Skip to content

AppSec Observer: DevOps (4)

The latest trends and tips in DevSecOps through instrumentation and security observability. Learn about real-world insight and “in-the-trenches” experiences on topics ranging from application and information security to DevOps and risk management.

Subscribe Now
    Topics
    DOM XSS in wix.com

    DOM XSS in wix.com

    Wix.com, a hosting provider which claims to host millions of websites, contains an XSS that leads to administrator..

    mancomputer_teamback1016.jpg

    Chat all you want… but will that data in your message be secure?

    Businesses are looking to tools to improve productivity — no surprise right. Business apps are not just “stand-alone”..

    Library-Security-1.jpg

    How Can Devs Keep Up with the Library Security Devil?

    So, you don’t have the budget to buy Contrast, but you want your developers to be on top of the security of your open..

    IAST & the Villainous Library Named

    IAST & the Villainous Library Named "commons-httpclient-3.1.jar"

    Let’s talk about commons-httpclient-3.1.jar. I get asked about this library all the time. It’s an HTTP communication..

    Contrast releases new open source integrations to transform DevOps into DevSecOps

    Contrast releases new open source integrations to transform DevOps into DevSecOps

    Contrast is tailor-made for powering appsec in devops organizations. It's instant, accurate, powerful, and scalable. It..

    The Client Is Not Always Right!

    The Client Is Not Always Right!

    J’accuse! I often get the question, “How well does your product handle iOS?” I’d like to explain why I think this..

    Serialization Must Die: Act 2: XStream (Jenkins CVE-2016-0792)

    Serialization Must Die: Act 2: XStream (Jenkins CVE-2016-0792)

    NOTE: Before you begin reading, you may want to visit the first article in this series: Serialization Must Die: Act 1:..

    Serialization Must Die: Act 1: Kryo

    Serialization Must Die: Act 1: Kryo

    When @frohoff, @gebl and @breenmachine all combined to melt Java security (in what I’m hereafter conflating under the..

    Third-Party Software Library and Airbag Grenades

    Third-Party Software Library and Airbag Grenades

    Recently Contrast Security ran some analysis of our customers’ 3rd party software usage, which is a huge security blind..

    Prev 1 2 3 4 5 Next