<iframe src="//www.googletagmanager.com/ns.html?id=GTM-WQV6DT" height="0" width="0" style="display:none;visibility:hidden">


Security influencers provide real-world insight and “in-the-trenches” experiences on topics ranging from application security to DevOps and risk management

Application Security- Hacked

Google Docs May Still be Vulnerable to Phishing Attacks

Matt Austin, Director of Security Research | May 5, 2017

On Tuesday, users of Google Docs were targeted with an email phishing attack. The email content was a ruse to trick folks into granting access to their contact data. Google quickly put measures into place to stop the attack. Please visit this..

Read More

Hacked- Contrast News

The WikiLeaks CIA Dump Dominates AppSec News Coverage

Christine Carrig, Director of Marketing | March 21, 2017

WikiLeaks has been dominating recent news when it released "Vault 7", a new series of leaks it claims came from the United States Central Intelligence Agency (CIA). WikiLeaks delared that Vault 7  "is the largest ever publication of confidential..

Read More


CVE-2017-5638 – Struts 2 S2-045 Exploit Released – Protection Offered

Arshan Dabirsiaghi, Co-Founder, Chief Scientist | March 10, 2017

On March 6, a new remote code execution vulnerability was disclosed1 against Struts 2 (2.3.5-2.3.31 and 2.5-2.5.10.) Most likely, if you're using Struts 2, you are vulnerable to a one-shot attack which can run arbitrary system commands.

Read More

Hacked- Thought Leaders

The Impact of Fake Retail Apps Hitting the Apple App Store this Year

Christine Carrig, Director of Marketing | November 14, 2016

Last week, App Developer Magazine, in an article titled "The Impact of Fake Retail Apps Hitting the Apple App Store this Year" prominently features Contrast Security Co-founder and CTO Jeff Williams. The article discusses how counterfeiters have..

Read More

DevOps- Hacked

DOM XSS in wix.com

Matt Austin, Director of Security Research | November 2, 2016

Wix.com, a hosting provider which claims to host millions of websites, contains an XSS that leads to administrator account takeover and could be used to create a Wix website worm.


From the company’s literature:

“Wix.com is a leading..

Read More

Hacked- Thought Leaders

60 Minutes & the "Signaling System Seven (SS7) Vulnerability"

Jeff Williams, Co-Founder, Chief Technology Officer | September 7, 2016

Over the weekend, 60 Minutes featured a segment on how cellphones and mobile phone networks are vulnerable to hacking, exploiting a security flaw discovered in Signaling System Seven – or SS7. According to security researcher Karsten Nohl, “the..

Read More


Why We Should Score Data Breaches

Christine Carrig, Director of Marketing | August 15, 2016

Contrast's CTO and Co-Founder, Jeff Williams, was interviewed by Forbes Magazine at Black Hat USA 2016 earlier this month. The interview focused on recent healthcare breaches and why we (the industry) should score data breaches. Jeff is quoted..

Read More


Peiter Zatko's (Mudge) Cyber Independent Testing Lab methods.... just another flash in the pan?

Jeff Williams, Co-Founder, Chief Technology Officer | August 2, 2016

Last week, The Intercept published an article (A Famed Hacker is Grading Thousands of Programs – and May Revolutionize Software in the Process) discussing a new method for testing and scoring the security of software. This new method – called the..

Read More


"The DCCC Hacked:  SQL Injection?  Come on."

Jeff Williams, Co-Founder, Chief Technology Officer | July 29, 2016

Jeff's comments here are a follow-up to his blog post "International hacks, politics and knee-jerk cybersecurity... never a good mix - Russia & the DNC Hack." You may want to read that post too!

Some software is more important than other..

Read More


International hacks, politics and knee-jerk cybersecurity - never a good mix

Jeff Williams, Co-Founder, Chief Technology Officer | July 26, 2016

The FBI is now leading an investigation into a hack into the Democratic National Committee. This is the first acknowledgment from the agency that they are probing the incident, which US officials suspect came from a Russian cyberattack. The FBI said..

Read More


"When we instrumented applications at the UK's largest Government Department with Contrast Assess, it was like handing our project teams an incredibly powerful debugging agent containing the sum total of application security knowledge.” 

Declan O'Riordan
Security Testing Manager
Testing IT, Ltd.

schedule a demo now

Discover how easy it is to spot & stop attacks in real-time.
Get Demo