Skip to content

AppSec Observer: AppSec

The latest trends and tips in DevSecOps through instrumentation and security observability. Learn about real-world insight and “in-the-trenches” experiences on topics ranging from application and information security to DevOps and risk management.

Subscribe to Blog
Feeble APIs = Feeble app security

Feeble APIs = Feeble app security

  Your apps are only as secure as each one of your scores of APIs.  

Why do modern companies choose Kotlin for server-side development?

Why do modern companies choose Kotlin for server-side development?

It’s short, simple, easy to debug — and, now, far easier to secure with Contrast’s new, Kotlin-tuned AppSec testing. 

Blowing up DevOps bottlenecks with pull requests

Blowing up DevOps bottlenecks with pull requests

It’s the perfect time, Larry Maccherone said during his DevOps Connect knowledge-sharing session at RSA 2022: The code..

CodeSec by Contrast Security - Evaluator Guide

CodeSec by Contrast Security - Evaluator Guide

CodeSec by Contrast brings enterprise-level security right to your development workflow for free. Make code and..

A Sneak Peek Into Contrast's New Developer Security Tool

A Sneak Peek Into Contrast's New Developer Security Tool

Coming June 2, Contrast Security will be unveiling its newest security scanning tool designed for developers by..

Securing Server-Side Kotlin

Securing Server-Side Kotlin

I’m excited to expand Contrast Assess language coverage to include Kotlin as a General Availability language. This new..

Contrast Scan Adds Support for Client-Side JavaScript - The World’s Most Popular Programming Language

Contrast Scan Adds Support for Client-Side JavaScript - The World’s Most Popular Programming Language

If you’re looking for the TL;DR version of this announcement, here it is: Contrast Scan has expanded its language..

Expression language and deserialization attacks on the rise in lead-up to Log4j vulnerability

Expression language and deserialization attacks on the rise in lead-up to Log4j vulnerability

It’s been a couple of weeks since the first public disclosure of the Log4j vulnerability. A lot has happened - perhaps..

WAF, RASP and Log4Shell

WAF, RASP and Log4Shell

Log4Shell has done an excellent job of making the case for Runtime Application Self-Protection (RASP). Here’s the quick..