SECURITY INFLUENCERS BLOG

Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

START FREE TRIAL

Legacy SAST and the Fallacy of 100% Code Coverage

In October of 2019, three months into my tenure at Contrast Security, I received a challenge question from a customer prospect in the northern Atlanta suburbs who was using a competitor’s legacy static application security testing (SAST) solution...

Continue Reading >>

Manual Application Vulnerability Management Delays Innovation While Increasing Business Risk

Traditional approaches to application security (AppSec), such as legacy static application security testing (SAST) and dynamic application security testing (DAST), lack visibility across an application’s attack surface. As they analyze lines of code..

Continue Reading >>

Accuracy in AppSec Is Critical to Reducing False Positives

According to a new report from the Neustar International Security Council (NISC), over one-quarter of security alerts fielded within organizations are false positives. Surveying senior security professionals across five European countries and the..

Continue Reading >>

Protect Sensitive Data, Reduce Risk, and Gain Regulatory Compliance with Embedded Data Security

Sensitive data often leaks out through applications. The privacy risk is not developer negligence, but rather misplaced trust in pre-General Data Protection Regulation (GDPR) solutions and infrastructure. Enterprises should turn to modern AppSec..

Continue Reading >>

Contrast Labs: Mapping Risk Profiles for Select OWASP Top 10 Vulnerabilities to Understand Their AppSec Risk

At Contrast Security, the Contrast Labs team is charged with numerous things. Part of this charter includes looking at threat intelligence and understanding the true threat landscape. This encompasses risks that different vulnerabilities may pose to..

Continue Reading >>

Emerging from the Tool Swamp to a Unified AppSec Platform

Traditional approaches to application security (AppSec) rely on a patchwork of disconnected tools and processes that add high levels of friction to the modern software development life cycle (SDLC). A unified AppSec platform provides continuous and..

Continue Reading >>

Traditional AppSec Code Halts Kill DevOps Release Cycles

In recent years, the application security (AppSec) field has not advanced as rapidly as the software development discipline. While developers are under constant pressure to push code, legacy security tools inhibit their ability to do so. Developers..

Continue Reading >>

State-of-the-Art AppSec Goes Beyond Perimeter Into Application Runtimes

When it comes to protecting running applications, traditional defenses that sit on the perimeter lack effective visibility and context to keep pace with attacks. Simply guessing as to the validity of a threat is not enough. This blog spells out five..

Continue Reading >>

Incident Response Requires a New AppSec Model

Incident response found its way into our technological vernacular back in 1988 when the first internet worm—dubbed “The Morris Worm”—was released. In response, the Computer Emergency Response Team/ Coordination Center (CERT/CC) by DARPA was formed.

Continue Reading >>

What Vulnerabilities and Attacks Matter? Insights from Contrast Labs’ AppSec Intelligence Report

The threat landscape is constantly evolving, growing in sophistication as well as volume and velocity. This presents serious challenges for organizations of all sizes and industry sectors. Software applications are a top target when it comes to..

Continue Reading >>

SUBSCRIBE TO THE BLOG