Skip to content

AppSec Observer: Threat (2)

Contrast's application security blog provides the latest trends and tips in DevSecOps through instrumentation and security observability.

Subscribe Now
    Topics
    Authenticated Remote Code Execution in OpenMRS

    Authenticated Remote Code Execution in OpenMRS

    Early in May of 2020, Contrast Labs was exploring different ways in which we could help the community or world combat..

    XML External Entity (XXE) Pitfalls With JAXB

    XML External Entity (XXE) Pitfalls With JAXB

    The Java XML Binding (JAXB) runtime that ships with OpenJDK 1.8 uses a default configuration that protects against XML..

    Apache Struts CVE-2019-0230 Vulnerabilities and How to Block Attacks

    Apache Struts CVE-2019-0230 Vulnerabilities and How to Block Attacks

    Note: Special thanks to Alvaro Muñoz (https://twitter.com/pwntester) for correcting us on some very important technical..

    Assessing API Security Risks, Plotting a Solution

    Assessing API Security Risks, Plotting a Solution

    Application programming interfaces (APIs) are increasingly opening paths to vulnerabilities further down in application..

    Contrast Labs: Mapping Risk Profiles for Select OWASP Top 10 Vulnerabilities to Understand Their AppSec Risk

    Contrast Labs: Mapping Risk Profiles for Select OWASP Top 10 Vulnerabilities to Understand Their AppSec Risk

    At Contrast Security, the Contrast Labs team is charged with numerous things. Part of this charter includes looking at..

    Public WiFi is actually still pretty dangerous

    I wanted to write a short response to an article EFF posted, Why Public Wi-Fi is a Lot Safer Than You Think. It's no..

    DECEMBER 2019 AppSec Intelligence Report

    DECEMBER 2019 AppSec Intelligence Report

    This report summarizes Contrast Labs' analysis of real world application attack and vulnerability data from December..

    November 2019 AppSec Intelligence Report

    This report summarizes Contrast Labs' analysis of real world application attack and vulnerability data from November..

    Screen Shot 2019-10-17 at 1.15.28 PM

    September 2019 APPSEC INTELLIGENCE REPORT

    This report summarizes Contrast Labs' analysis of real world application attack and vulnerability data from September..