Why You Need Both a WAF and RASP to Protect Your Web Applications

Why You Need Both a WAF and RASP to Protect Your Web Applications

One thing that you learn in the technology space is that change is constant. Companies, solutions, and people who sit on their laurels can find themselves in a position of never-ending catch up. For security operations and application security professionals who rely exclusively on web application firewalls (WAFs), this should ... Read More
Using Contrast to prevent the Weblogic Remote Code Execution (RCE) Deserialization Vulnerability - CVE-2019-2725

Using Contrast to prevent the Weblogic Remote Code Execution (RCE) Deserialization Vulnerability – CVE-2019-2725

On April 17, 2019, Oracle released a Critical Patch Advisory with 254 patches. One of the vulnerabilities addressed was for CVE-2019-2725. The vulnerability associated with CVE-2019-2725 allows any anonymous attacker with internet access to submit a malicious request to the Oracle WebLogic Server component of Oracle Fusion Middleware that would ... Read More
Ghost Privilege Escalation

Privilege Escalation in Popular Blogging Platform

Ghost is a popular open source blogging platform written in Node.js. It is downloaded around 8,500 times a week according to npm ... Read More

3 Key Takeaways from Locomocosec

I had the pleasure of attending this year’s Locomocosec on the beautiful island of Kaua’i. The conference was in its second year and was a 3-day single-track conference focused primarily on product security. There was a perfect mix of companies represented in the 20+ speakers, 150+ attendees, and 10+ sponsors ... Read More
Using Contrast to Prevent Bootstrap-sass RubyGem Remote Code Execution (RCE)

Using Contrast to Prevent Bootstrap-sass RubyGem Remote Code Execution (RCE)

On March 26, 2019, malicious attackers uploaded a vulnerable version, 3.2.0.3, of the widely used bootstrap-sass Ruby gem. This gem has been downloaded an astonishing number of times - exactly 27,991,888 times, according to RubyGems. User dgb posted an issue in GitHub that outlined the malicious code. The malicious code ... Read More