Joseph Beeton, Senior Application Security Researcher, Contrast Security
AppSec Observer

Contrast MCP Server | AI Code Security and Vulnerability Remediation | Contrast Security

Contrast MCP Server | AI Code Security and Vulnerability Remediation | Contrast Security

| | AI Code Security, AI Coding Agent, Contrast MCP Server, GitHub Copilot, Interactive Application Security Testing (IAST), JNDI Vulnerability, Model Context Protocol (MCP), sql injection, Vulnerability Remediation
Contrast Security is proud to announce the launch of our MCP server. Smart assistants help you find and fix mistakes in your writing. Now, picture an assistant fixing security weaknesses in your code. An IDE-based AI agent, such as Copilot, armed with Contrast’s MCP server, can do just that!  ... Read More
AppSec Observer
CSRF Vulnerability in NSA’s SkillTree Training Platform Discovered by Contrast IAST | Contrast Security

CSRF Vulnerability in NSA’s SkillTree Training Platform Discovered by Contrast IAST | Contrast Security

| | Contrast Assess, CSRF, cyberattacks, IAST, runtime security, Vulnerabilities
Contrast Security Assess — Contrast’s Interactive Application Security Testing (IAST) Application Security (AppSec) technology — has uncovered a vulnerability in a training platform called SkillTree that’s maintained on GitHub by the National Security Agency (NSA).  ... Read More
AppSec Observer
Contrast Security discovers Netflix OSS Genie application path traversal vulnerability that can lead to RCE during file upload

Contrast Security discovers Netflix OSS Genie application path traversal vulnerability that can lead to RCE during file upload

| | Contrast Assess, Contrast Protect, Directory Traversal, Genie, netflix, path traversal, vulnerability
Genie is a federated big data orchestration and execution engine developed and open sourced by Netflix.  ... Read More
AppSec Observer
Zero-day Confluence RCE Vulnerability Blocked by Contrast Runtime Security | CVE-2023-22527 | Contrast Security

Zero-day Confluence RCE Vulnerability Blocked by Contrast Runtime Security | CVE-2023-22527 | Contrast Security

| | Contrast Protect, CVE, rasp, rce, runtime security
If your organization is running an older version of Atlassian Confluence Server that’s affected by CVE-2023-22527 — the critical remote-code execution (RCE) zero day discovered recently — you either ... Read More
AppSec Observer
Discovering MLflow Framework Zero-day Vulnerability | Machine Language Model Security | Contrast Security

Discovering MLflow Framework Zero-day Vulnerability | Machine Language Model Security | Contrast Security

| | APIs, CVE, machine learning, MLflow
Most Machine Language (ML) tools — including the development frameworks used for managing ML life cycles — are relatively new, which means they could well  have security vulnerabilities.  ... Read More
AppSec Observer
Contrast Assess uncovers Spring-Kafka deserialization zero day

Contrast Assess uncovers Spring-Kafka deserialization zero day

|
Earlier in August, a Contrast Security customer reported what they initially thought was a false positive: a deserialization vulnerability in Spring-Kafka.  ... Read More
AppSec Observer
Contrast discovers zero-day flaw in popular Quarkus Java framework

Localhost attack against Quarkus developers | Contrast Security

|
While preparing a talk for the recent DeepSec Conference about attacking the developer environment through drive-by localhost, I reviewed some popular Java frameworks to see if they were vulnerable ... Read More
AppSec Observer