Skip to content

AppSec Observer: Threat

The latest trends and tips in DevSecOps through instrumentation and security observability. Learn about real-world insight and “in-the-trenches” experiences on topics ranging from application and information security to DevOps and risk management.

Subscribe to Blog
DHS Warns of Imminent Nation State Cyberthreats

DHS Warns of Imminent Nation State Cyberthreats

Situation Due to the ongoing degradation in Ukrainian and Russian relations, today, intelligence agencies from major..

[Upgrade to 2.17] Updated Guidance on Addressing Log4J CVEs

[Upgrade to 2.17] Updated Guidance on Addressing Log4J CVEs

This morning, the Apache Software Foundation provided another update to log4j (version 2.17.0) to address a new..

Contrast Security Protects Serverless applications from Log4j Attacks

Contrast Security Protects Serverless applications from Log4j Attacks

The Log4j flaw (also now known as "Log4Shell"), is a zero-day vulnerability (CVE-2021-44228) that came to light on..

Log4Shell By The Numbers

Log4Shell By The Numbers

We monitor many thousands of applications with Contrast Assess (IAST), Contrast SCA, and Contrast Protect (RASP) so we..

Updated Guidance on Addressing Log4J CVEs

Updated Guidance on Addressing Log4J CVEs

The information below is no longer current against the evolving security landscape. See [updated guidance] again on..

Instantly Inoculate Your Servers Against Log4J With New Open Source Tool

Instantly Inoculate Your Servers Against Log4J With New Open Source Tool

Contrast is releasing SafeLog4j, a free and open-source, general purpose tool that can detect/verify vulnerable log4j..

President Biden’s Executive Order: Secure the Software Supply Chain

President Biden’s Executive Order: Secure the Software Supply Chain

In the fallout of a successful ransomware attack on a pipeline that supplies nearly half the East Coast’s gasoline,..

A BIGGER SHARE OF VULNERABILITIES WERE SERIOUS IN THE FIRST TWO MONTHS OF THE YEAR

A BIGGER SHARE OF VULNERABILITIES WERE SERIOUS IN THE FIRST TWO MONTHS OF THE YEAR

Until recently, the word “Hafnium” most commonly referred to an obscure atomic element—atomic number 72 in the Periodic..

DEPENDENCY CONFUSION: A NEW THIRD-PARTY RISK FOR THE SOFTWARE FACTORY

DEPENDENCY CONFUSION: A NEW THIRD-PARTY RISK FOR THE SOFTWARE FACTORY

The SolarWinds attack has been extensively covered over the past two months—and rightly so. It has been characterized..