APPSEC OBSERVER

The latest trends and tips in DevSecOps through instrumentation and Security Observability.

Subscribe To Blog

Contrast Labs: Apache Struts CVE-2020-17530

On December 8, 2020, Apache published a security bulletin providing details for CVE-2020-17530, a forced double Object-Graph Navigation Language (OGNL) evaluation vulnerability in Apache Struts 2.0.0 to 2.5.25 that provides attackers arbitrary..

Continue Reading >>

95% of Organizations Admit To at Least One Successful Application Exploit in Past Year

ByPatrick Spencer December 15, 2020

Findings and Insights from Contrast Security’s 2020 State of DevSecOps Report

Continue Reading >>

Application Security Risks Remain Elevated

Highlights From Contrast Security's Bimonthly Application Security Intelligence Report

The saying that “every company is a software company” has never been more apropos. With the onset of COVID-19, we have witnessed an acceleration in the digital..

Continue Reading >>

Contrast’s Cloud Native Security Innovation Center Secures Next-generation Cloud Application Architecture

In a recent report, Accenture notes that “organizations are finding that they have hit a wall when it comes to delivering new kinds of value and innovation from their existing cloud strategies.” The report indicates that the “lift and shift”..

Continue Reading >>

Contrast Security’s Approach to SCA Enables Vulnerability Prioritization and Faster Remediation

ByJoe Coletta November 11, 2020

Open Source Is a Mainstay in Modern Development

It goes without saying that modern applications are rarely built from scratch today. Open-source software (OSS) communities are well-organized and licensing is usually pretty clear. Thus, when..

Continue Reading >>

Eating Our Own Cooking at Contrast: Securing and Protecting TeamServer

It’s very rare that one has an opportunity to experience the development of a major software solution from the ground up and use that very product to secure and protect it at the same time. This is precisely what we’ve been able to do at Contrast..

Continue Reading >>

Contrast Receives 4.8/5.0 in 2020 Gartner Peer Insights ‘Voice of the Customer’: AST Customers’ Choice

Technology companies that fail at delivering unparalleled customer experiences and demonstrating business value simply cannot survive in today’s digital era. Too often, there is a significant gap between what products are capable of doing and..

Continue Reading >>

85% of Developers in the Technology Industry Deploy Daily, Yet 8 in 10 Aren’t Going Fast Enough

ByPatrick Spencer October 12, 2020

Organizations aspire to reach perfection and often look to emulate best practices of peer organizations to do so. When it comes to software development, global technology leaders like Google, Amazon, Uber, Apple, and others immediately come to..

Continue Reading >>

Authenticated Remote Code Execution in OpenMRS

Early in May of 2020, Contrast Labs was exploring different ways in which we could help the community or world combat the increase in attacks against medical and testing facilities. We decided quickly that doing some form of hack-a-thon on OpenMRS

Continue Reading >>

XML External Entity (XXE) Pitfalls With JAXB

The Java XML Binding (JAXB) runtime that ships with OpenJDK 1.8 uses a default configuration that protects against XML external entity (XXE) attacks. Contrast researched this secure default configuration and found that developers should not rely..

Continue Reading >>

SUBSCRIBE TO THE BLOG