Contrast Scan now supports C# applications for .NET Web Forms

Contrast Scan now supports C# applications for .NET Web Forms

|
Contrast is pleased to announce another major milestone in our expanding breadth of coverage for Contrast Scan. Contrast Scan now supports security testing for C# applications using ASP.NET Web Forms, one of the longest standing frameworks in the .NET ecosystem. Users running .NET Framework v.4.7 and above can take advantage ... Read More
ESG analyst discusses how to ship secure, tested code and rapidly remediate issues without headaches

ESG analyst discusses how to ship secure, tested code and rapidly remediate issues without headaches

|
Securing the DevOps pipeline can be a challenge, even for companies that have security in their DNA. And you're not alone if you feel like you're juggling a lot of tools and processes to make it work ... Read More
New Gartner® Report Details How Businesses Should Incorporate SBOMS Into The SDLC

New Gartner® Report Details How Businesses Should Incorporate SBOMS Into The SDLC

| | Thought Leaders
The proliferation of third-party software, especially open-source software (OSS), is a mainstay in modern development. Research by Contrast estimates that the average Java library contains 118 individual open-source libraries - each of those calling even more transitive dependencies at build time. While the proliferation of open-source at large is no ... Read More

GitHub Actions Blog Series, Part 1: Pipeline Native Code Analysis

| | DEVOPS, scan
Contrast Security, the leader in next-gen code security, today announced its partnership with GitHub and the availability of its suite of GitHub Actions, simplifying the process for developers to ensure the code they build is free of security vulnerabilities. By partnering with the world’s largest developer community, Contrast has made ... Read More

Contrast Scan Adds Support for Client-Side JavaScript – The World’s Most Popular Programming Language

| | AppSec
If you’re looking for the TL;DR version of this announcement, here it is: Contrast Scan has expanded its language coverage to include front-end languages with support for client-side JavaScript (JS) and jQuery. Now that we’ve got that covered, let’s get into the details. Contrast’s mission is to become the world’s ... Read More

Three Reasons Why Contrast SCA Is Best Suited for Log4Shell Rapid Response

| | OSS, security, Vulnerabilities
With Log4j being such a ubiquitous library embedded in tens of millions applications across the Java ecosystem, it’s fairly obvious to understand why the Log4Shell CVE is being treated as a DEFCON 1-class situation. To add salt to the wound, many of the tools leveraged by Security, Ops, and Development ... Read More

SECURING THE SOFTWARE SUPPLY CHAIN STARTS WITH A SOFTWARE BILL OF MATERIALS (SBOM)

|
As readers of the AppSec Observer blog are aware, application attacks have continued unabated throughout the massive economic and social changes of the past two years. Most readers are also aware that an increasing number of cyberattacks target the software supply chain. The devastating SolarWinds attack in 2020 was followed ... Read More

Understanding Software Supply Chain Risks and How to Mitigate Them

|
As demand for new applications continues to rise, developers are adapting new tools and techniques to accelerate their release cycles and lower costs. As a result, modern software has evolved to include four different elements: ... Read More

What Security Lessons Can Come From the Kaseya Ransomware Attack?

|
This year will be remembered as annus horribilis for attacks against the software supply chain. In the first half of 2021, prominent attacks against SolarWinds and Microsoft Exchange both highlighted the collateral impact and potential reach of targeting the software supply chain. One of the latest examples in this trend ... Read More

Contrast Security’s Approach to SCA Enables Vulnerability Prioritization and Faster Remediation

| | OSS, Vulnerabilities
Open Source Is a Mainstay in Modern Development It goes without saying that modern applications are rarely built from scratch today. Open-source software (OSS) communities are well-organized and licensing is usually pretty clear. Thus, when developers build applications, their first instinct is to use open source. Open source can provide ... Read More