Skip to content

AppSec Observer: vulnerabilities

Contrast's application security blog provides the latest trends and tips in DevSecOps through instrumentation and security observability. Learn about real-world insight and “in-the-trenches” experiences on topics ranging from application and information security to DevOps and risk management.

Subscribe Now
    Topics
    Cybersecurity Insights with Contrast CISO David Lindner | 10/13

    Cybersecurity Insights with Contrast CISO David Lindner | 10/13

    Insight #1 Google is now defaulting to the use of passkeys for authentication. This is a huge step in increasing the..

    Contrast Protect eliminates another zero-day headache

    Contrast Protect eliminates another zero-day headache

    On June 2nd, Atlassian released a security advisory about another remote code execution vulnerability (CVE-2022-26134)..

    Log4J 2.17.1 - Lower Risk, Patch When You Can

    Log4J 2.17.1 - Lower Risk, Patch When You Can

    The season of Log4J vulnerabilities continues with a new Log4J 2.17.1 released on December 28, however the risk is..

    Expression language and deserialization attacks on the rise in lead-up to Log4j vulnerability

    Expression language and deserialization attacks on the rise in lead-up to Log4j vulnerability

    It’s been a couple of weeks since the first public disclosure of the Log4j vulnerability. A lot has happened - perhaps..

    Three Reasons Why Contrast SCA Is Best Suited for Log4Shell Rapid Response

    Three Reasons Why Contrast SCA Is Best Suited for Log4Shell Rapid Response

    With Log4j being such a ubiquitous library embedded in tens of millions applications across the Java ecosystem, it’s..

    [Upgrade to 2.17] Updated Guidance on Addressing Log4J CVEs

    [Upgrade to 2.17] Updated Guidance on Addressing Log4J CVEs

    The Apache Software Foundation provided another update to log4j (version 2.17.0) to address a new CVE-2021-45105 on..

    Contrast Security Protects Serverless applications from Log4j Attacks

    Contrast Security Protects Serverless applications from Log4j Attacks

    The Log4j flaw (also now known as "Log4Shell"), is a zero-day vulnerability (CVE-2021-44228) that came to light on..

    Log4Shell By The Numbers

    Log4Shell By The Numbers

    We monitor many thousands of applications with Contrast Assess (IAST), Contrast SCA, and Contrast Protect (RASP) so we..

    Updated Guidance on Addressing Log4J CVEs

    Updated Guidance on Addressing Log4J CVEs

    The information below is no longer current against the evolving security landscape. See [updated guidance] again on..