SECURITY INFLUENCERS BLOG

Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

START FREE TRIAL

CAS: The Best Way to Modernize Application Security

In case you don't recognize the acronym, "CAS" stands for Continuous Application Security. It may not become a household name, but here at Contrast we believe it will be as common as "WAFs" within our industry.  CAS will help lead the way to..

Continue Reading >>

DevOps Security: 6 Executive Tips For Your Security Program

ByMahesh Babu May 4, 2017

DevOps security extends DevOps processes to the software application security team within your organization. Bringing together software development and application security helps ensure that security moves from a bottleneck to an enabler...

Continue Reading >>

How to Improve AppSec in DevOps

DevOps seems to be on the mind of a lot of folks these days. Many articles have been written on how to strategically move groups to well-functioning and secure DevOp methodologies. Leading experts, who've been in the DevOps trenches, are now..

Continue Reading >>

Cloud Developers Can Now Get Cloud Foundry Certified!

Cloud developers can now become certified as Cloud Foundary experts, thanks to the folks at Cloud Foundry Foundation, who announced last week the launch of a cloud based developer certification initiative. The genesis behind this initiative will..

Continue Reading >>

Failure to Lognch

I had to fight tooth and nail to get this blog title -- I hope it made you shoot air out of your nose with a little more thrust than usual.

Continue Reading >>

The DevOpsification of Security

In an article "The DevOpsification of Security," written by Redpoint Ventures principal Lenny Pruss, Contrast Security is mentioned as a leading "app-centric visibility tool."  Lenny's premise is that: 

"The reality is that security, like DevOps,..

Continue Reading >>

DOM XSS in wix.com

 

Wix.com, a hosting provider which claims to host millions of websites, contains an XSS that leads to administrator account takeover and could be used to create a Wix website worm. Learn more about this vulnerability below.

Target

From the..

Continue Reading >>

Chat all you want… but will that data in your message be secure?

Businesses are looking to tools to improve productivity — no surprise right. Business apps are not just “stand-alone” and isolated but they are in the cloud and integrated with other tools and data. Integrations and “plug-ins” with other apps and..

Continue Reading >>

How Can Devs Keep Up with the Library Security Devil?

So, you don’t have the budget to buy Contrast, but you want your developers to be on top of the security of your open source libraries. No problem! Here’s a few simple tips and tricks to staying current.

Continue Reading >>

IAST & the Villainous Library Named "commons-httpclient-3.1.jar"

Let’s talk about commons-httpclient-3.1.jar. I get asked about this library all the time.

It’s an HTTP communication library. It has a vulnerability in it. It doesn’t handle SSL very well.

In fact, it doesn’t really verify you are who the client..

Continue Reading >>

SUBSCRIBE TO THE BLOG

Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook