AppSec Observer: Threat

The latest trends and tips in DevSecOps through instrumentation and security observability. Learn about real-world insight and “in-the-trenches” experiences on topics ranging from application and information security to DevOps and risk management.

Subscribe Now

Topics

26 January 2022

DHS Warns of Imminent Nation State Cyberthreats

Situation Due to the ongoing degradation in Ukrainian and Russian relations, today, intelligence agencies from major..

18 December 2021

[Upgrade to 2.17] Updated Guidance on Addressing Log4J CVEs

The Apache Software Foundation provided another update to log4j (version 2.17.0) to address a new CVE-2021-45105 on..

17 December 2021

Contrast Security Protects Serverless applications from Log4j Attacks

The Log4j flaw (also now known as "Log4Shell"), is a zero-day vulnerability (CVE-2021-44228) that came to light on..

16 December 2021

Log4Shell By The Numbers

We monitor many thousands of applications with Contrast Assess (IAST), Contrast SCA, and Contrast Protect (RASP) so we..

16 December 2021

Updated Guidance on Addressing Log4J CVEs

The information below is no longer current against the evolving security landscape. See [updated guidance] again on..

16 December 2021

Instantly Inoculate Your Servers Against Log4J With New Open Source Tool

Contrast is releasing SafeLog4j, a free and open-source, general purpose tool that can detect/verify vulnerable log4j..

20 May 2021

President Biden’s Executive Order: Secure the Software Supply Chain

In the fallout of a successful ransomware attack on a pipeline that supplies nearly half the East Coast’s gasoline,..

13 May 2021

A BIGGER SHARE OF VULNERABILITIES WERE SERIOUS IN THE FIRST TWO MONTHS OF THE YEAR

Until recently, the word “Hafnium” most commonly referred to an obscure atomic element—atomic number 72 in the Periodic..

24 February 2021

DEPENDENCY CONFUSION: A NEW THIRD-PARTY RISK FOR THE SOFTWARE FACTORY

The SolarWinds attack has been extensively covered over the past two months—and rightly so. It has been characterized..

1 2 3 Next

BY USE CASE

BY DEPARTMENT

BY INDUSTRY

GITHUB ACTIONS BLOG SERIES, PART 1: PIPELINE NATIVE CODE ANALYSIS

"Contrast speeds up the delivery pipeline – we fix issues earlier in the development lifecycle. Great for any company trying to achieve a DevSecOps approach to application security.”

Contrast Incident Response Hub

AppSec Observer: Threat

DHS Warns of Imminent Nation State Cyberthreats

[Upgrade to 2.17] Updated Guidance on Addressing Log4J CVEs

Contrast Security Protects Serverless applications from Log4j Attacks

Log4Shell By The Numbers

Updated Guidance on Addressing Log4J CVEs

Instantly Inoculate Your Servers Against Log4J With New Open Source Tool

President Biden’s Executive Order: Secure the Software Supply Chain

A BIGGER SHARE OF VULNERABILITIES WERE SERIOUS IN THE FIRST TWO MONTHS OF THE YEAR

DEPENDENCY CONFUSION: A NEW THIRD-PARTY RISK FOR THE SOFTWARE FACTORY

BY USE CASE

BY DEPARTMENT

BY INDUSTRY

GITHUB ACTIONS BLOG SERIES, PART 1: PIPELINE NATIVE CODE ANALYSIS

"Contrast speeds up the delivery pipeline – we fix issues earlier in the development lifecycle. Great for any company trying to achieve a DevSecOps approach to application security.”

Contrast Incident Response Hub

AppSec Observer: Threat

DHS Warns of Imminent Nation State Cyberthreats

[Upgrade to 2.17] Updated Guidance on Addressing Log4J CVEs

Contrast Security Protects Serverless applications from Log4j Attacks

Log4Shell By The Numbers

Updated Guidance on Addressing Log4J CVEs

Instantly Inoculate Your Servers Against Log4J With New Open Source Tool

President Biden’s Executive Order: Secure the Software Supply Chain

A BIGGER SHARE OF VULNERABILITIES WERE SERIOUS IN THE FIRST TWO MONTHS OF THE YEAR

DEPENDENCY CONFUSION: A NEW THIRD-PARTY RISK FOR THE SOFTWARE FACTORY

Loving our content? Subscribe now!