APPSEC OBSERVER

The latest trends and tips in DevSecOps through instrumentation and Security Observability.

Subscribe To Blog

85% of Developers in the Technology Industry Deploy Daily, Yet 8 in 10 Aren’t Going Fast Enough

ByPatrick Spencer October 12, 2020

Organizations aspire to reach perfection and often look to emulate best practices of peer organizations to do so. When it comes to software development, global technology leaders like Google, Amazon, Uber, Apple, and others immediately come to..

Continue Reading >>

Authenticated Remote Code Execution in OpenMRS

Early in May of 2020, Contrast Labs was exploring different ways in which we could help the community or world combat the increase in attacks against medical and testing facilities. We decided quickly that doing some form of hack-a-thon on OpenMRS

Continue Reading >>

XML External Entity (XXE) Pitfalls With JAXB

The Java XML Binding (JAXB) runtime that ships with OpenJDK 1.8 uses a default configuration that protects against XML external entity (XXE) attacks. Contrast researched this secure default configuration and found that developers should not rely..

Continue Reading >>

Contrast Labs: Apache Struts CVE-2019-0230 and How to Block Attacks

Note: Special thanks to Alvaro Muñoz (https://twitter.com/pwntester) for correcting us on some very important technical facts in our original copy of this blog.

Continue Reading >>

Assessing API Security Risks, Plotting a Solution

Application programming interfaces (APIs) are increasingly opening paths to vulnerabilities further down in application architectures. But legacy security testing approaches and firewalls are an inefficient and ineffective approach to securing..

Continue Reading >>

Contrast Labs: Mapping Risk Profiles for Select OWASP Top 10 Vulnerabilities to Understand Their AppSec Risk

At Contrast Security, the Contrast Labs team is charged with numerous things. Part of this charter includes looking at threat intelligence and understanding the true threat landscape. This encompasses risks that different vulnerabilities may pose..

Continue Reading >>

Public WiFi is actually still pretty dangerous

I wanted to write a short response to an article EFF posted, Why Public Wi-Fi is a Lot Safer Than You Think. It's no secret transport layer security has vastly improved over the years -- so I generally agree with a lot of the points made here. For..

Continue Reading >>

DECEMBER 2019 AppSec Intelligence Report

This report summarizes Contrast Labs' analysis of real world application attack and vulnerability data from December 2019. By providing continuous insight and detection from inside applications, Contrast can identify and trend the way that..

Continue Reading >>

November 2019 AppSec Intelligence Report

This report summarizes Contrast Labs' analysis of real world application attack and vulnerability data from November 2019. It builds on data that Contrast Security observed over the previous months and highlights to highlight key trends and useful..

Continue Reading >>

September 2019 APPSEC INTELLIGENCE REPORT

This report summarizes Contrast Labs' analysis of real world application attack and vulnerability data from September 2019. It utilizes data from attacks that Contrast Security observed over the previous months and highlights the key trends..

Continue Reading >>

SUBSCRIBE TO THE BLOG