Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.


The Agony and the Ecstasy of Securing .NET Applications

Microsoft .NET applications can be just as vulnerable to attack as other apps.  As with any other development platform, developers are often focused more on business functionality than about making sure their applications protect the data with..

Continue Reading >>

Don’t Panic: Insecure Libraries Are Not the Apocalypse

The use of open source software has more than doubled from 6 billion to 13 billion component downloads per year. It’s almost impossible to imagine an application that doesn’t leverage a significant amount of open source code somewhere in the..

Continue Reading >>

Surprised Contrast is a Magic Quadrant Visionary? Good!

Contrast Security recently achieved “Visionary” placement on the 2014 Gartner Magic Quadrant for Application Security Testing. This is the second time in as many years that our award-winning AppSec solution has been on the market. To call that..

Continue Reading >>

Java Agents, Memory, and the Importance of Measuring

"How much memory do I need to add to my JVM to account for Contrast?"Man, these questions sound really simple, don't they? I could probably just say "Add 128MB!" and everyone would probably be happy.

But that's not me. We need to science this..

Continue Reading >>

ColdFusion Vulnerabilities and High-Profile Hacks

ColdFusion was hugely popular when it arrived: it had commercial support, an easy syntax for web developers, and remarkably good tooling. But existing security tooling has left those developers in a quagmire of decreasing support in a time of..

Continue Reading >>

The Ankle Biters of the Application Security World

The playing field isn't exactly level, and ankle biters (aka script kiddies and hackers) know it. While businesses and organizations are triaging their vulnerabilities and fixing them as they can, script kiddies don't need to focus on The OWASP..

Continue Reading >>

Why Static Application Security Scanners Just Can't Cut It Anymore

Static Analysis and Dynamic Analysis Tools Have Their Place To be clear: I’ve been an advocate of both dynamic vulnerability scanning (DAST) and static analysis (SAST). These technologies can be helpful when used by experts as part of an..
Continue Reading >>

Which Application Security Vulnerabilities Do I Fix First?

Not every vulnerability is a critical one. Let's face it: Not all vulnerabilities are created equal. Not every vulnerability is a major threat to national security, a financial database, or a commercial retailer's data collection on their..

Continue Reading >>

The 6 Pillars of Application Security

Once you discover a vulnerability, it instantly is super-critical information. How do you protect security vulnerabilities inside your organization? How are they stored? Who gets access? This What are people allowed to do with them? I've seen..

Continue Reading >>

Is Your AppSec Tool Truly Scalable?

Many businesses are trapped in a dilemma, a Morten's Fork – should we rely on automated tools to assure the application portfolio and overlook false positives and missed vulnerabilities? Or should we use expert consultants to get the level of..

Continue Reading >>