What is DORA? | Compliance Requirements for EU DORA Regulations | Contrast Security

What is DORA? | Compliance Requirements for EU DORA Regulations | Contrast Security

Cyberattacks, supply-chain issues, flooding, tsunamis, wildfires, equipment failures and even war: The financial sector has no choice but to keep operations running through all these — among other — types of disruptions, challenges and incidents.  ... Read More
Zero Trust Security | Trust ‘Zero Trust’ for Application Security | Contrast Security

Zero Trust Security | Trust ‘Zero Trust’ for Application Security | Contrast Security

|
The perimeter cybersecurity model is like the defensive walls that surround ancient cities. For thousands of years, these walls provided stout defense against invaders arriving by horse and on foot.  ... Read More
Legal liability for insecure software might work, but it's dangerous

Legal liability for insecure software might work, but it’s dangerous

|
Ensuring security in the software market is undeniably crucial, but it is important to strike a balance that avoids excessive government regulation and the burdens associated with government-mandated legal responsibility, also called a liability regime. While there's no question the market is broken with regards to security, and intervention is ... Read More
Cybersecurity Insights with Contrast Co-founder and CTO Jeff Williams | 11/18

Cybersecurity Insights with Contrast Co-founder and CTO Jeff Williams | 11/18

| | Thought Leaders
Insight #1 " Feds continue to push aggressive timelines for requiring app/API security “attestations” from software vendors.  OMB 22-18 is the latest and it requires all software vendors to publish a statement disclosing how they ensure their applications are secure by October 2023."   Insight #2 " Organizations are running ... Read More
Building a modern API security strategy — API protection

Building a modern API security strategy — API protection

| | API security, APIs, rasp
Part four of the five-part series, Building a modern API security strategy ... Read More
Cloudflare Akamai software, engineering, OWASP, organizations, appsec, AppSec Salt Security API security rise GitOps Finite State API APIs tokenization

Is Your AppSec Program Developer-Centric?

You need an AppSec program.  Software supports your business, and you need to know that attackers can’t kick that ground out from under you. But which is the right path to take for your application security program: Minimal, adversarial or developer-centric? Regardless of what bells and whistles you opt for, ... Read More
Security Boulevard
Building a modern API security strategy — API components

Building a modern API security strategy — API components

| | API security, APIs, AppSec
Part three of the five-part series, Building a modern API security strategy ... Read More
Building a modern API security strategy — API testing

Building a modern API security strategy — API testing

Part two of the five-part series, Building a modern API security strategy ... Read More
API inventory: Focusing on runtime code, not never-invoked libraries

API inventory: Focusing on runtime code, not never-invoked libraries

| | API security
Part one of the five-part series, Building a modern API security strategy ... Read More
Building a modern API security strategy: A five-part series — Overview

Building a modern API security strategy: A five-part series — Overview

| | API security, APIs
The Spring4Shell exploit was, really, quite elegant.  ... Read More

Secure Coding Practices