SECURITY INFLUENCERS BLOG

Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

Using Contrast to prevent the Weblogic Remote Code Execution (RCE) Deserialization Vulnerability - CVE-2019-2725

On April 17, 2019, Oracle released a Critical Patch Advisory with 254 patches. One of the vulnerabilities addressed was for CVE-2019-2725. The vulnerability associated with CVE-2019-2725 allows any anonymous attacker with internet access to submit a..

Continue Reading >>

Privilege Escalation in Popular Blogging Platform

Ghost is a popular open source blogging platform written in Node.js. It is downloaded around 8,500 times a week according to npm.

Continue Reading >>

CVE-2018-11776 Struts2

Contrast and Struts2 CVE-2018-11776

On August 22, a new CVE and exploit appeared for the Struts2 web application framework: Struts2 CVE-2018-11776. Struts2 CVE-2018-11776 adds to the list of older Struts/Struts2 CVEs. Like the Struts2..

Continue Reading >>

CONTRAST LABS: March 2018 AppSec Intelligence Report

Contrast Labs' analysis of real world application security data from March 2018. We're going to change it up a bit this month by expanding our coverage to include:

  • Both known and unknown vulnerabilities in custom code
  • Both known and unknown..
Continue Reading >>

SUBSCRIBE TO THE BLOG

Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook