Platform
Contrast Secure Code Platform

Contrast Scan (SAST)

Contrast Assess (IAST)

Contrast Protect (RASP)

Contrast Software Composition Analysis (SCA)

Contrast Serverless (Cloud Native)
Developer Central

Log4j Response

Pricing

How We Compare

Languages

Integrations
Solutions
BY USE CASE

Why IAST?

DevSecOps

Automated Penetration Testing

AppSec Monitoring

API Security

Software Supply Chain Security

Runtime Protection

Software Bills of Materials (SBOMs)

GitHub CI/CD

Compliance Testing

Services

BY DEPARTMENT

Dev and DevOps Teams

Security

DevSecOps

CISO

BY INDUSTRY

Government

Financial Services

Healthcare

Others
Partner
Technology Partners

Systems Integrators

Ecosystem Integrations

Managed Security Services Providers

Channel Partners Overview

Cloud Partners

GitHub
Partner Program Overview

Become a Partner

Find a Partner

Visit Partner Portal
GITHUB ACTIONS BLOG SERIES, PART 1: PIPELINE NATIVE CODE ANALYSIS

Read the Blog
Customers
Company
About Us

Leadership Team

Culture & Careers

Women of Contrast

Contact Us
Blog

Events & Webinars

Newsroom

Podcast

Awards
Contrast Security recognized as a Visionary by Gartner in Application Security Testing.

Learn More
Resources
Contrast for Developers

Contrast Secure Code Learn Hub

Contrast Community

Resource Center

OWASP Top 10

Accountability & Transparency

SBOMs

ContrastLive

Support

Services

Trust Center

Documentation

Product Release Notes

Blog

Podcast

Events

Glossary
Contrast Incident Response Hub

Spring4Shell Vulnerability

Log4j Vulnerability

Weekly CISO Update

Trust Center
Developers

What is OWASP, and Why it Matters for AppSec

By Christine Carrig, Director of Marketing

February 23, 2017

Vulnerability research conducted by Contrast Labs was referenced in an article "What is OWASP and Why it Matters for AppSec." The Network World article, written by Michelle Drolet, discusses OWASP and why it proves the need for modern, well-funded application security programs.

Drolet notes in the article that organizations are not committing sufficient resources or attaching enough importance to software security. She states: "The importance of application security (AppSec) is widely understood, with 97 percent of respondents to the SANS Institute’s 2016 State of Application Security report revealing they have an AppSec program in place...

However, only 26 percent of respondents described their AppSec program as mature or very mature."

Below is an excerpt from Network World
Click here to read the complete article >>

OWASP a Source of Impartial Advice

It can be difficult to find unbiased advice and practical information to help you develop your AppSec program. The competitive technology and services market has plenty to say, but much of it is designed to steer you toward a particular tool or service provider.

The Open Web Application Security Project (OWASP) was formed to offer genuinely impartial advice on AppSec best practices and to foster the creation of open standards.

Anyone may participate in and support OWASP. The materials and guidelines it offers are completely free of charge and available under an open software license.

Ignore the OWASP Top 10 at Your Peril

You might assume a free set of guidelines like this, developed by some of the best minds in worldwide software security, would serve as a standard framework for developers, but sadly that doesn’t seem to be the case.

Today, as many as 25% of web applications are vulnerable to eight of the OWASP Top 10, according to Contrast Labs, with 80% possessing at least one vulnerability. Contrast Labs found that sensitive data exposure topped the list, affecting 69% of applications tested. CSRF (Cross-Site Request Forgery) was second, affecting 55% of apps, and broken authentication and session management was third, affecting 41% of apps.

It’s clear organizations must implement more accurate, continuous and scalable solutions to tackling the application security challenge.

Application Security Thought Leaders

Christine Carrig, Director of Marketing

Christine’s wide breadth of marketing experience has been focused on driving revenue, building brand recognition, and creating demand-generation programs in technology organizations. For the past 11 years, her deep understanding of marketing principles, coupled with forward thinking, has been instrumental in transforming application security start-ups into successful, profitable companies.

A Word About Security in Application LifeCycle Management (ALM)

It’s Still Flu Season: Get a Flu Shot! Masks Won’t Help — Same Goes for AppSec — Read a WAF Comparison

BY USE CASE

BY DEPARTMENT

BY INDUSTRY

GITHUB ACTIONS BLOG SERIES, PART 1: PIPELINE NATIVE CODE ANALYSIS

Contrast Security recognized as a Visionary by Gartner in Application Security Testing.

Contrast Incident Response Hub

What is OWASP, and Why it Matters for AppSec

Below is an excerpt from Network WorldClick here to read the complete article >>

OWASP a Source of Impartial Advice

Christine Carrig, Director of Marketing

Loving our content? Subscribe now!

Below is an excerpt from Network World
Click here to read the complete article >>