Skip to content

AppSec Observer: vulnerabilities (3)

The latest trends and tips in DevSecOps through instrumentation and security observability. Learn about real-world insight and “in-the-trenches” experiences on topics ranging from application and information security to DevOps and risk management.

Subscribe Now
    Topics
    XML External Entity (XXE) Pitfalls With JAXB

    XML External Entity (XXE) Pitfalls With JAXB

    The Java XML Binding (JAXB) runtime that ships with OpenJDK 1.8 uses a default configuration that protects against XML..

    Apache Struts CVE-2019-0230 and How to Block Attacks | Contrast Labs

    Apache Struts CVE-2019-0230 and How to Block Attacks | Contrast Labs

    Note: Special thanks to Alvaro Muñoz (https://twitter.com/pwntester) for correcting us on some very important technical..

    social-media-role-discovering-vulnerabilities

    What Role Should Social Media Play in Discovering Vulnerabilities?

    New research from the Pacific Northwest National Laboratory (PNNL) Data Sciences and Analytics Group shows that 25% of..

    cyberattacks-applications-grow-exponentially

    Cyberattacks on Applications Grow Exponentially, Pose Serious Risk

    The need for digital engagement with customers, partners, and employees has never been greater than it is today. Most..

    Application Security Risk Is 1.7x Higher for Organizations That Fail to Manage Security Debt

    Application Security Risk Is 1.7x Higher for Organizations That Fail to Manage Security Debt

    Analyzing data captured from June 2019 to May 2020, Contrast Labs found that applications experienced over 13,000..

    Assessing API Security Risks, Plotting a Solution

    Assessing API Security Risks, Plotting a Solution

    Application programming interfaces (APIs) are increasingly opening paths to vulnerabilities further down in application..

    Remote Code Execution Deserialization Vulnerability Blocked by Contrast

    Remote Code Execution Deserialization Vulnerability Blocked by Contrast

    On May 20, 2020, the National Vulnerability Database (NVD) published a new CVE—CVE-2020-9484. The..

    Open-Source Python Salt CVEs and the Cisco Server Breach

    Open-Source Python Salt CVEs and the Cisco Server Breach

    Hackers recently exploited two critical vulnerabilities (CVEs) in SaltStack’s "Salt" management framework in order to..

    Contrast Labs: Mapping Risk Profiles for Select OWASP Top 10 Vulnerabilities to Understand Their AppSec Risk

    Contrast Labs: Mapping Risk Profiles for Select OWASP Top 10 Vulnerabilities to Understand Their AppSec Risk

    At Contrast Security, the Contrast Labs team is charged with numerous things. Part of this charter includes looking at..

    Prev 1 2 3 4 Next