Preventing the initial Spring4Shell exploit, a demonstration
The hits keep coming. Spring4Shell is the latest zero-day security issue that takes advantage of a vulnerability in a widely adopted application framework for Java – the Spring Framework. Our own data shows 74% of Java applications use Spring Core. This vulnerability impacts Spring MVC and Spring WebFlux applications running ... Read More
Navigating (and Responding) to the Federal Binding Operations Directive 22-01 | Contrast Security
The Directive Just over two weeks ago, on November 3rd, the Cybersecurity and Infrastructure Security Agency (CISA), a division of the U.S. Department of Homeland Security, issued a binding directive that instructed Federal agencies to fix hundreds of known vulnerabilities in their networks, and fix them by specified dates. It’s ... Read More
The Right Way To Shift Right in Application Security
Protection Must Go Where the Attacks Happen: in Production ... Read More
