SECURITY INFLUENCERS BLOG

Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

START FREE TRIAL

Remote Code Execution Deserialization Vulnerability Blocked by Contrast

On May 20, 2020, the National Vulnerability Database (NVD) published a new CVE—CVE-2020-9484. The vulnerability associated with CVE-2020-9484 allows any anonymous attacker with internet access to submit a malicious request to a Tomcat Server that..

Continue Reading >>

Open-Source Python Salt CVEs and the Cisco Server Breach

Hackers recently exploited two critical vulnerabilities (CVEs) in SaltStack’s "Salt" management framework in order to compromise a handful of servers at Cisco. As defined by the National Vulnerability Database (NVD), the specific CVEs in question..

Continue Reading >>

Legacy SAST and the Fallacy of 100% Code Coverage

In October of 2019, three months into my tenure at Contrast Security, I received a challenge question from a customer prospect in the northern Atlanta suburbs who was using a competitor’s legacy static application security testing (SAST)..

Continue Reading >>

Manual Application Vulnerability Management Delays Innovation While Increasing Business Risk

Traditional approaches to application security (AppSec), such as legacy static application security testing (SAST) and dynamic application security testing (DAST), lack visibility across an application’s attack surface. As they analyze lines of..

Continue Reading >>

Contrast Security Further Expands Industry’s Broadest IAST Language Support with the Addition of Python

Python is one of the most widely used languages for web application development today. It’s a dynamic language that is equipped with built-in data structures—which makes it attractive for rapid application development as well as a scripting..

Continue Reading >>

Accuracy in AppSec Is Critical to Reducing False Positives

According to a new report from the Neustar International Security Council (NISC), over one-quarter of security alerts fielded within organizations are false positives. Surveying senior security professionals across five European countries and the..

Continue Reading >>

Protect Sensitive Data, Reduce Risk, and Gain Regulatory Compliance with Embedded Data Security

Sensitive data often leaks out through applications. The privacy risk is not developer negligence, but rather misplaced trust in pre-General Data Protection Regulation (GDPR) solutions and infrastructure. Enterprises should turn to modern AppSec..

Continue Reading >>

43% of Data Breaches Connected to Application Vulnerabilities: Assessing the AppSec Implications

ByPatrick Spencer May 20, 2020

Web applications are a growing focus point for cyber criminals. Motivated by financial outcomes, they understand the value of the information exchanged and stored in web applications. The 2020 Verizon Data Breach Investigations Report (DBIR)..

Continue Reading >>

Contrast Labs: Mapping Risk Profiles for Select OWASP Top 10 Vulnerabilities to Understand Their AppSec Risk

At Contrast Security, the Contrast Labs team is charged with numerous things. Part of this charter includes looking at threat intelligence and understanding the true threat landscape. This encompasses risks that different vulnerabilities may pose..

Continue Reading >>

Emerging from the Tool Swamp to a Unified AppSec Platform

Traditional approaches to application security (AppSec) rely on a patchwork of disconnected tools and processes that add high levels of friction to the modern software development life cycle (SDLC). A unified AppSec platform provides continuous..

Continue Reading >>

SUBSCRIBE TO THE BLOG