<iframe src="//www.googletagmanager.com/ns.html?id=GTM-WQV6DT" height="0" width="0" style="display:none;visibility:hidden">


Security influencers provide real-world insight and “in-the-trenches” experiences on topics ranging from application security to DevOps and risk management


Failure to Lognch

Arshan Dabirsiaghi, Co-Founder, Chief Scientist | November 9, 2016

I had to fight tooth and nail to get this blog title -- I hope it made you shoot air out of your nose with a little more thrust than usual.

Read More


The DevOpsification of Security

Christine Carrig, Director of Marketing | November 9, 2016

In an article "The DevOpsification of Security," written by Redpoint Ventures principal Lenny Pruss, Contrast Security is mentioned as a leading "app-centric visibility tool."  Lenny's premise is that: 

"The reality is that security, like DevOps,..

Read More

DevOps- Hacked

DOM XSS in wix.com

Matt Austin, Senior Security Research Engineer | November 2, 2016

Wix.com, a hosting provider which claims to host millions of websites, contains an XSS that leads to administrator account takeover and could be used to create a Wix website worm.


From the company’s literature:

“Wix.com is a leading..

Read More

DevOps- Thought Leaders

Chat all you want… but will that data in your message be secure?

Christine Carrig, Director of Marketing | October 28, 2016

Businesses are looking to tools to improve productivity — no surprise right. Business apps are not just “stand-alone” and isolated but they are in the cloud and integrated with other tools and data. Integrations and “plug-ins” with other apps and..

Read More


How Can Devs Keep Up with the Library Security Devil?

Arshan Dabirsiaghi, Co-Founder, Chief Scientist | September 20, 2016

So, you don’t have the budget to buy Contrast, but you want your developers to be on top of the security of your open source libraries. No problem! Here’s a few simple tips and tricks to staying current.

Read More


IAST & the Villainous Library Named "commons-httpclient-3.1.jar"

Arshan Dabirsiaghi, Co-Founder, Chief Scientist | September 14, 2016

Let’s talk about commons-httpclient-3.1.jar. I get asked about this library all the time.

It’s an HTTP communication library. It has a vulnerability in it. It doesn’t handle SSL very well.

In fact, it doesn’t really verify you are who the client..

Read More


Contrast releases new open source integrations to transform DevOps into DevSecOps

Jeff Williams, Co-Founder, Chief Technology Officer | June 16, 2016

Contrast is tailor-made for powering appsec in devops organizations. It's instant, accurate, powerful, and scalable. It installs and runs exactly like New Relic or AppDynamics, but for security not performance.  If you've licensed Contrast and..

Read More


The Client Is Not Always Right!

Arshan Dabirsiaghi, Co-Founder, Chief Scientist | June 10, 2016


I often get the question, “How well does your product handle iOS?” I’d like to explain why I think this question is a warning sign for an application security program.

Read More


Serialization Must Die: Act 2: XStream (Jenkins CVE-2016-0792)

Arshan Dabirsiaghi, Co-Founder, Chief Scientist | February 24, 2016

NOTE: Before you begin reading, you may want to visit this article for Act 1 of our series – Kryo serialization library and its weaknesses. This piece frames some of the discussion in this blog, but definitely isn’t required reading.

XStream is a..

Read More


Serialization Must Die: Act 1: Kryo

Arshan Dabirsiaghi, Co-Founder, Chief Scientist | February 12, 2016

When @frohoff, @gebl and @breenmachine all combined to melt Java security (in what I’m hereafter conflating under the term “seriapalooza”), I thought about deserialization alternatives. Where are my customers going next? Is there greener grass?..

Read More


"When we instrumented applications at the UK's largest Government Department with Contrast Assess, it was like handing our project teams an incredibly powerful debugging agent containing the sum total of application security knowledge.” 

Declan O'Riordan
Security Testing Manager
Testing IT, Ltd.

schedule a demo now

Discover how easy it is to spot & stop attacks in real-time.
Get Demo