Skip to content

AppSec Observer: vulnerabilities

Contrast's application security blog provides the latest trends and tips in DevSecOps through instrumentation and security observability.

Subscribe Now
    Topics
    Cybersecurity Insights with Contrast CISO David Lindner | 3/15/24

    Cybersecurity Insights with Contrast CISO David Lindner | 3/15/24

    Insight #1 If you want insight into how difficult security is, look at the Cybersecurity and Infrastructure Security..

    Cybersecurity Insights with Contrast CISO David Lindner | 3/8/24

    Cybersecurity Insights with Contrast CISO David Lindner | 3/8/24

    Insight #1 If you’re not performing routine tabletop exercises to ensure that your organization is protected from..

    Cybersecurity Insights with Contrast CISO David Lindner | 10/13

    Cybersecurity Insights with Contrast CISO David Lindner | 10/13

    Insight #1 Google is now defaulting to the use of passkeys for authentication. This is a huge step in increasing the..

    Contrast Protect eliminates another zero-day headache

    Contrast Protect eliminates another zero-day headache

    On June 2nd, Atlassian released a security advisory about another remote code execution vulnerability (CVE-2022-26134)..

    Log4J 2.17.1 - Lower Risk, Patch When You Can

    Log4J 2.17.1 - Lower Risk, Patch When You Can

    The season of Log4J vulnerabilities continues with a new Log4J 2.17.1 released on December 28, however the risk is..

    Expression language and deserialization attacks on the rise in lead-up to Log4j vulnerability

    Expression language and deserialization attacks on the rise in lead-up to Log4j vulnerability

    It’s been a couple of weeks since the first public disclosure of the Log4j vulnerability. A lot has happened - perhaps..

    Three Reasons Why Contrast SCA Is Best Suited for Log4Shell Rapid Response

    Three Reasons Why Contrast SCA Is Best Suited for Log4Shell Rapid Response

    With Log4j being such a ubiquitous library embedded in tens of millions applications across the Java ecosystem, it’s..

    [Upgrade to 2.17] Updated Guidance on Addressing Log4J CVEs

    [Upgrade to 2.17] Updated Guidance on Addressing Log4J CVEs

    The Apache Software Foundation provided another update to log4j (version 2.17.0) to address a new CVE-2021-45105 on..

    Contrast Security Protects Serverless applications from Log4j Attacks

    Contrast Security Protects Serverless applications from Log4j Attacks

    The Log4j flaw (also now known as "Log4Shell"), is a zero-day vulnerability (CVE-2021-44228) that came to light on..