SECURITY INFLUENCERS BLOG

Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

START FREE TRIAL

It’s Still Flu Season: Get a Flu Shot! Masks Won’t Help — Same Goes for AppSec — Read a WAF Comparison

Come flu season, you have two options – cover your face with a mask and hope you don’t catch anything. Or, do the responsible thing: get a flu shot and protect your entire body and immune system from within. For your software applications, it’s..

Continue Reading >>

What is OWASP, and Why it Matters for AppSec

Vulnerability research conducted by Contrast Labs was referenced in an article "What is OWASP and Why it Matters for AppSec." The Network World article, written by Michelle Drolet, discusses OWASP and why it proves the need for modern,..

Continue Reading >>

The 3 disadvantages of using WAF Network Security

It is time… time to ditch traditional approaches to the way we have managed application security. Specifically, it’s time to ditch your Web Application Firewalls (WAFs). Ten to fifteen years ago, WAF network security revolutionized the way we..

Continue Reading >>

Automating Application Security in Modern Software Projects

Today, it seems like every organization has become a software company.

The increasing dependence on automation demands that software survive and thrive despite an increasingly hostile environment.

Insecure code has become the leading security..

Continue Reading >>

The 4 Dimensions of a sound Application Security Strategy

For many application security vendors, "coverage" is the third rail — but it's a critical part of your application security strategy... maybe the most critical.

If you're a CISO, appsec program manager, or anyone else charged with creating an..

Continue Reading >>

Integrations Make Managing AppSec Even Easier!

At Contrast Security, we believe that application security should be pervasive and transparent.  Application security should work within the application development lifecycle instead of modifying it to fit the way the AppSec tool works.  To that..

Continue Reading >>

Can Openness in the US Government Lead to Better Application Security?

On Tuesday morning, ZDNet reported that U.S. government has published a new federal policy that aims to encourage more agencies to open-source custom code they’ve developed.

Continue Reading >>

With Only a Hammer, Everything Looks Like a Security Vulnerability!

Did you know that most security vulnerabilities are simply the result of failing to use the right security control in the right place?

Continue Reading >>

The True Cost of "False Positives" in Application Security

Remember the story of the boy who cried wolf?  His pranks were "false alarms" - defined as "a mistaken or intentionally misleading alert that something is wrong and needs attention."  False alarms from application security tools are certainly..

Continue Reading >>

Security Fail in Pokémon Go

 
As you may have heard, some Pokémon Go players may have given the game’s developers access to everything on their Google account – including documents, photos, email messages, search history and items stored their cloud.
Continue Reading >>

SUBSCRIBE TO THE BLOG

Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook