SECURITY INFLUENCERS BLOG

Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

START FREE TRIAL

September 2019 APPSEC INTELLIGENCE REPORT

This report summarizes Contrast Labs' analysis of real world application attack and vulnerability data from September 2019. It utilizes data from attacks that Contrast Security observed over the previous months and highlights the key trends..

Continue Reading >>

August 2019 AppSec Intelligence Report

This report summarizes Contrast Labs' analysis of real world application attack and vulnerability data from August 2019. It utilizes data from attacks that Contrast Security observed over the previous months and highlights the key trends found. 

Continue Reading >>

July 2019 AppSec Intelligence Report: Attack Edition

July 2019 AppSec Intelligence Report: Attack Edition

Continue Reading >>

June 2019 AppSec Intelligence Report: Attack Edition

What is this report: This report summarizes Contrast Labs' analysis of real world application attack data from June 2019. It utilizes data from attacks that Contrast observed over the previous months and highlights the key trends found. 

Continue Reading >>

Using Contrast to prevent the Weblogic Remote Code Execution (RCE) Deserialization Vulnerability - CVE-2019-2725

On April 17, 2019, Oracle released a Critical Patch Advisory with 254 patches. One of the vulnerabilities addressed was for CVE-2019-2725. The vulnerability associated with CVE-2019-2725 allows any anonymous attacker with internet access to submit a..

Continue Reading >>

Privilege Escalation in Popular Blogging Platform

Ghost is a popular open source blogging platform written in Node.js. It is downloaded around 8,500 times a week according to npm.

Continue Reading >>

CVE-2018-11776 Struts2

Contrast and Struts2 CVE-2018-11776

On August 22, a new CVE and exploit appeared for the Struts2 web application framework: Struts2 CVE-2018-11776. Struts2 CVE-2018-11776 adds to the list of older Struts/Struts2 CVEs. Like the Struts2..

Continue Reading >>

CONTRAST LABS: March 2018 AppSec Intelligence Report

Contrast Labs' analysis of real world application security data from March 2018. We're going to change it up a bit this month by expanding our coverage to include:

  • Both known and unknown vulnerabilities in custom code
  • Both known and unknown..
Continue Reading >>

SUBSCRIBE TO THE BLOG

Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook