APPSEC OBSERVER

The latest trends and tips in DevSecOps through instrumentation and Security Observability.

Subscribe To Blog

When Legacy Application Security Becomes Your “Mr. Hyde”

Agile and DevOps are critical linchpins in digital transformation. Agile focuses on the development life cycle of modern software development life cycle (SDLC), whereas DevOps spans across development, testing, and operations life cycles...

Continue Reading >>

AppSec Becomes A Priority For New CISOs/CSOs: Recommendations For The First 100 Days

With digital transformation as a top concern for many organizations today, application security (AppSec) is more important than ever for CISOs/CSOs. Newly hired leaders must account for AppSec from the very start, and should assemble a..

Continue Reading >>

Assessing API Security Risks, Plotting a Solution

Application programming interfaces (APIs) are increasingly opening paths to vulnerabilities further down in application architectures. But legacy security testing approaches and firewalls are an inefficient and ineffective approach to securing..

Continue Reading >>

Priorities in Agile Lead to Software Observability in Annual Agile Report

It has been nearly 20 years since a group of 17 software developers conceived the “Manifesto for Agile Software Development.” Frustrated by a development methodology that followed a set path—with long development cycles before a final product was..

Continue Reading >>

Mitigating the Risks of Open-source Software in DevOps

ByJoe Coletta June 25, 2020
OSS

Speed matters when it comes to developing and releasing a new software title—nearly two-thirds of software companies report a development backlog. So, it should come as no surprise to hear that developers have been increasingly relying on..

Continue Reading >>

Getting Started with Contrast Security Community Edition for Java

Traditional code scanning tools for application security (AppSec) bog down DevOps workflows and suffer from major accuracy problems—false positive alerts that must be triaged as well as false negatives that let unknown threats slip past defenses...

Continue Reading >>

Application Security Testing (AST) Tools After Hours

Do you ever wonder how effective application security (AppSec) testing really is? Or which approach is best? Understanding the differences between static, dynamic, and interactive testing can be challenging. A simple way to explain the..

Continue Reading >>

Digital Transformation Moves Application Security to the Top CISO/CSO Priority

Application security plays a critical role in enabling digital transformation. COVID-19 compressed initiatives that would have played out over the past several years into the time frame of a couple months, and digital initiatives are now a top..

Continue Reading >>

Remote Code Execution Deserialization Vulnerability Blocked by Contrast

On May 20, 2020, the National Vulnerability Database (NVD) published a new CVE—CVE-2020-9484. The vulnerability associated with CVE-2020-9484 allows any anonymous attacker with internet access to submit a malicious request to a Tomcat Server that..

Continue Reading >>

Open-Source Python Salt CVEs and the Cisco Server Breach

Hackers recently exploited two critical vulnerabilities (CVEs) in SaltStack’s "Salt" management framework in order to compromise a handful of servers at Cisco. As defined by the National Vulnerability Database (NVD), the specific CVEs in question..

Continue Reading >>

SUBSCRIBE TO THE BLOG