AppSec Observer: DevOps (4)

The latest trends and tips in DevSecOps through instrumentation and security observability. Learn about real-world insight and “in-the-trenches” experiences on topics ranging from application and information security to DevOps and risk management.

Subscribe Now

Topics

2 November 2016

DOM XSS in wix.com

Wix.com, a hosting provider which claims to host millions of websites, contains an XSS that leads to administrator..

28 October 2016

Chat all you want… but will that data in your message be secure?

Businesses are looking to tools to improve productivity — no surprise right. Business apps are not just “stand-alone”..

20 September 2016

How Can Devs Keep Up with the Library Security Devil?

So, you don’t have the budget to buy Contrast, but you want your developers to be on top of the security of your open..

14 September 2016

IAST & the Villainous Library Named "commons-httpclient-3.1.jar"

Let’s talk about commons-httpclient-3.1.jar. I get asked about this library all the time. It’s an HTTP communication..

16 June 2016

Contrast releases new open source integrations to transform DevOps into DevSecOps

Contrast is tailor-made for powering appsec in devops organizations. It's instant, accurate, powerful, and scalable. It..

10 June 2016

The Client Is Not Always Right!

J’accuse! I often get the question, “How well does your product handle iOS?” I’d like to explain why I think this..

24 February 2016

Serialization Must Die: Act 2: XStream (Jenkins CVE-2016-0792)

NOTE: Before you begin reading, you may want to visit the first article in this series: Serialization Must Die: Act 1:..

12 February 2016

Serialization Must Die: Act 1: Kryo

When @frohoff, @gebl and @breenmachine all combined to melt Java security (in what I’m hereafter conflating under the..

27 January 2016

Third-Party Software Library and Airbag Grenades

Recently Contrast Security ran some analysis of our customers’ 3rd party software usage, which is a huge security blind..

Prev 1 2 3 4 5 Next

BY USE CASE

BY DEPARTMENT

BY INDUSTRY

GITHUB ACTIONS BLOG SERIES, PART 1: PIPELINE NATIVE CODE ANALYSIS

"Contrast speeds up the delivery pipeline – we fix issues earlier in the development lifecycle. Great for any company trying to achieve a DevSecOps approach to application security.”

Contrast Incident Response Hub

AppSec Observer: DevOps (4)

DOM XSS in wix.com

Chat all you want… but will that data in your message be secure?

How Can Devs Keep Up with the Library Security Devil?

IAST & the Villainous Library Named "commons-httpclient-3.1.jar"

Contrast releases new open source integrations to transform DevOps into DevSecOps

The Client Is Not Always Right!

Serialization Must Die: Act 2: XStream (Jenkins CVE-2016-0792)

Serialization Must Die: Act 1: Kryo

Third-Party Software Library and Airbag Grenades

BY USE CASE

BY DEPARTMENT

BY INDUSTRY

GITHUB ACTIONS BLOG SERIES, PART 1: PIPELINE NATIVE CODE ANALYSIS

"Contrast speeds up the delivery pipeline – we fix issues earlier in the development lifecycle. Great for any company trying to achieve a DevSecOps approach to application security.”

Contrast Incident Response Hub

AppSec Observer: DevOps (4)

DOM XSS in wix.com

Chat all you want… but will that data in your message be secure?

How Can Devs Keep Up with the Library Security Devil?

IAST & the Villainous Library Named "commons-httpclient-3.1.jar"

Contrast releases new open source integrations to transform DevOps into DevSecOps

The Client Is Not Always Right!

Serialization Must Die: Act 2: XStream (Jenkins CVE-2016-0792)

Serialization Must Die: Act 1: Kryo

Third-Party Software Library and Airbag Grenades

Loving our content? Subscribe now!