SECURITY INFLUENCERS BLOG

Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

START FREE TRIAL

How to Improve AppSec in DevOps

DevOps seems to be on the mind of a lot of folks these days. Many articles have been written on how to strategically move groups to well-functioning and secure DevOp methodologies. Leading experts, who've been in the DevOps trenches, are now..

Continue Reading >>

Cloud Developers Can Now Get Cloud Foundry Certified!

Cloud developers can now become certified as Cloud Foundary experts, thanks to the folks at Cloud Foundry Foundation, who announced last week the launch of a cloud based developer certification initiative. The genesis behind this initiative will..

Continue Reading >>

Failure to Lognch

I had to fight tooth and nail to get this blog title -- I hope it made you shoot air out of your nose with a little more thrust than usual.

Continue Reading >>

The DevOpsification of Security

In an article "The DevOpsification of Security," written by Redpoint Ventures principal Lenny Pruss, Contrast Security is mentioned as a leading "app-centric visibility tool."  Lenny's premise is that: 

"The reality is that security, like DevOps,..

Continue Reading >>

DOM XSS in wix.com

 

Wix.com, a hosting provider which claims to host millions of websites, contains an XSS that leads to administrator account takeover and could be used to create a Wix website worm. Learn more about this vulnerability below.

Target

From the..

Continue Reading >>

Chat all you want… but will that data in your message be secure?

Businesses are looking to tools to improve productivity — no surprise right. Business apps are not just “stand-alone” and isolated but they are in the cloud and integrated with other tools and data. Integrations and “plug-ins” with other apps and..

Continue Reading >>

How Can Devs Keep Up with the Library Security Devil?

So, you don’t have the budget to buy Contrast, but you want your developers to be on top of the security of your open source libraries. No problem! Here’s a few simple tips and tricks to staying current.

Continue Reading >>

IAST & the Villainous Library Named "commons-httpclient-3.1.jar"

Let’s talk about commons-httpclient-3.1.jar. I get asked about this library all the time.

It’s an HTTP communication library. It has a vulnerability in it. It doesn’t handle SSL very well.

In fact, it doesn’t really verify you are who the client..

Continue Reading >>

Contrast releases new open source integrations to transform DevOps into DevSecOps

Contrast is tailor-made for powering appsec in devops organizations. It's instant, accurate, powerful, and scalable. It installs and runs exactly like New Relic or AppDynamics, but for security not performance.  If you've licensed Contrast and..

Continue Reading >>

The Client Is Not Always Right!

J’accuse!

I often get the question, “How well does your product handle iOS?” I’d like to explain why I think this question is a warning sign for an application security program.

Continue Reading >>

SUBSCRIBE TO THE BLOG