Skip to content

AppSec Observer: DevOps (4)

The latest trends and tips in DevSecOps through instrumentation and security observability. Learn about real-world insight and “in-the-trenches” experiences on topics ranging from application and information security to DevOps and risk management.

Subscribe to Blog
DOM XSS in wix.com

DOM XSS in wix.com

  Wix.com, a hosting provider which claims to host millions of websites, contains an XSS that leads to administrator..

mancomputer_teamback1016.jpg

Chat all you want… but will that data in your message be secure?

Businesses are looking to tools to improve productivity — no surprise right. Business apps are not just “stand-alone”..

Library-Security-1.jpg

How Can Devs Keep Up with the Library Security Devil?

So, you don’t have the budget to buy Contrast, but you want your developers to be on top of the security of your open..

IAST & the Villainous Library Named

IAST & the Villainous Library Named "commons-httpclient-3.1.jar"

Let’s talk about commons-httpclient-3.1.jar. I get asked about this library all the time. It’s an HTTP communication..

Contrast releases new open source integrations to transform DevOps into DevSecOps

Contrast releases new open source integrations to transform DevOps into DevSecOps

Contrast is tailor-made for powering appsec in devops organizations. It's instant, accurate, powerful, and scalable. It..

The Client Is Not Always Right!

The Client Is Not Always Right!

J’accuse! I often get the question, “How well does your product handle iOS?” I’d like to explain why I think this..

Serialization Must Die: Act 2: XStream (Jenkins CVE-2016-0792)

Serialization Must Die: Act 2: XStream (Jenkins CVE-2016-0792)

NOTE: Before you begin reading, you may want to visit the first article in this series: Serialization Must Die: Act 1:..

Serialization Must Die: Act 1: Kryo

Serialization Must Die: Act 1: Kryo

When @frohoff, @gebl and @breenmachine all combined to melt Java security (in what I’m hereafter conflating under the..

Third-Party Software Library and Airbag Grenades

Third-Party Software Library and Airbag Grenades

Recently Contrast Security ran some analysis of our customers’ 3rd party software usage, which is a huge security blind..