class/method involved in this vulnerability is rarely used and a quick GitHub search shows very few open-source programs using the vulnerable method, and most that are, are not parsing user-controlled input. From what we’ve seen so far, this CVE seems more like a developer adding a backdoor, more than anything. I’m not as concerned that this will amount to much, as it's not like log4j where an application is gathering user-controlled input and logging it, which could result in exploiting
the log4shell vulnerability. We found Contrast Protect blocks the attack."
 

Insight #2

"Gartner recently released research stating that not one single tool protects app security. I would say this is true, but I would also agree with Gartner that consolidation is key and the more one tool can do, the more data you have to understand your risk profile."
 

Insight #3

"Creating strong passwords helps prevent brute force attacks against your passwords. The best way to create a strong password is to use a password manager and let it set the password for you."
 
David Lindner, Chief Information Security Officer

David Lindner, Chief Information Security Officer

David is an experienced application security professional with over 20 years in cybersecurity. In addition to serving as the chief information security officer, David leads the Contrast Labs team that is focused on analyzing threat intelligence to help enterprise clients develop more proactive approaches to their application security programs. Throughout his career, David has worked within multiple disciplines in the security field—from application development, to network architecture design and support, to IT security and consulting, to security training, to application security. Over the past decade, David has specialized in all things related to mobile applications and securing them. He has worked with many clients across industry sectors, including financial, government, automobile, healthcare, and retail. David is an active participant in numerous bug bounty programs.