SECURITY INFLUENCERS BLOG

Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

START FREE TRIAL

3 Key Takeaways from Locomocosec

I had the pleasure of attending this year’s Locomocosec on the beautiful island of Kaua’i. The conference was in its second year and was a 3-day single-track conference focused primarily on product security. There was a perfect mix of companies..

Continue Reading >>

Using Contrast to Prevent Bootstrap-sass RubyGem Remote Code Execution (RCE)

On March 26, 2019, malicious attackers uploaded a vulnerable version, 3.2.0.3, of the widely used bootstrap-sass Ruby gem. This gem has been downloaded an astonishing number of times - exactly 27,991,888 times, according to RubyGems. User dgb posted..
Continue Reading >>

Top 5 Challenges Securing Applications with Web Application Firewalls

Application Security teams have very few options when it comes to defending their applications in production. Specifically, they struggle to get value from their firms’ Web Application Firewall (WAF) implementations, currently their only viable..

Continue Reading >>

Cyber Defense Magazine InfoSec Awards Honors Contrast Security as Editor's Choice in Application Security

We are excited to announce that at RSA last week, Cyber Defense Magazine InfoSec Awards honored Contrast Security as a winner for 2019 Editor’s Choice in Application Security! We are thrilled to receive this honor on the heels of our recent $65..

Continue Reading >>

"BETTER" Security in 2019 - Lessons from RSA

We’ve recently wrapped up a dynamic week at RSA 2019 in San Francisco where we had over 500 visitors to our booth, executive meetings and won the Cyber Defense Magazine Award for Editor’s Choice Application Security. It’s a good time to reflect..

Continue Reading >>

7 advantages of Interactive Application Security Testing (IAST)

Interactive Application Security Testing (IAST) works in fundamentally different ways than static or dynamic tools using instrumentation technology. IAST leverages information from inside the running application, including runtime requests, data..

Continue Reading >>

Contrast Security Named Winner in the 15th Annual Info Security PG's 2019 Global Excellence Awards®

We are pleased to announce that Info Security Products Guide, the industry's leading information security research and advisory guide, has named Contrast Security a winner in the 15th Annual 2019 Info Security PG’s Global Excellence Awards® in..

Continue Reading >>

Contrast Security is Fully Compatible with Amazon Corretto

Amazon recently released Corretto, a Java 8 runtime that is fully-compatible and license-compliant. Both Contrast Assess and Protect are fully compatible with Corretto – no changes are required to code or anything else for users of Amazon’s Java..

Continue Reading >>

Contrast Security and In-Q-Tel Strategic Partnership & Development Agreement: Bolstering Cybersecurity with Continuous Application Security at Scale

ByAlan Naumann September 6, 2018
Continue Reading >>

CVE-2018-11776 Struts2

Contrast and Struts2 CVE-2018-11776

On August 22, a new CVE and exploit appeared for the Struts2 web application framework: Struts2 CVE-2018-11776. Struts2 CVE-2018-11776 adds to the list of older Struts/Struts2 CVEs. Like the Struts2..

Continue Reading >>

SUBSCRIBE TO THE BLOG

Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook