Application Security Blog - AppSec News, Trends, Tips, and Insights

29 November 2021

Navigating (and Responding) to the Federal Binding Operational Directive 22-01

The Directive Just over two weeks ago, on November 3rd, the Cybersecurity and Infrastructure Security Agency (CISA), a..

10 November 2021

The Trojan Source is Not Your Mane Problem

A recently published paper provides a logo and slick polish for an old vulnerability about the ability of certain..

3 November 2021

Contrast Security named a 2021 Gartner Peer Insights Customers’ Choice for the 3rd year in a row for Application Security Testing

Contrast Security receives 94% willingness to recommend based on 74 customer reviews As Contrast Security continues to..

25 October 2021

SECURING THE SOFTWARE SUPPLY CHAIN STARTS WITH A SOFTWARE BILL OF MATERIALS (SBOM)

As readers of the AppSec Observer blog are aware, application attacks have continued unabated throughout the massive..

11 October 2021

Understanding Software Supply Chain Risks and How to Mitigate Them

As demand for new applications continues to rise, developers are adapting new tools and techniques to accelerate their..

20 September 2021

IAST Is the Only Way to Accurately Detect SSRF

With server-side request forgery (SSRF) becoming a more important bug class in the era of microservices, I wanted to..

13 September 2021

Bounty Hunters Wanted: The Contrast Security Bug Bounty Program

A few years ago, Contrast Security launched a private, “invite-only” bug bounty program focused on Contrast Protect. We..

10 September 2021

Contrast Blocked Confluence CVE Attacks—Even Before the Patch

On August 25, Atlassian released security updates to address a remote code execution vulnerability (CVE-2021-26084)..

1 September 2021

Modern Problems: Traditional Security Scanning Wasn’t Built for Today’s Pipelines

Over the past 20 years, source-code scanning using static analysis has been a principal method for testing the security..

BY USE CASE

BY DEPARTMENT

BY INDUSTRY

GITHUB ACTIONS BLOG SERIES, PART 1: PIPELINE NATIVE CODE ANALYSIS

Contrast Security recognized as a Visionary by Gartner in Application Security Testing.

Contrast Incident Response Hub

Contrast Marketing

Navigating (and Responding) to the Federal Binding Operational Directive 22-01

The Trojan Source is Not Your Mane Problem

Contrast Security named a 2021 Gartner Peer Insights Customers’ Choice for the 3rd year in a row for Application Security Testing

SECURING THE SOFTWARE SUPPLY CHAIN STARTS WITH A SOFTWARE BILL OF MATERIALS (SBOM)

Understanding Software Supply Chain Risks and How to Mitigate Them

IAST Is the Only Way to Accurately Detect SSRF

Bounty Hunters Wanted: The Contrast Security Bug Bounty Program

Contrast Blocked Confluence CVE Attacks—Even Before the Patch

Modern Problems: Traditional Security Scanning Wasn’t Built for Today’s Pipelines

BY USE CASE

BY DEPARTMENT

BY INDUSTRY

GITHUB ACTIONS BLOG SERIES, PART 1: PIPELINE NATIVE CODE ANALYSIS

Contrast Security recognized as a Visionary by Gartner in Application Security Testing.

Contrast Incident Response Hub

Contrast Marketing

Navigating (and Responding) to the Federal Binding Operational Directive 22-01

The Trojan Source is Not Your Mane Problem

Contrast Security named a 2021 Gartner Peer Insights Customers’ Choice for the 3rd year in a row for Application Security Testing

SECURING THE SOFTWARE SUPPLY CHAIN STARTS WITH A SOFTWARE BILL OF MATERIALS (SBOM)

Understanding Software Supply Chain Risks and How to Mitigate Them

IAST Is the Only Way to Accurately Detect SSRF

Bounty Hunters Wanted: The Contrast Security Bug Bounty Program

Contrast Blocked Confluence CVE Attacks—Even Before the Patch

Modern Problems: Traditional Security Scanning Wasn’t Built for Today’s Pipelines

Loving our content? Subscribe now!