Skip to content

AppSec Observer

The latest trends and tips in DevSecOps through instrumentation and security observability. Learn about real-world insight and “in-the-trenches” experiences on topics ranging from application and information security to DevOps and risk management.

Subscribe to Blog
Three Reasons Why Contrast SCA Is Best Suited for Log4Shell Rapid Response

Three Reasons Why Contrast SCA Is Best Suited for Log4Shell Rapid Response

With Log4j being such a ubiquitous library embedded in tens of millions applications across the Java ecosystem, it’s..

[Upgrade to 2.17] Updated Guidance on Addressing Log4J CVEs

[Upgrade to 2.17] Updated Guidance on Addressing Log4J CVEs

This morning, the Apache Software Foundation provided another update to log4j (version 2.17.0) to address a new..

Contrast Security Protects Serverless applications from Log4j Attacks

Contrast Security Protects Serverless applications from Log4j Attacks

The Log4j flaw (also now known as "Log4Shell"), is a zero-day vulnerability (CVE-2021-44228) that came to light on..

Log4Shell By The Numbers

Log4Shell By The Numbers

We monitor many thousands of applications with Contrast Assess (IAST), Contrast SCA, and Contrast Protect (RASP) so we..

Updated Guidance on Addressing Log4J CVEs

Updated Guidance on Addressing Log4J CVEs

The information below is no longer current against the evolving security landscape. See [updated guidance] again on..

Instantly Inoculate Your Servers Against Log4J With New Open Source Tool

Instantly Inoculate Your Servers Against Log4J With New Open Source Tool

Contrast is releasing SafeLog4j, a free and open-source, general purpose tool that can detect/verify vulnerable log4j..

WAF, RASP and Log4Shell

WAF, RASP and Log4Shell

Log4Shell has done an excellent job of making the case for Runtime Application Self-Protection (RASP). Here’s the quick..

Scaling to Scala

Scaling to Scala

Scala developers ship quickly, using the power of a scalable language as their ideas move from concept to prototype and..

Contrast SECURITY VULNERABILITY DETECTION vs the Log4J2 CVE - A demonstration

Contrast SECURITY VULNERABILITY DETECTION vs the Log4J2 CVE - A demonstration

This week, Contrast Security proved that we could detect the Log4j2 vulnerability that caused CVE-2021-44228 and stop..