SECURITY INFLUENCERS BLOG

Security Influencers provides real-world insight and “in-the-trenches” experiences on topics ranging from software application security to DevOps and cloud security.

START FREE TRIAL

Remote Code Execution Deserialization Vulnerability Blocked by Contrast

On May 20, 2020, the National Vulnerability Database (NVD) published a new CVE—CVE-2020-9484. The vulnerability associated with CVE-2020-9484 allows any anonymous attacker with internet access to submit a malicious request to a Tomcat Server that..

Continue Reading >>

Open-Source Python Salt CVEs and the Cisco Server Breach

Hackers recently exploited two critical vulnerabilities (CVEs) in SaltStack’s "Salt" management framework in order to compromise a handful of servers at Cisco. As defined by the National Vulnerability Database (NVD), the specific CVEs in question..

Continue Reading >>

Contrast Labs: Mapping Risk Profiles for Select OWASP Top 10 Vulnerabilities to Understand Their AppSec Risk

At Contrast Security, the Contrast Labs team is charged with numerous things. Part of this charter includes looking at threat intelligence and understanding the true threat landscape. This encompasses risks that different vulnerabilities may pose to..

Continue Reading >>

Contrast Labs: CVE-2020-11444: Privilege Escalation Vulnerability in Sonatype Nexus Repository Manager

In this time of COVID-19, social distancing, stay at home, shelter in place, and all the other things that force us to really do nothing outside the home, I have spent more time bug hunting.

Continue Reading >>

What Vulnerabilities and Attacks Matter? Insights from Contrast Labs’ AppSec Intelligence Report

The threat landscape is constantly evolving, growing in sophistication as well as volume and velocity. This presents serious challenges for organizations of all sizes and industry sectors. Software applications are a top target when it comes to..

Continue Reading >>

Contrast Labs: Google Sheets Stored XSS Vulnerability in COVID-19 Table

 

Continue Reading >>

3 Steps to Manage Vulnerabilities. Lessons from Surviving a Zombie Infestation.

ByDena DeAngelo October 30, 2019

Whether you’re scoping out your strategic survival plan in the event of a potential Zombie Apocalypse or drafting up your company’s security strategy, outlining some key rules of engagement will help increase your chances for a healthy outcome. In..

Continue Reading >>

Elite Performers Choose Simpler Tools

I was fascinated to read this year’s   Accelerate State of DevOps Report 2019  which now represents six years of research and data from over 31,000 professionals in our industry. It delivers insight into the practices and capabilities that..
Continue Reading >>

SUBSCRIBE TO THE BLOG