Contrast Scan Adds Support for Client-Side JavaScript – The World’s Most Popular Programming Language

| | AppSec
If you’re looking for the TL;DR version of this announcement, here it is: Contrast Scan has expanded its language coverage to include front-end languages with support for client-side JavaScript (JS) and jQuery. Now that we’ve got that covered, let’s get into the details. Contrast’s mission is to become the world’s ... Read More

Three Reasons Why Contrast SCA Is Best Suited for Log4Shell Rapid Response

| | OSS, security, Vulnerabilities
With Log4j being such a ubiquitous library embedded in tens of millions applications across the Java ecosystem, it’s fairly obvious to understand why the Log4Shell CVE is being treated as a DEFCON 1-class situation. To add salt to the wound, many of the tools leveraged by Security, Ops, and Development ... Read More

SECURING THE SOFTWARE SUPPLY CHAIN STARTS WITH A SOFTWARE BILL OF MATERIALS (SBOM)

|
As readers of the AppSec Observer blog are aware, application attacks have continued unabated throughout the massive economic and social changes of the past two years. Most readers are also aware that an increasing number of cyberattacks target the software supply chain. The devastating SolarWinds attack in 2020 was followed ... Read More

Understanding Software Supply Chain Risks and How to Mitigate Them

|
As demand for new applications continues to rise, developers are adapting new tools and techniques to accelerate their release cycles and lower costs. As a result, modern software has evolved to include four different elements: ... Read More

What Security Lessons Can Come From the Kaseya Ransomware Attack?

|
This year will be remembered as annus horribilis for attacks against the software supply chain. In the first half of 2021, prominent attacks against SolarWinds and Microsoft Exchange both highlighted the collateral impact and potential reach of targeting the software supply chain. One of the latest examples in this trend ... Read More

Contrast Security’s Approach to SCA Enables Vulnerability Prioritization and Faster Remediation

| | OSS, Vulnerabilities
Open Source Is a Mainstay in Modern Development It goes without saying that modern applications are rarely built from scratch today. Open-source software (OSS) communities are well-organized and licensing is usually pretty clear. Thus, when developers build applications, their first instinct is to use open source. Open source can provide ... Read More

The Risks Associated with OSS and How to Mitigate Them

| | OSS
Open source has become nearly ubiquitous with Agile and DevOps. It offers development teams the ability to quickly and easily scale their software development life cycles (SDLC). At the same time, open-source software (OSS) components can introduce security vulnerabilities, licensing issues, and development workflow challenges. Open-source risks include both licensing ... Read More

Mitigating the Risks of Open-source Software in DevOps

| | OSS
Speed matters when it comes to developing and releasing a new software title—nearly two-thirds of software companies report a development backlog. So, it should come as no surprise to hear that developers have been increasingly relying on open-source software (OSS) components. A given application today might be built from as ... Read More