SECURITY INFLUENCERS BLOG

Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

START FREE TRIAL

Authenticated Remote Code Execution in OpenMRS

Early in May of 2020, Contrast Labs was exploring different ways in which we could help the community or world combat the increase in attacks against medical and testing facilities. We decided quickly that doing some form of hack-a-thon on OpenMRS..

Continue Reading >>

XML External Entity (XXE) Pitfalls With JAXB

The Java XML Binding (JAXB) runtime that ships with OpenJDK 1.8 uses a default configuration that protects against XML external entity (XXE) attacks. Contrast researched this secure default configuration and found that developers should not rely..

Continue Reading >>

Contrast Labs: Apache Struts CVE-2019-0230 and How to Block Attacks

Note: Special thanks to Alvaro Muñoz (https://twitter.com/pwntester) for correcting us on some very important technical facts in our original copy of this blog.

Continue Reading >>

Assessing API Security Risks, Plotting a Solution

Application programming interfaces (APIs) are increasingly opening paths to vulnerabilities further down in application architectures. But legacy security testing approaches and firewalls are an inefficient and ineffective approach to securing..

Continue Reading >>

Contrast Labs: Mapping Risk Profiles for Select OWASP Top 10 Vulnerabilities to Understand Their AppSec Risk

At Contrast Security, the Contrast Labs team is charged with numerous things. Part of this charter includes looking at threat intelligence and understanding the true threat landscape. This encompasses risks that different vulnerabilities may pose..

Continue Reading >>

Public WiFi is actually still pretty dangerous

I wanted to write a short response to an article EFF posted, Why Public Wi-Fi is a Lot Safer Than You Think. It's no secret transport layer security has vastly improved over the years -- so I generally agree with a lot of the points made here. For..

Continue Reading >>

DECEMBER 2019 AppSec Intelligence Report

This report summarizes Contrast Labs' analysis of real world application attack and vulnerability data from December 2019. By providing continuous insight and detection from inside applications, Contrast can identify and trend the way that..

Continue Reading >>

November 2019 AppSec Intelligence Report

This report summarizes Contrast Labs' analysis of real world application attack and vulnerability data from November 2019. It builds on data that Contrast Security observed over the previous months and highlights to highlight key trends and useful..

Continue Reading >>

September 2019 APPSEC INTELLIGENCE REPORT

This report summarizes Contrast Labs' analysis of real world application attack and vulnerability data from September 2019. It utilizes data from attacks that Contrast Security observed over the previous months and highlights the key trends..

Continue Reading >>

August 2019 AppSec Intelligence Report

This report summarizes Contrast Labs' analysis of real world application attack and vulnerability data from August 2019. It utilizes data from attacks that Contrast Security observed over the previous months and highlights the key trends found. 

Continue Reading >>

SUBSCRIBE TO THE BLOG