<iframe src="//www.googletagmanager.com/ns.html?id=GTM-WQV6DT" height="0" width="0" style="display:none;visibility:hidden">

SECURITY INFLUENCERS BLOG

Security influencers provide real-world insight and “in-the-trenches” experiences on topics ranging from application security to DevOps and risk management

Hacked- Contrast News

The WikiLeaks CIA Dump Dominates AppSec News Coverage

Christine Carrig, Director of Marketing | March 21, 2017

WikiLeaks has been dominating recent news when it released "Vault 7", a new series of leaks it claims came from the United States Central Intelligence Agency (CIA). WikiLeaks delared that Vault 7  "is the largest ever publication of confidential..

Read More

Hacked

CVE-2017-5638 – Struts 2 S2-045 Exploit Released – Protection Offered

Arshan Dabirsiaghi, Co-Founder, Chief Scientist | March 10, 2017

On March 6, a new remote code execution vulnerability was disclosed1 against Struts 2 (2.3.5-2.3.31 and 2.5-2.5.10.) Most likely, if you're using Struts 2, you are vulnerable to a one-shot attack which can run arbitrary system commands.

Read More

Hacked- Thought Leaders

The Impact of Fake Retail Apps Hitting the Apple App Store this Year

Christine Carrig, Director of Marketing | November 14, 2016

Last week, App Developer Magazine, in an article titled "The Impact of Fake Retail Apps Hitting the Apple App Store this Year" prominently features Contrast Security Co-founder and CTO Jeff Williams. The article discusses how counterfeiters have..

Read More

DevOps- Hacked

DOM XSS in wix.com

Matt Austin, Senior Security Research Engineer | November 2, 2016

Wix.com, a hosting provider which claims to host millions of websites, contains an XSS that leads to administrator account takeover and could be used to create a Wix website worm.

Target

From the company’s literature:

“Wix.com is a leading..

Read More

Hacked- Thought Leaders

60 Minutes & the "Signaling System Seven (SS7) Vulnerability"

Jeff Williams, Co-Founder, Chief Technology Officer | September 7, 2016

Over the weekend, 60 Minutes featured a segment on how cellphones and mobile phone networks are vulnerable to hacking, exploiting a security flaw discovered in Signaling System Seven – or SS7. According to security researcher Karsten Nohl, “the..

Read More

Hacked

Why We Should Score Data Breaches

Christine Carrig, Director of Marketing | August 15, 2016

Contrast's CTO and Co-Founder, Jeff Williams, was interviewed by Forbes Magazine at Black Hat USA 2016 earlier this month. The interview focused on recent healthcare breaches and why we (the industry) should score data breaches. Jeff is quoted..

Read More

Hacked

Peiter Zatko's (Mudge) Cyber Independent Testing Lab methods.... just another flash in the pan?

Jeff Williams, Co-Founder, Chief Technology Officer | August 2, 2016

Last week, The Intercept published an article (A Famed Hacker is Grading Thousands of Programs – and May Revolutionize Software in the Process) discussing a new method for testing and scoring the security of software. This new method – called the..

Read More

Hacked

"The DCCC Hacked:  SQL Injection?  Come on."

Jeff Williams, Co-Founder, Chief Technology Officer | July 29, 2016

Jeff's comments here are a follow-up to his blog post "International hacks, politics and knee-jerk cybersecurity... never a good mix - Russia & the DNC Hack." You may want to read that post too!

Some software is more important than other..

Read More

Hacked

International hacks, politics and knee-jerk cybersecurity - never a good mix

Jeff Williams, Co-Founder, Chief Technology Officer | July 26, 2016

The FBI is now leading an investigation into a hack into the Democratic National Committee. This is the first acknowledgment from the agency that they are probing the incident, which US officials suspect came from a Russian cyberattack. The FBI said..

Read More

Hacked

Hacked... Because of an Insecure Library

Jeff Williams, Co-Founder, Chief Technology Officer | July 22, 2016

This morning, ZDNet’s Zack Whittaker reported a hacker has targeted the official forum for the mobile game Clash of Kings, stealing nearly 1.6 million accounts. According to the piece, the hacker exploited a known weakness in the forum’s..

Read More

SIGN UP FOR BLOG UPDATES

"When we instrumented applications at the UK's largest Government Department with Contrast Assess, it was like handing our project teams an incredibly powerful debugging agent containing the sum total of application security knowledge.” 

Declan O'Riordan
Security Testing Manager
Testing IT, Ltd.
continuous-application-security
Laptop-Blue-Bg.jpg

schedule a demo now

Discover how easy it is to spot & stop attacks in real-time.
Laptop.png
Get Demo