Resources

In a recent video at the RSA Conference, Kiran Sharma, Senior Privacy Program Manager at Snap Finance, highlighted the significant impact of Contrast’s platform on their security initiatives. Sharma has played a pivotal role in driving the organization’s DevSecOps and security programs. Recognizing the need for a unified solution to address vulnerabilities sourced from various tools, he emphasized the significance of a consolidated platform for streamlined management and increased visibility. The Contrast Secure Code Platform emerged as the ideal solution, providing Snap Finance with comprehensive insights and actionable information to tackle vulnerabilities effectively.

Contrast Security and Trace3 discuss observations from the field for the State of DevSecOps in 2023 and how you can kickstart or enhance your existing program

Join Larry Maccherone, DevSecOps Transformation lead at Contrast Security, and Farshad Abasi, Chief Security Officer at Forward Security for an interactive discussion about how to future-proof against emerging threats on the horizon so your organization is prepared to respond instantly to zero-day vulnerabilities like Log4Shell.

American College of Radiology selected Contrast, because it was providing really good information about the findings of vulnerabilities and context on how to fix them. Contrast has assisted in educating American College of Radiology’s developers to not just fix the issues but also to prevent them from happening again in the future.

Watch this On-Demand session from ATARC’s Zero Trust Virtual Summit. Erik Costlow, Sr Director at Contrast focuses on the Zero Trust Maturity Model, Pillar #4 that hones in on Application Workloads.

Watch this simple demo from Jeff Williams, Contrast CTO, showing how the Log4j vulnerability and exploit work.

The most serious of vulnerabilities was just found in the most used logging framework, but DevSecOps teams can quickly identify what’s impacted and where they focus their time.

American College of Radiology has agile methodologies in their SDLC, which means security tools have to shift left, allowing developers to have access to security tools. Learn how Contrast enabled American College of Radiology to leverage technology for security by finding errors as they run.

A demonstration of how the Go agent helps teams find vulnerabilities in their custom code, with an explanation of how the technology works.

Our CEO discusses how software is affecting business transformation, the growing risks inherent in the pace of modern development, how security can evolve to scale, and why Contrast is uniquely positioned to deliver an application security posture that is effective.

Organizations will recalibrate how they measure application risk and reevaluate strategies based on the OWASP Top 10 2021. Hear two of the original co-founders of OWASP assess the new Top 10 and provide their perspectives.

Hear our panel of experts discuss the second annual 2021 Application Security Observability Report. We will cover key insights and industry benchmarks on an array of different application security areas.

Hear a panel of experts discuss how bad actors were able to hack the Kaseya application, and get recommendations on what you can do to avoid becoming victims to software supply chain attacks.

One of the “can’t miss events” in 2021. Join this webinar to learn how pipeline-native static analysis is a major breakthrough—delivering exponential improvements in scan times, accuracy, and more without compromising development speed.

Application security is no longer one- or two-dimensional. Join our expert panel on this webinar and learn about the four dimensions of modern application security.

Join this webinar to learn what controls and metrics you need in place to implement a successful DevSecOps program.

Join us as we discuss key findings in Contrast Labs’ newly released “2021 Open-source Security Report.” Learn what percentage of libraries contain vulnerabilities, how many CVEs are in an application, and much more.

60% of Public Agencies Use DevOps and Agile But It Takes An Average of 500 Days to Complete a Federal IT Project. Something is amiss! Join us for our two subject-matter experts for this Fireside Chat and discover why modern DevSecOps is the answer for federal agencies.

Join us to discover why security roadblocks inhibit developer efficiencies while slowing down development cycles. A platform approach to application security solves these challenges, collapsing the different silos between application security tools for full observability across applications and application programming interfaces (APIs).

Contrast Security hosted the industry's first Security Observability Summit. You will experience one inspiring keynote, two comprehensive breakouts, and nine eye-opening sessions.

Contrast Security held a virtual event with a panel of AppSec experts for an exclusive inside look on how you not only can get control of runaway security debt, but can actually reduce it dramatically. This moderated panel of AppSec pros shared stories about their own experiences and the strategies they employed to reduce security debt permanently. You will come away with key insights and tactics about how you can overcome security debt within your own organization.

Most traditional application security (AppSec) requires a slew of tedious manual processes that are failing modern DevOps teams in both efficiency and effectiveness. Since these legacy AppSec tools cannot keep pace with modern DevOps, security teams have long struggled to control and limit the amount of serious application vulnerabilities. Watch this webinar to learn how a modernized approach to AppSec can meet the needs of both security and DevOps teams.

Join us to gain insights on how the confluence between the rapidly expanding application attack surface and the evolving threat landscape poses serious risk. After mapping out the challenges, our expert panel will share insights around strategies and tactics that organizations can tap to bolster their application risk postures and ensure their applications are protected.

As the modern-day CISOs role continues to expand, CISOs must mitigate both business risk and execute successful cybersecurity strategies. This is especially true when it comes to the risk of application development vulnerabilities that can result in dire financial consequences—ranging from diminished brand reputation to severe financial loss. Tune in for a special moderated webinar that will feature insights from a seasoned executive recruiter and CISO practitioner about what it takes to manage an effective application security strategy.

Let’s face it—traditional web application firewalls (WAFs) simply can’t keep pace with the demands of digital transformation in DevOps environments. Applications are deployed faster and leaner than ever before and AppSec professionals need protection that moves beyond the traditional and simplistic perimeter defenses a WAF can offer. Join this webinar for a discussion about how RASP delivers an innovative application security alternative that adapts and reacts in real time. With RASP, teams gain the necessary attack visibility, application observability, and scalability they require.

False positives in application security are the kiss of death. They kill time, confidence, and ultimately, the application if they detract from security’s ability to focus on the critical vulnerabilities. Attend this webinar to get a better perspective on how pervasive the issue of false positives is, and the impact these erroneous alerts have on an organization—from the effects of alert fatigue to the impediments on a company’s digital transformation.

With attack-automation tools working around the clock, there’s no REST for the wicked. The increasing speed of DevOps and continuous deployment paves the way for teams to obtain security through on-demand self-service – securing APIs from the inside rather than the outside. Watch this on demand webinar if you are a Developer who wants to push code faster by removing the obstacles of securing APIs as mandated by your security teams.

Uncompromised code. Imagine it. Well, a technology exists that can make it a reality: Instrumentation. The state of Application Security is in a flux, and it is for good reason. After literally decades of attempts to improve software security, the proverbial needle has barely moved. Join Jeff Williams, Contrast Security's CTO and co-founder of OWASP for a webinar to learn how AppSec professionals can benefit from instrumenting applications.

The journey of cloud migration isn’t a straight and narrow path, and enterprise DevSecOps teams generally use a variety of tools to reach their goal. In this webinar, we will deep dive into SAP Concur’s journey, and how they are leveraging Contrast Security’s embedded application security model and AWS in tandem to “shift left”, create a seamless developer experience, and deliver secure application workloads on the cloud.

A Web Application Firewall (WAF) has limited capabilities to secure your code during production. Using a Runtime Application Self-Protection (RASP) tool will work from within the application via instrumentation and easily deploys in your DevOps, Cloud and Container environments. We’ll highlight what WAFs can and cannot see and why they require RASP to function at its fullest.

Cloud-native platforms not only make it easier to support the kind of cultural shift necessary for continuously shipping software, they make it easier to practice good security and reduce the available attack surface. But an attack on the application itself can undermine all platform controls. Learn to secure your code in runtime at scale for cloud-native production applications.

Join Jeff Williams, Co-Founder & CTO of Contrast Security, and David Zendzian, CTO of Compliance and Security at Pivotal, for a discussion on best practices to ensure an organization's Cloud-Native Transformation is secure at the speed of DevOps.

Join in to discuss the principles of DevOps with an innovative approach of IT security known as DevSecOps. DevSecOps introduces automated security much earlier in the Software Development Life Cycle (SDLC) to minimize vulnerabilities and bring security closer to IT and govrnment business objectives.

Hear directly from a customer's perspective on how Beeline, the world leader in contingent workforce solutions, aligned their Development, Operations, and Security practitioners to set up a fully automated continuous integrated and continuous delivery (CI/CD) pipeline and incorporated application security early in the process.

Development teams have struggled with a massive security backlog for how rapid they need to work to release software. Protecting your legacy applications is critical to your business and therefore necessary for your organization to have better production controls. Listen in to learn Contrast Security's new Targeted Defense Platform using RASP technology to defend your applications in production.

Watch a demo presented by Jeff Williams, CTO and Co-Founder of Contrast Security, and Ed Amoroso, former CISO at AT&T and Founder of TAG Cyber.

See how Contrast Security works with Agile & DevOps processes to accomplish maximum security at maximum speed for all application deployments.

Short video to learn how Contrast Security enables development and operations teams to deliver secure code while working at DevOps speed.

Learn how Interactive Application Security Testing (IAST) uses instrumentation to find and remediate vulnerabilities and insecure libraries. We will compare Contrast Assess to other legacy security testing methodologies.

Contrast Assess deploys an intelligent agent that instruments the application with smart sensors to analyze code in real-time from within the application. No need to disrupt and change the way you work.

Jeff Williams, CTO and Co-Founder of Contrast Seucurity, explains what it means to have "self-protecting" software.

Watch first hand how Contrast Protect (RASP solution) avoids the need for WAF's by working from the inside of a running application to provide better visibility and accuracy to find and block attacks.

Nick Holland, Director of Banking & Payments at the Information Security Media Group, and Jeff Williams, CTO and Co-founder of Contrast Security, discuss the challenges of writing secure code.

Hear a conversation with Contrast Security's Co-Founder & CTO, Jeff Williams and former CISO of AT&T, Ed Amoroso, as they discuss how to approach application security and what the future of cyber security looks like. (10:18)

In this brief video, hear Tim Chase, Director of Application Security and Architecture at Nielson, discuss the importance of continuous application security and what he thinks the future will hold for security testing, including DevSecOps. (02:15)

Watch this On-Demand webinar to learn how to scale aspects of governance, compliance and security across different application teams, codebases and microservices architectures.

Shift Left. A phrase that is easy to say, but a strategy that many organizations struggle to effectively implement. Watch this talk, presented by industry expert Larry Maccherone, to learn how to overcome the top 5 reasons that “shift left” is hard.

World class Application Security programs were not built in a day. The journey to success and meeting the new normals of code velocity require a coordinated effort between Engineering, DevOps and Security. Hear from Forrester's Sandy Carielli and Contrast Security's Larry Maccherone on how to quickly align goals, incentives and remove friction in better securing code across the entire SDLC.

Two technical experts from Contrast and Cloudbees discuss governance, compliance, and security across different aspects of the SDLC. Watch this webinar to learn how automation enables organizations to realize the full potential of digital transformation, enforce compliance consistency, and enable developers to deliver secure code faster than before.

Today’s IT environments are increasingly complex and layered, jampacked with new collaboration applications, operational management platforms, authentication tools, malware protection software, the list goes on. With so many apps, it’s all too easy to focus your vulnerability remediation efforts on third-party software libraries and published CVEs and call it done.

Teams that are working to develop and ship code fast are running into barriers when it comes to security. Solving this takes a combination of best practices and automation technology and should help them build secure code from the start vs trying to bolt it on later. In this panel discussion, Forrester principal analyst Chris Condo along with Larry Maccherone, DevSecOps Transformation, Contrast Security and Erik Costlow, Developer Relations, Contrast Security discuss 5 best practices that leading companies use to go fast while remaining secure.

Hear a panel of experts discuss the importance of API security and why traditional solutions fall short. Learn how APIs are designed and how design decisions impact security.

In response to the cascade of successful cyber exploits, President Biden issued an executive order that mandates the need for strengthening cybersecurity. Contrast Protect does just that for production applications.

Learn how Contrast can help application security teams improve the security of Go applications with the industry’s first interactive application security analyzer for the Go language.

Get insights and recommendations from a guest panel of Contrasters and GuidePoint Security on new survey findings published in a just-released State of Financial Services and AppSec Report.

Discover what next-generation pentesting looks like when combined with interactive application security testing (IAST).

Join us as we discuss how a new dependency confusion vulnerability can wreak havoc and create widespread risk across the software supply chain.

Join us as we discuss why simply assigning a severity rating is inadequate and how Contrast is developing an open-source risk-scoring algorithm that will be used as the basis for its RiskScore.

Join us to discover key findings and insights on Contrast Security’s 2020 State of DevSecOps Report. Our panel of practitioners will share their insights and recommendations on the extensive findings in the report. Attendees will leave with an in-depth understanding of key DevSecOps trends and best practices.

Far too many software composition analysis (SCA) tools serve up a slew of irrelevant vulnerabilities in open-source libraries and frameworks that aren’t actively used, leaving developers frustrated when it comes to securing open-source code. Join us with key insights from AppSec professionals and come away with a stronger understanding of how to deliver developers the data they need to fix vulnerabilities, fast.

At Contrast Security, we’ve been “eating our own cooking” to secure and protect TeamServer—the assessment analysis engine and UI that powers the Contrast Application Security Platform. Join this webinar and we will share some tangible business value outcomes that we've achieved using the Contrast Application Security Platform. Join the List Now!

Medtronic embraced a modern application development approach to DevSecOps; increasing scale, eliminating noise from false positives, and bridging the gap between development and security teams. Watch this webinar to hear how Medtronic accelerated cloud migration and increased software delivery.

Join us to discover a new approach for effective vulnerability management. Observability is key when it comes to the five-step plan that security and development teams need to implement for effective vulnerability management. By implementing this five-step plan, attendees will drive more effective threat prevention and achieve better risk management.

Join us to understand how Dr. Jekyll AppSec has turned into Mr. Hyde—not only in terms of the productivity of security teams but in the risk applications pose. Key takeaways include why traditional tools drive operational inefficiencies, how old security tools generate huge volumes of alerts that are inaccurate and often meaningless, and why old scanning and testing tools require AppSec professionals with highly specialized expertise and skills that are in high demand.

Is managing open-source software (OSS) with legacy tools causing more harm than good? This is often the case when it comes to outdated software composition analysis (SCA) tools that bury teams with false positives and require a series of tedious manual processes that waste valuable time. Tune in with us for a webinar that will explain how these SCA tools fall short when it comes to managing OSS risk, as well as how to untangle the confusion and find a security strategy that doesn’t stop DevOps in its tracks.

Get a sneak peek at our latest Contrast Labs findings, in this webinar you’ll learn what vulnerabilities and attacks in custom and open-source coded applications are the critical causes for concern. Effective web application security isn’t only about identifying vulnerabilities and attacks, as a matter of fact, that leads to alert fatigue. Today it’s about prioritizing and focusing and identifying what matters—sifting out the chaff from the wheat. Attend this webinar to get that leg up in your efforts.

In this webinar, our panel discusses how modern software development is the driver of an organization’s digital transformation and how application security is transforming to meet the modern demands. Learn how to empower faster code releases and scale application security through automation.

This moderated webinar panel tells you why Agile and DevOps requires a new approach to application security. This includes a cultural transformation that touches on everything that is needed for today’s modern software development environment—from strategies for building a strong security posture, to continuous protection through the software development life cycle, to automating workflows.

Learn how to leverage application security instrumentation techniques in DevSec and SecOps (DevSecOps) to increase both developer and security productivity. Watch this webinar today to understand how the combined benefits of Microsoft and Contrast Security can help you accelerate innovation with Security in a DevOps world.

Development teams and leaders want to push code faster and write good code while reducing interference from security teams. The only way to achieve these objectives is to rethink AppSec by integrating it into the DevOps pipeline. Attend this webinar if you are a Developer who wants to push code faster by removing the obstacles of securing APIs as mandated by your security teams.

Traditional approaches to AppSec have relied on a patchwork of separate disconnected tools and processes that add more friction than value by spending far too much time on scans and pentesting. We have a better idea. This talk will present our unified platform that provides continuous and comprehensive AppSec across the SDLC by seamlessly weaving AppSec into your applications themselves, protecting applications from cradle to grave.

Traditional approaches to application security create unacceptable drag and scaling problems for DevOps, while security staffing and tooling requirements to support “more code, faster” create untenable economics. This webinar will be a discussion and hands-on workshop showing the transformative impact of embedding application security into applications themselves.

Over the past 20 years, there have been a dozen different major theories on how you should implement an application security program. The answer is a new modern approach to achieving application security that directly measures security outcomes instead of indirect measurements of processes or teams.

Organizations are migrating from traditional legacy technologies to embracing today's Digital Transformation with modern cloud computing. These activities, in turn, are driving the need for stronger security. This webinar will help you understand how Contrast solves this problem by using instrumentation within the application to protect wherever they are deployed and automatically report and block attacks.

We've all suffered from a difficult, inaccurate, and frustrating security tool. What if there was a security tool that was as easy and powerful to use as AppDynamics? In this webinar, we will help you get up and running with Contrast Security's Community Edition FREE and full-strength tool for anyone to use. Start securing your code, lock down open source libraries, identify attacks, and prevent exploits using our free AppSec solution.

Tim Chase, Director of Application Security and Architecture at Nielsen, discusses how he scales Rugged DevOps and achieves continuous protection during development and operations by instrumenting the software application portfolio, assessing and protecting applications in parallel, and deploying integrations that provide instant notifications.

Watch this short video to see how Contrast Security protects applications and blocks SQL injections attacks better than WAF's.

Listen to Contrast CTO, Jeff Williams, discuss how Contrast is modernizing government agencies approach to application security.

Businesses are transforming. Innovation is being driven by software development. Learn how Contrast is leading the security evolution to ensure that innovation is secure.

Watch a step-by-step demo of how developers can reduce false positives, manual processes, and security roadblocks by embedding security directly into software through instrumentation.

Watch a short high-level overview of Contrast Assess and Contrast Protect to see how we make software self-protecting to prevent vulnerabilities and block attacks.

A short explanation to learn how Contrast Security uses instrumentation to deploy and accurately identify application vulnerabilities in minutes without experts or legacy SAST and DAST tools.

Contrast Protect leverages Runtime Application Self-Protection (RASP) and patented deep security instrumentation to protect applications against cyber attacks in real-time, making it the most accurate, fastest and scalable application security solution.

Terry Sweeny, Editor at DARKReading, and Jeff Williams, CTO and Co-founder at Contrast Security, discuss the need for a modern approach with more accurate tools to help development teams code without the need to stop and scan.

Contrast Security CEO Alan Naumann chats with former CISO of AT&T Ed Amoroso on the importance of software security, DevOps initiatives, and the future of digital transformation.

In this video, hear Scott Parson, Senior Enterprise Security Architect of a Fortune 500 Financial Company, discuss the importance of continuous application security and how automation and cloud infrastructure has impacted his organizations approach to application security. (02:25)

In this video, Jeff Williams, Co-Founder & CTO of Contrast Security, talks with John Monagle of General Catalyst, in regard to investing in application security, how the DevOps movement is changing the market, and Contrast Security's role in this transformation. (03:15)

Hear Brian Gillooly, VP of Events Content & Strategy, at Dark Reading in an in-depth conversation with Jeff Williams, Co-Founder & CTO of Contrast Security. Topics included revolutionary changes taking place in both application security and DevOps as well as Jeff’s prestigious nomination as one of the three finalists in the "Most Innovative Thought Leader" category for his work as a cyber security innovator. (12:57)

Watch this short video and hear from Director of Test, John Scarborough on how he defines Interactive Application Security Testing (IAST). (00:39)

Establishing a DevOps-ready security program is possible. In this video, hear from three folks who have successfully built and scaled the DevOps functions within their organizations. (01:31)

Watch this short video and hear how Steve Herrod, Managing Director of General Catalyst Partners, defines and uses RASP technology as a decision-making tool. (00:35)