SECURITY INFLUENCERS BLOG

Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

July 2019 AppSec Intelligence Report: Attack Edition

July 2019 AppSec Intelligence Report: Attack Edition

Continue Reading >>

June 2019 AppSec Intelligence Report: Attack Edition

What is this report: This report summarizes Contrast Labs' analysis of real world application attack data from June 2019. It utilizes data from actual attacks that Contrast observed over the previous months and highlights the key trends found. 

Continue Reading >>

Stoked! The Creative Process of Street Skating and What Open Source Folks Can Learn From It

 “…all skateboarders speak a language of our own devising. We take simple movements and chunk them together in such a way that we form more complex ones.” Rodney Mullen

Continue Reading >>

How do teams stay afloat in an ocean of vulnerabilities? They remediate faster (3.0x FASTER!)

As a developer, working through your team's bug backlog can sometimes feel like bailing out a rowboat with only a leaky bucket. As a security leader, working through the backlog for your entire application portfolio can feel like bailing out a..

Continue Reading >>

Using Contrast to prevent the Weblogic Remote Code Execution (RCE) Deserialization Vulnerability - CVE-2019-2725

On April 17, 2019, Oracle released a Critical Patch Advisory with 254 patches. One of the vulnerabilities addressed was for CVE-2019-2725. The vulnerability associated with CVE-2019-2725 allows any anonymous attacker with internet access to submit a..

Continue Reading >>

Top 5 Challenges Securing Applications with Web Application Firewalls

Application Security teams have very few options when it comes to defending their applications in production. Specifically, they struggle to get value from their firms’ Web Application Firewall (WAF) implementations, currently their only viable..

Continue Reading >>

"BETTER" Security in 2019 - Lessons from RSA

We’ve recently wrapped up a dynamic week at RSA 2019 in San Francisco where we had over 500 visitors to our booth, executive meetings and won the Cyber Defense Magazine Award for Editor’s Choice Application Security. It’s a good time to reflect..

Continue Reading >>

Contrast Security is Fully Compatible with Amazon Corretto

Amazon recently released Corretto, a Java 8 runtime that is fully-compatible and license-compliant. Both Contrast Assess and Protect are fully compatible with Corretto – no changes are required to code or anything else for users of Amazon’s Java..

Continue Reading >>

CONTRAST LABS: March 2018 AppSec Intelligence Report

Contrast Labs' analysis of real world application security data from March 2018. We're going to change it up a bit this month by expanding our coverage to include:

  • Both known and unknown vulnerabilities in custom code
  • Both known and unknown..
Continue Reading >>

The Last Mile of Application Security & Integrated Development Environments

The Last Mile … a colloquial term that translates to: the final leg of a journey. For example, folks who take public transportation refer to the last mile as the distance between where you are dropped off at the public stop and the distance to your..

Continue Reading >>

SUBSCRIBE TO THE BLOG

Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook