SECURITY INFLUENCERS BLOG

Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

START FREE TRIAL

Stoked! The Creative Process of Street Skating and What Open Source Folks Can Learn From It

 “…all skateboarders speak a language of our own devising. We take simple movements and chunk them together in such a way that we form more complex ones.” Rodney Mullen

Continue Reading >>

Contrast Protect + WAF: A Day in the Life of a User

A Web Application Firewall can watch network data, but the architecture does not enable them to see how that data is actually used. As a result, they sound an equal alarm for all attack attempts without raising the importance for attacks that could..

Continue Reading >>

Contrast Security Honored as a Silver Stevie® Award Winner in the 2019 American Business Awards® for Best Business Technology Software - DevOps Solution

We are proud to announce that Contrast Security has been named a Silver Stevie Award winner for Best Business Technology Software - DevOps Solution in the 17th annual American Business Awards.

Continue Reading >>

How do teams stay afloat in an ocean of vulnerabilities? They remediate faster (3.0x FASTER!)

As a developer, working through your team's bug backlog can sometimes feel like bailing out a rowboat with only a leaky bucket. As a security leader, working through the backlog for your entire application portfolio can feel like bailing out a..

Continue Reading >>

Using Contrast to prevent the Weblogic Remote Code Execution (RCE) Deserialization Vulnerability - CVE-2019-2725

On April 17, 2019, Oracle released a Critical Patch Advisory with 254 patches. One of the vulnerabilities addressed was for CVE-2019-2725. The vulnerability associated with CVE-2019-2725 allows any anonymous attacker with internet access to submit a..

Continue Reading >>

SAST, DAST, and IAST: Why the difference matters

Quick Review Of Application Security Testing

When I attend social functions with friends, people often ask what I do. I'm never quite sure where to start. "I run a small tech company that helps Java applications run more securely" is probably..

Continue Reading >>

Privilege Escalation in Popular Blogging Platform

Ghost is a popular open source blogging platform written in Node.js. It is downloaded around 8,500 times a week according to npm.

Continue Reading >>

Contrast Security Recognized as the only "Visionary" in the Gartner Magic Quadrant for Application Security Testing for 2019

Gartner just released its new Magic Quadrant (MQ) for Application Security Testing (AST) for 2019. Gartner evaluates companies based on “Completeness of Vision” and “Ability to Execute” criteria and determines how vendors are positioned within the..

Continue Reading >>

3 Key Takeaways from Locomocosec

I had the pleasure of attending this year’s Locomocosec on the beautiful island of Kaua’i. The conference was in its second year and was a 3-day single-track conference focused primarily on product security. There was a perfect mix of companies..

Continue Reading >>

Using Contrast to Prevent Bootstrap-sass RubyGem Remote Code Execution (RCE)

On March 26, 2019, malicious attackers uploaded a vulnerable version, 3.2.0.3, of the widely used bootstrap-sass Ruby gem. This gem has been downloaded an astonishing number of times - exactly 27,991,888 times, according to RubyGems. User dgb posted..
Continue Reading >>

SUBSCRIBE TO THE BLOG