Syndicated Blog - Security Boulevard

Syndicated Blog

AppSec Observer
The latest trends and tips in DevSecOps through instrumentation and security observability. Learn about real-world insight and “in-the-trenches” experiences on topics ranging from application and information security to DevOps and risk management.

Navigating (and Responding) to the Federal Binding Operations Directive 22-01 | Contrast Security

|
The Directive Just over two weeks ago, on November 3rd, the Cybersecurity and Infrastructure Security Agency (CISA), a division of the U.S. Department of Homeland Security, issued a binding directive that instructed ...

The Trojan Source is Not Your Mane Problem

A recently published paper provides a logo and slick polish for an old vulnerability about the ability of certain unicode characters to render differently for human reviewers than the machines that execute ...
Gartner peer insights customers' choice 2021

Contrast Security named a 2021 Gartner Peer Insights Customers’ Choice for the 3rd year in a row for Application Security Testing

Contrast Security receives 94% willingness to recommend based on 74 customer reviews As Contrast Security continues to shape the future of the Application Security Testing market, it’s especially gratifying to have our ...

SECURING THE SOFTWARE SUPPLY CHAIN STARTS WITH A SOFTWARE BILL OF MATERIALS (SBOM)

|
As readers of the AppSec Observer blog are aware, application attacks have continued unabated throughout the massive economic and social changes of the past two years. Most readers are also aware that ...

Understanding Software Supply Chain Risks and How to Mitigate Them

|
As demand for new applications continues to rise, developers are adapting new tools and techniques to accelerate their release cycles and lower costs. As a result, modern software has evolved to include ...
Transforming Modern Software Development with Developer-First AppSec - Jeff Williams - ASW 166

Why We Need “Developer-First” Application Security

I recently did a podcast with Security Weekly that highlights developer-first application security. A recent survey that we conducted shows that, despite increasing pressure for accelerated release cycles, developers actually are interested ...

Contrast Security Champions Cybersecurity Awareness Month: Do Your Part. #BeCyberSmart

Contrast is proud to be a 2021 Champion for Cybersecurity Awareness Month throughout October—helping to promote global awareness of online safety and privacy. Co-led by the National Cyber Security Alliance and the ...

THE 2021 OWASP TOP TEN EMPHASIZES SECURITY CONTROL AREAS OVER INDIVIDUAL VULNERABILITIES FOR IMPROVED RISK MANAGEMENT

The primary goal of the OWASP Top Ten has always been to drive awareness of the biggest application security risks out there, and thereby establish a “floor” or minimum standard for application ...

IAST Is the Only Way to Accurately Detect SSRF

With server-side request forgery (SSRF) becoming a more important bug class in the era of microservices, I wanted to show why interactive application security testing (IAST) is the only tool for detecting ...

Contrast Security Bug Bounty Program: Bounty Hunters Wanted | Contrast Security

A few years ago, Contrast Security launched a private, “invite-only” bug bounty program focused on Contrast Protect. We served up a vulnerable application and then we instrumented it with Contrast Protect. We ...