Skip to content

AppSec Observer

Contrast's application security blog provides the latest trends and tips in DevSecOps through instrumentation and security observability.

Subscribe Now
    Topics
    Why We Need “Developer-First” Application Security

    Why We Need “Developer-First” Application Security

    I recently did a podcast with Security Weekly that highlights developer-first application security. A recent survey..

    Contrast Security Champions Cybersecurity Awareness Month: Do Your Part. #BeCyberSmart

    Contrast Security Champions Cybersecurity Awareness Month: Do Your Part. #BeCyberSmart

    Contrast is proud to be a 2021 Champion for Cybersecurity Awareness Month throughout October—helping to promote global..

    BEHIND-THE-SCENES OBSERVATIONS ON THE 2021 OWASP TOP TEN

    BEHIND-THE-SCENES OBSERVATIONS ON THE 2021 OWASP TOP TEN

    In mid-2016, I unexpectedly found myself on the leadership team for the OWASP Top Ten. It is hard to believe that I..

    THE 2021 OWASP TOP TEN EMPHASIZES SECURITY CONTROL AREAS OVER INDIVIDUAL VULNERABILITIES FOR IMPROVED RISK MANAGEMENT

    THE 2021 OWASP TOP TEN EMPHASIZES SECURITY CONTROL AREAS OVER INDIVIDUAL VULNERABILITIES FOR IMPROVED RISK MANAGEMENT

    The primary goal of the OWASP Top Ten has always been to drive awareness of the biggest application security risks out..

    IAST Is the Only Way to Accurately Detect SSRF

    IAST Is the Only Way to Accurately Detect SSRF

    With server-side request forgery (SSRF) becoming a more important bug class in the era of microservices, I wanted to..

    Bounty Hunters Wanted: The Contrast Security Bug Bounty Program

    Bounty Hunters Wanted: The Contrast Security Bug Bounty Program

    A few years ago, Contrast Security launched a private, “invite-only” bug bounty program focused on Contrast Protect. We..

    Contrast Blocked Confluence CVE Attacks—Even Before the Patch

    Contrast Blocked Confluence CVE Attacks—Even Before the Patch

    On August 25, Atlassian released security updates to address a remote code execution vulnerability (CVE-2021-26084)..

    THE FORTHCOMING 2021 OWASP TOP TEN SHOWS THAT THREAT MODELING IS NO LONGER OPTIONAL

    THE FORTHCOMING 2021 OWASP TOP TEN SHOWS THAT THREAT MODELING IS NO LONGER OPTIONAL

    In 2003, two years after the organization was founded, the Open Web Application Security Project (OWASP) published the..

    Modern Problems: Traditional Security Scanning Wasn’t Built for Today’s Pipelines

    Modern Problems: Traditional Security Scanning Wasn’t Built for Today’s Pipelines

    Over the past 20 years, source-code scanning using static analysis has been a principal method for testing the security..

    Prev 32 33 34 35 36 Next