SECURITY INFLUENCERS BLOG

Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

START FREE TRIAL

Contrast Labs: Apache Struts CVE-2019-0230 and How to Block Attacks

Note: Special thanks to Alvaro Muñoz (https://twitter.com/pwntester) for correcting us on some very important technical facts in our original copy of this blog.

Continue Reading >>

Emerging from the Tool Swamp to a Unified AppSec Platform

Traditional approaches to application security (AppSec) rely on a patchwork of disconnected tools and processes that add high levels of friction to the modern software development life cycle (SDLC). A unified AppSec platform provides continuous..

Continue Reading >>

State-of-the-Art AppSec Goes Beyond Perimeter Into Application Runtimes

When it comes to protecting running applications, traditional defenses that sit on the perimeter lack effective visibility and context to keep pace with attacks. Simply guessing as to the validity of a threat is not enough. This blog spells out..

Continue Reading >>

What You Need to Know About the New IAST and RASP Guidelines in NIST 800-53

 

Continue Reading >>

Why You Need Both a WAF and RASP to Protect Your Web Applications

One thing that you learn in the technology space is that change is constant. Companies, solutions, and people who sit on their laurels can find themselves in a position of never-ending catch up. For security operations and application security..

Continue Reading >>

Why Blue Teams Need RASP: Continuous Application Threat Monitoring with Runtime Exploit Prevention

Runtime Application Self-Protection (RASP) adds threat visibility and security control to application runtimes so you can continuously discover application threats and block attacks—as they are still happening. Enjoy visionary RASP breach..

Continue Reading >>

Pulling Back the Curtain On: Zip File Overwrites

Zip file overwrites are a cool but rare vulnerability that can occur on apps that work with user-supplied zip files. The folks at Snyk recently found a slew of libraries that do that, and there is a lot of history in this attack vector. In fact,..

Continue Reading >>

Pulling Back the Curtain on RASP

If you set out to build a new WAF today (which, believe it or not, people are still doing), everyone would have some idea of how it would work -- you'd setup a reverse proxy, and then use signatures of all kinds on the parameters, headers, body,..

Continue Reading >>

Contrast Protect + WAF: A Day in the Life of a User

A Web Application Firewall can watch network data, but the architecture does not enable them to see how that data is actually used. As a result, they sound an equal alarm for all attack attempts without raising the importance for attacks that could..

Continue Reading >>

SUBSCRIBE TO THE BLOG