Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.


Is Your AppSec Tool Truly Scalable?

Many businesses are trapped in a dilemma, a Morten's Fork – should we rely on automated tools to assure the application portfolio and overlook false positives and missed vulnerabilities? Or should we use expert consultants to get the level of..

Continue Reading >>

The OWASP Top Ten and Beyond

The past decade shows only trivial progress in improving web app security, according to new vulnerability guidelines in the OWASP Top Ten 2013.

Continue Reading >>

Application Security: Faster, Cleaner, Smarter.

Our release notes are all always available, but I wanted to highlight the progress we've made since the end of last year on making a faster, cleaner, smarter vulnerability detection agent. Our goal is to be entirely invisible, continuously on,..

Continue Reading >>

Went To AppSec California 2014. Tried Contrast. Here's My Story.

We receive "fan" mail from many of our clients, and lots of people who watch a demo are impressed. But when Steve Rosonina, CTO of Accumulus Labs, sent us a review with his story, we had to put it up for the world to see. Without further ado,..

Continue Reading >>

Libraries & Application Security, Part 3: Unused Libraries

This is the third blog posting in a series about vulnerable libraries. Click here for part one on known vulnerabilities inside libraries. Click here for part two on unknown vulnerabilities inside libraries. 

Most applications use only a very..

Continue Reading >>

Libraries & Application Security, Part 2: Unknown Vulnerabilities

This is part two in a three-part series on vulnerable libraries. Click here to read part one where we discuss known vulnerabilities inside libraries.

Vulnerabilities that haven't been uncovered yet are what most developers and security..

Continue Reading >>

Libraries & Application Security, Part 1: Known Vulnerabilities

We're a fan of using open-source frameworks and libraries. It makes sense. It saves time and money when you don't have to write already existing code, especially for universal features or basic functions. It lets developers focus on application..

Continue Reading >>

What Healthcare Can Teach Us About Application Security

The Centers for Disease Control protects people from health threats and increases the health security of our nation. It's a mission that's not so different from InfoSec.

**A version of this posting first appeared in Dark Reading

January 15,..

Continue Reading >>

The Dirty Little Secret Everyone in Application Security Knows But Few Actually Talk About: Until You Actually Fix Your Code, You're Not Actually More Secure

Here's the dirty little secret everybody in application security knows but few are willing to say out loud: Until you actually fix your code, you haven't actually improved your application security.

It sounds like a no-brainer. Really it does...

Continue Reading >>

Using Instrumentation to Find Web Application Vulnerabilities

Since the advent of static analysis tools around the year 2002, there hasn't been much innovation in the automation space in application security.  Contrast represents a completely new approach to finding vulnerabilities and much more. Gartner..

Continue Reading >>