Skip to content

AppSec Observer: vulnerabilities (3)

Contrast's application security blog provides the latest trends and tips in DevSecOps through instrumentation and security observability.

Subscribe Now
    Topics
    Authenticated Remote Code Execution in OpenMRS

    Authenticated Remote Code Execution in OpenMRS

    Early in May of 2020, Contrast Labs was exploring different ways in which we could help the community or world combat..

    XML External Entity (XXE) Pitfalls With JAXB

    XML External Entity (XXE) Pitfalls With JAXB

    The Java XML Binding (JAXB) runtime that ships with OpenJDK 1.8 uses a default configuration that protects against XML..

    Apache Struts CVE-2019-0230 Vulnerabilities and How to Block Attacks

    Apache Struts CVE-2019-0230 Vulnerabilities and How to Block Attacks

    Note: Special thanks to Alvaro Muñoz (https://twitter.com/pwntester) for correcting us on some very important technical..

    social-media-role-discovering-vulnerabilities

    What Role Should Social Media Play in Discovering Vulnerabilities?

    New research from the Pacific Northwest National Laboratory (PNNL) Data Sciences and Analytics Group shows that 25% of..

    cyberattacks-applications-grow-exponentially

    Cyberattacks on Applications Grow Exponentially, Pose Serious Risk

    The need for digital engagement with customers, partners, and employees has never been greater than it is today. Most..

    Application Security Risk Is 1.7x Higher for Organizations That Fail to Manage Security Debt

    Application Security Risk Is 1.7x Higher for Organizations That Fail to Manage Security Debt

    Analyzing data captured from June 2019 to May 2020, Contrast Labs found that applications experienced over 13,000..

    Assessing API Security Risks, Plotting a Solution

    Assessing API Security Risks, Plotting a Solution

    Application programming interfaces (APIs) are increasingly opening paths to vulnerabilities further down in application..

    Remote Code Execution Deserialization Vulnerability Blocked by Contrast

    Remote Code Execution Deserialization Vulnerability Blocked by Contrast

    On May 20, 2020, the National Vulnerability Database (NVD) published a new CVE—CVE-2020-9484. The vulnerability..

    Open-Source Python Salt CVEs and the Cisco Server Breach

    Open-Source Python Salt CVEs and the Cisco Server Breach

    Hackers recently exploited two critical vulnerabilities (CVEs) in SaltStack’s "Salt" management framework in order to..