Skip to content

AppSec Observer: vulnerabilities (3)

The latest trends and tips in DevSecOps through instrumentation and security observability. Learn about real-world insight and “in-the-trenches” experiences on topics ranging from application and information security to DevOps and risk management.

Subscribe to Blog
XML External Entity (XXE) Pitfalls With JAXB

XML External Entity (XXE) Pitfalls With JAXB

The Java XML Binding (JAXB) runtime that ships with OpenJDK 1.8 uses a default configuration that protects against XML..

Apache Struts CVE-2019-0230 and How to Block Attacks | Contrast Labs

Apache Struts CVE-2019-0230 and How to Block Attacks | Contrast Labs

Note: Special thanks to Alvaro Muñoz (https://twitter.com/pwntester) for correcting us on some very important technical..

social-media-role-discovering-vulnerabilities

What Role Should Social Media Play in Discovering Vulnerabilities?

New research from the Pacific Northwest National Laboratory (PNNL) Data Sciences and Analytics Group shows that 25% of..

cyberattacks-applications-grow-exponentially

Cyberattacks on Applications Grow Exponentially, Pose Serious Risk

The need for digital engagement with customers, partners, and employees has never been greater than it is today. Most..

Application Security Risk Is 1.7x Higher for Organizations That Fail to Manage Security Debt

Application Security Risk Is 1.7x Higher for Organizations That Fail to Manage Security Debt

Analyzing data captured from June 2019 to May 2020, Contrast Labs found that applications experienced over 13,000..

Assessing API Security Risks, Plotting a Solution

Assessing API Security Risks, Plotting a Solution

Application programming interfaces (APIs) are increasingly opening paths to vulnerabilities further down in application..

Remote Code Execution Deserialization Vulnerability Blocked by Contrast

Remote Code Execution Deserialization Vulnerability Blocked by Contrast

On May 20, 2020, the National Vulnerability Database (NVD) published a new CVE—CVE-2020-9484. The..

Open-Source Python Salt CVEs and the Cisco Server Breach

Open-Source Python Salt CVEs and the Cisco Server Breach

Hackers recently exploited two critical vulnerabilities (CVEs) in SaltStack’s "Salt" management framework in order to..

Contrast Labs: Mapping Risk Profiles for Select OWASP Top 10 Vulnerabilities to Understand Their AppSec Risk

Contrast Labs: Mapping Risk Profiles for Select OWASP Top 10 Vulnerabilities to Understand Their AppSec Risk

At Contrast Security, the Contrast Labs team is charged with numerous things. Part of this charter includes looking at..