Skip to content

AppSec Observer: vulnerabilities (2)

The latest trends and tips in DevSecOps through instrumentation and security observability. Learn about real-world insight and “in-the-trenches” experiences on topics ranging from application and information security to DevOps and risk management.

Subscribe to Blog
WAF, RASP and Log4Shell

WAF, RASP and Log4Shell

Log4Shell has done an excellent job of making the case for Runtime Application Self-Protection (RASP). Here’s the quick..

Contrast SECURITY VULNERABILITY DETECTION vs the Log4J2 CVE - A demonstration

Contrast SECURITY VULNERABILITY DETECTION vs the Log4J2 CVE - A demonstration

This week, Contrast Security proved that we could detect the Log4j2 vulnerability that caused CVE-2021-44228 and stop..

Detecting a New Grafana Exploit in Go

Detecting a New Grafana Exploit in Go

A new Grafana vulnerability has been discovered that enables arbitrary file reads off the system. This vulnerability..

0-Day Detection of Log4j2 vulnerability

0-Day Detection of Log4j2 vulnerability

The world’s most used logging framework was just hit by the Log4j2 exploit, but DevSecOps teams can quickly identify..

President Biden’s Executive Order: Secure the Software Supply Chain

President Biden’s Executive Order: Secure the Software Supply Chain

In the fallout of a successful ransomware attack on a pipeline that supplies nearly half the East Coast’s gasoline,..

Contrast Labs: Apache Struts CVE-2020-17530

Contrast Labs: Apache Struts CVE-2020-17530

On December 8, 2020, Apache published a security bulletin providing details for CVE-2020-17530, a forced double..

Contrast Security’s Approach to SCA Enables Vulnerability Prioritization and Faster Remediation

Contrast Security’s Approach to SCA Enables Vulnerability Prioritization and Faster Remediation

Open Source Is a Mainstay in Modern Development It goes without saying that modern applications are rarely built from..

Eating Our Own Cooking at Contrast: Securing and Protecting TeamServer

Eating Our Own Cooking at Contrast: Securing and Protecting TeamServer

It’s very rare that one has an opportunity to experience the development of a major software solution from the ground..

Authenticated Remote Code Execution in OpenMRS

Authenticated Remote Code Execution in OpenMRS

Early in May of 2020, Contrast Labs was exploring different ways in which we could help the community or world combat..