The latest trends and tips in DevSecOps through instrumentation and Security Observability.

Subscribe To Blog

Contrast Scan Adds Support for Client-Side JavaScript - The World’s Most Popular Programming Language

ByJoe Coletta January 5, 2022

If you’re looking for the TL;DR version of this announcement, here it is: Contrast Scan has expanded its language coverage to include front-end languages with support for client-side JavaScript (JS) and jQuery. Now that we’ve got that covered,..

Continue Reading >>

Expression language and deserialization attacks on the rise in lead-up to Log4j vulnerability

ByIan Breeze December 22, 2021

It’s been a couple of weeks since the first public disclosure of the Log4j vulnerability. A lot has happened - perhaps the understatement of the year. Several rounds of new patches have been issued from the Apache Software foundation and others..

Continue Reading >>

WAF, RASP and Log4Shell

Log4Shell has done an excellent job of making the case for Runtime Application Self-Protection (RASP). Here’s the quick summary: our Contrast Protect customers have been secure against the remote code execution (RCE) in this vulnerability for..

Continue Reading >>

85% of Developers in the Technology Industry Deploy Daily, Yet 8 in 10 Aren’t Going Fast Enough

ByPatrick Spencer October 12, 2020

Organizations aspire to reach perfection and often look to emulate best practices of peer organizations to do so. When it comes to software development, global technology leaders like Google, Amazon, Uber, Apple, and others immediately come to..

Continue Reading >>


Accelerate cloud migrations with security observability across your development life cycle.

Continue Reading >>

Accuracy in AppSec Is Critical to Reducing False Positives

According to a new report from the Neustar International Security Council (NISC), over one-quarter of security alerts fielded within organizations are false positives. Surveying senior security professionals across five European countries and the..

Continue Reading >>

Protect Sensitive Data, Reduce Risk, and Gain Regulatory Compliance with Embedded Data Security

Sensitive data often leaks out through applications. The privacy risk is not developer negligence, but rather misplaced trust in pre-General Data Protection Regulation (GDPR) solutions and infrastructure. Enterprises should turn to modern AppSec..

Continue Reading >>

Emerging from the Tool Swamp to a Unified AppSec Platform

Traditional approaches to application security (AppSec) rely on a patchwork of disconnected tools and processes that add high levels of friction to the modern software development life cycle (SDLC). A unified AppSec platform provides continuous..

Continue Reading >>

Traditional AppSec Code Halts Kill DevOps Release Cycles

In recent years, the application security (AppSec) field has not advanced as rapidly as the software development discipline. While developers are under constant pressure to push code, legacy security tools inhibit their ability to do so. Developers..

Continue Reading >>

State-of-the-Art AppSec Goes Beyond Perimeter Into Application Runtimes

When it comes to protecting running applications, traditional defenses that sit on the perimeter lack effective visibility and context to keep pace with attacks. Simply guessing as to the validity of a threat is not enough. This blog spells out..

Continue Reading >>