Skip to content

AppSec Observer: DevOps (4)

Contrast's application security blog provides the latest trends and tips in DevSecOps through instrumentation and security observability.

Subscribe Now
    Topics

    The DevOpsification of Security

    In an article "The DevOpsification of Security," written by Redpoint Ventures principal Lenny Pruss, Contrast Security..

    DOM XSS in wix.com

    DOM XSS in wix.com

    Wix.com, a hosting provider which claims to host millions of websites, contains an XSS that leads to administrator..

    man computer

    Chat all you want… but will that data in your message be secure?

    Businesses are looking to tools to improve productivity — no surprise right. Business apps are not just “stand-alone”..

    Library-Security-1.jpg

    How Can Devs Keep Up with the Library Security Devil?

    So, you don’t have the budget to buy Contrast, but you want your developers to be on top of the security of your open..

    IAST & the Villainous Library Named

    IAST & the Villainous Library Named "commons-httpclient-3.1.jar"

    Let’s talk about commons-httpclient-3.1.jar. I get asked about this library all the time. It’s an HTTP communication..

    Contrast releases new open source integrations to transform DevOps into DevSecOps

    Contrast releases new open source integrations to transform DevOps into DevSecOps

    Contrast is tailor-made for powering appsec in devops organizations. It's instant, accurate, powerful, and scalable. It..

    The Client Is Not Always Right!

    The Client Is Not Always Right!

    J’accuse! I often get the question, “How well does your product handle iOS?” I’d like to explain why I think this..

    Serialization Must Die: Act 2: XStream (Jenkins CVE-2016-0792)

    Serialization Must Die: Act 2: XStream (Jenkins CVE-2016-0792)

    NOTE: Before you begin reading, you may want to visit the first article in this series: Serialization Must Die: Act 1:..

    Serialization Must Die: Act 1: Kryo

    Serialization Must Die: Act 1: Kryo

    When @frohoff, @gebl and @breenmachine all combined to melt Java security (in what I’m hereafter conflating under the..

    Prev 1 2 3 4 5 Next