Skip to content

AppSec Observer: vulnerabilities (2)

Contrast's application security blog provides the latest trends and tips in DevSecOps through instrumentation and security observability.

Subscribe Now
    Topics
    Log4Shell By The Numbers

    Log4Shell By The Numbers

    We monitor many thousands of applications with Contrast Assess (IAST), Contrast SCA, and Contrast Protect (RASP) so we..

    Updated Guidance on Addressing Log4J CVEs

    Updated Guidance on Addressing Log4J CVEs

    The information below is no longer current against the evolving security landscape. See [updated guidance] again on..

    Instantly Inoculate Your Servers Against Log4J With New Open Source Tool

    Instantly Inoculate Your Servers Against Log4J With New Open Source Tool

    Contrast is releasing SafeLog4j, a free and open-source, general purpose tool that can detect/verify vulnerable log4j..

    WAF, RASP and Log4Shell

    WAF, RASP and Log4Shell

    Log4Shell has done an excellent job of making the case for Runtime Application Self-Protection (RASP). Here’s the quick..

    Contrast SECURITY VULNERABILITY DETECTION vs the Log4J2 CVE - A demonstration

    Contrast SECURITY VULNERABILITY DETECTION vs the Log4J2 CVE - A demonstration

    This week, Contrast Security proved that we could detect the Log4j2 vulnerability that caused CVE-2021-44228 and stop..

    Detecting a New Grafana Exploit in Go

    Detecting a New Grafana Exploit in Go

    A new Grafana vulnerability has been discovered that enables arbitrary file reads off the system. This vulnerability..

    0-Day Detection of Log4j2 Exploit Vulnerability

    0-Day Detection of Log4j2 Exploit Vulnerability

    The world’s most used logging framework was just hit by the Log4j2 exploit, but DevSecOps teams can quickly identify..

    President Biden’s Executive Cybersecurity Order: Secure the Software Supply Chain

    President Biden’s Executive Cybersecurity Order: Secure the Software Supply Chain

    In the fallout of a successful ransomware attack on a pipeline that supplies nearly half the East Coast’s gasoline,..

    Contrast Labs: Apache Struts CVE-2020-17530

    Contrast Labs: Apache Struts CVE-2020-17530

    On December 8, 2020, Apache published a security bulletin providing details for CVE-2020-17530, a forced double..