Contrast Assess

CSRF Vulnerability in NSA’s SkillTree Training Platform Discovered by Contrast IAST | Contrast Security

CSRF Vulnerability in NSA’s SkillTree Training Platform Discovered by Contrast IAST | Contrast Security

| | Contrast Assess, CSRF, cyberattacks, IAST, runtime security, Vulnerabilities
Contrast Security Assess — Contrast’s Interactive Application Security Testing (IAST) Application Security (AppSec) technology — has uncovered a vulnerability in a training platform called SkillTree that’s maintained on GitHub by the National ...
AppSec Observer
Secure from within | Proactive security for applications | Contrast Security

Secure from within | Proactive security for applications | Contrast Security

| | Contrast Assess, Contrast Protect, cyberattacks, Proactive Security, runtime security, Vulnerabilities
What does Contrast Security mean when we say “secure from within?”  ...
AppSec Observer
Cybersecurity Insights with Contrast CISO David Lindner | 5/24/24

Cybersecurity Insights with Contrast CISO David Lindner | 5/24/24

| | Contrast Assess, Contrast Protect, CVE, runtime security, zero-day
Insight #1 Tool consolidation continues, with Palo Alto’s plans to absorb IBM's QRadar software. This movement will continue and makes sense for the consumers of security software, as well. The reasons are ...
AppSec Observer
Cybersecurity Insights with Contrast CISO David Lindner | 5/24/24

Cybersecurity Insights with Contrast CISO David Lindner | 5/24/24

| | Contrast Assess, Contrast Protect, CVE, runtime security, zero-day
Insight #1 Tool consolidation continues, with Palo Alto’s plans to absorb IBM's QRadar software. This movement will continue and makes sense for the consumers of security software, as well. The reasons are ...
AppSec Observer
Contrast Security discovers Netflix OSS Genie application path traversal vulnerability that can lead to RCE during file upload

Contrast Security discovers Netflix OSS Genie application path traversal vulnerability that can lead to RCE during file upload

| | Contrast Assess, Contrast Protect, Directory Traversal, Genie, netflix, path traversal, vulnerability
Genie is a federated big data orchestration and execution engine developed and open sourced by Netflix.  ...
AppSec Observer
What does security instrumentation do for Application Security? A basketball analogy | Contrast Security

What does security instrumentation do for Application Security? A basketball analogy | Contrast Security

| | agents, Contrast Assess, instrumentation
It's not just any basketball — it’s a sensor-packed basketball called the 94Fifty.  ...
AppSec Observer
Contrast's MTTR is 37x faster than the competition

Contrast’s MTTR is 37x faster than the competition | Vulnerability Remediation | Contrast Security

| | Contrast Assess
Security debt — the backlog of known and unresolved vulnerabilities in an organization’s applications — is a drag, literally. It creates a real burden on organizations when it gets too high. The ...
AppSec Observer

Contrast Labs: Apache Struts CVE-2020-17530

| | Contrast Assess, Contrast Protect, Vulnerabilities
On December 8, 2020, Apache published a security bulletin providing details for CVE-2020-17530, a forced double Object-Graph Navigation Language (OGNL) evaluation vulnerability in Apache Struts 2.0.0 to 2.5.25 that provides attackers arbitrary ...
AppSec Observer

Eating Our Own Cooking at Contrast: Securing and Protecting TeamServer

| | Application Security, Contrast Assess, Contrast News, Vulnerabilities
It’s very rare that one has an opportunity to experience the development of a major software solution from the ground up and use that very product to secure and protect it at ...
Security Influencers Blog

Legacy SAST and the Fallacy of 100% Code Coverage

| | Application Security, Contrast Assess
In October of 2019, three months into my tenure at Contrast Security, I received a challenge question from a customer prospect in the northern Atlanta suburbs who was using a competitor’s legacy ...
Security Influencers Blog
Load more