APPSEC OBSERVER

The latest trends and tips in DevSecOps through instrumentation and Security Observability.

Subscribe To Blog

Contrast Blocked Confluence CVE Attacks—Even Before the Patch

On August 25, Atlassian released security updates to address a remote code execution vulnerability (CVE-2021-26084) affecting some versions of Confluence’s team collaboration server software. As of September 3, mass exploitation of the CVE was..

Continue Reading >>

THE FORTHCOMING 2021 OWASP TOP TEN SHOWS THAT THREAT MODELING IS NO LONGER OPTIONAL

In 2003, two years after the organization was founded, the Open Web Application Security Project (OWASP) published the first OWASP Top Ten—an attempt to raise awareness about the biggest application security risks that organizations face.

Continue Reading >>

Modern Problems: Traditional Security Scanning Wasn’t Built for Today’s Pipelines

Over the past 20 years, source-code scanning using static analysis has been a principal method for testing the security of software in development. This includes many of the same static application security testing (SAST) tools that are still in..

Continue Reading >>

Contrast Meets Kenna: Teaming Up To Manage Vulnerabilities

A new joint solution from Contrast Security and Kenna Security enables organizations to manage vulnerabilities in one location with fewer false positives to simplify application security programs on both custom and third-party code.

Continue Reading >>

MUST-FIX VULNERABILITIES PER APPLICATION JUMP IN MAY–JUNE

High-profile, damaging cyberattacks continued unabated in May and June of this year. Many American consumers felt the impact of ransomware attacks on Colonial Pipeline and JBS USA—especially those on the East Coast. Both incidents caused..

Continue Reading >>

How To Start DevSecOps Within the Public Cloud—a Technical Guide

ByMark Tomcza August 11, 2021

Setting the Stage: Application Security for Containerized Applications in AWS

Organizations everywhere are either moving to or are already operating in some capacity within the public cloud. Digital transformation and cloud journey are just two..

Continue Reading >>

CONTRAST APPLICATION SECURITY PLATFORM CUTS VULNERABILITY ESCAPE RATE (VER) FROM 12 TO 1 IN A YEAR

Application Security Observability Report Shows Developers Write More Secure Code the More They Use the Contrast Platform

One way that organizations can speed their development cycles while improving the security of their applications is for..

Continue Reading >>

CONTRAST CUSTOMERS HIT REMEDIATION MILESTONE NEARLY 29X FASTER THAN TRADITIONAL APPROACHES

Application Security Observability Report Finds Median Time To Remediate Is 3 Days Versus 86 Days

Security debt—the backlog of known and unresolved vulnerabilities in an organization’s applications—is a real burden on organizations when it gets..

Continue Reading >>

TELEMETRY SHOWS THAT CUSTOM CODE MAKES UP 78% OF ACTIVE CODE

ByPatrick Spencer August 4, 2021

Application Security Observability Report Finds that 74% of Code In An Application Is Never Invoked

Digital transformation as a business trend has been accelerating for a decade or more. Organizations have steadily launched digital tools to..

Continue Reading >>

Extending Protection With Azure Sentinel

ByDavid Archer August 3, 2021

Applications are perpetually accosted by hackers intent on doing harm to your business. They'll dig and look under the covers for any exploitable entry point they can find. At the same time, development teams struggle to deal with a backlog of..

Continue Reading >>

SUBSCRIBE TO THE BLOG