<iframe src="//www.googletagmanager.com/ns.html?id=GTM-WQV6DT" height="0" width="0" style="display:none;visibility:hidden">


Security influencers provide real-world insight and “in-the-trenches” experiences on topics ranging from application security to DevOps and risk management


CAS: The Best Way to Modernize Application Security

Christine Carrig, Director of Marketing | May 16, 2017

In case you don't recognize the acronym, "CAS" stands for Continuous Application Security. It may not become a household name, but here at Contrast we believe it will be as common as "WAFs" within our industry.  CAS will help lead the way to..

Read More


The DevOps-Ready Security Program

Mahesh Babu | May 4, 2017

6 Executive Tips to Bring Security into the DevOps Era

Extending DevOps to your software application security team shifts security from being a bottleneck to an enabler. According to McKinsey & Company, the benefits of being a DevOps-ready IT..

Read More


How to Improve AppSec in DevOps

Christine Carrig, Director of Marketing | April 21, 2017

DevOps seems to be on the mind of a lot of folks these days. Many articles have been written on how to strategically move to well-functioning and secure DevOps methodologies. Leading experts, who've been in the DevOps trenches, are now sharing..

Read More

DevOps- Contrast News

Cloud Developers Can Now Get Cloud Foundry Certified!

Christine Carrig, Director of Marketing | April 6, 2017

Cloud developers can now become certified as Cloud Foundary experts, thanks to the folks at Cloud Foundry Foundation, who announced last week the launch of a cloud based developer certification initiative. The genesis behind this initiative will..

Read More


Failure to Lognch

Arshan Dabirsiaghi, Co-Founder, Chief Scientist | November 9, 2016

I had to fight tooth and nail to get this blog title -- I hope it made you shoot air out of your nose with a little more thrust than usual.

Read More


The DevOpsification of Security

Christine Carrig, Director of Marketing | November 9, 2016

In an article "The DevOpsification of Security," written by Redpoint Ventures principal Lenny Pruss, Contrast Security is mentioned as a leading "app-centric visibility tool."  Lenny's premise is that: 

"The reality is that security, like DevOps,..

Read More

DevOps- Hacked

DOM XSS in wix.com

Matt Austin, Director of Security Research | November 2, 2016

Wix.com, a hosting provider which claims to host millions of websites, contains an XSS that leads to administrator account takeover and could be used to create a Wix website worm.


From the company’s literature:

“Wix.com is a leading..

Read More

DevOps- Thought Leaders

Chat all you want… but will that data in your message be secure?

Christine Carrig, Director of Marketing | October 28, 2016

Businesses are looking to tools to improve productivity — no surprise right. Business apps are not just “stand-alone” and isolated but they are in the cloud and integrated with other tools and data. Integrations and “plug-ins” with other apps and..

Read More


How Can Devs Keep Up with the Library Security Devil?

Arshan Dabirsiaghi, Co-Founder, Chief Scientist | September 20, 2016

So, you don’t have the budget to buy Contrast, but you want your developers to be on top of the security of your open source libraries. No problem! Here’s a few simple tips and tricks to staying current.

Read More


IAST & the Villainous Library Named "commons-httpclient-3.1.jar"

Arshan Dabirsiaghi, Co-Founder, Chief Scientist | September 14, 2016

Let’s talk about commons-httpclient-3.1.jar. I get asked about this library all the time.

It’s an HTTP communication library. It has a vulnerability in it. It doesn’t handle SSL very well.

In fact, it doesn’t really verify you are who the client..

Read More


"When we instrumented applications at the UK's largest Government Department with Contrast Assess, it was like handing our project teams an incredibly powerful debugging agent containing the sum total of application security knowledge.” 

Declan O'Riordan
Security Testing Manager
Testing IT, Ltd.

schedule a demo now

Discover how easy it is to spot & stop attacks in real-time.
Get Demo