Securing Server-Side Kotlin
I’m excited to expand Contrast Assess language coverage to include Kotlin as a General Availability language. This new language gives us an even larger footprint on the Java ecosystem that already includes Java, Scala, Spring, Java/Jakarta EE, and many other frameworks. The new Kotlin agent can be used by all ... Read More
Log4J 2.7.1 – Lower Risk, Patch When You Can
The season of Log4J vulnerabilities continues with a new Log4J 2.7.1 released on December 28, however the risk is lower than others. Teams that have not patched previous Log4J updates must do so immediately, teams that have been diligent on patching should simply factor this patch for CVE-2021-44382 into their ... Read More
[Upgrade to 2.17] Updated Guidance on Addressing Log4J CVEs
This morning, the Apache Software Foundation provided another update to log4j (version 2.17.0) to address a new CVE-2021-45105. Contrast recommends using this most secure version ... Read More
Instantly Inoculate Your Servers Against Log4J With New Open Source Tool
Contrast is releasing SafeLog4j, a free and open-source, general purpose tool that can detect/verify vulnerable log4j applications and protect them. The utility works with user-developed and third party applications, does not require source code, and works against WAF bypass attacks ... Read More
Scaling to Scala
Scala developers ship quickly, using the power of a scalable language as their ideas move from concept to prototype and production. As a language that runs on the JVM, it's a natural fit to work with Contrast's fast security detection to keep vulnerabilities out of production. We're excited to partner with many engineering organizations ... Read More
0-Day Detection of Log4j2 vulnerability
The world’s most used logging framework was just hit, but Contrast users can breathe easy ... Read More
The Trojan Source is Not Your Mane Problem
A recently published paper provides a logo and slick polish for an old vulnerability about the ability of certain unicode characters to render differently for human reviewers than the machines that execute the instructions ... Read More
Contrast Meets Kenna: Teaming Up To Manage Vulnerabilities
A new joint solution from Contrast Security and Kenna Security enables organizations to manage vulnerabilities in one location with fewer false positives to simplify application security programs on both custom and third-party code ... Read More
Secure Coding with Go
All Systems Go—Except Application Security Google Go (also known as Golang) continues its role as a popular software language that enables developers to ship quality code at a rapid pace. Its genesis can be traced back to when Google engineers set out to create an easy-to-use programming language that would ... Read More