AppSec Observer

3 Critical Things You Can Do During A Code Freeze With Contrast

Better Application Vulnerability Detection with Advanced Data Tagging

I've been reviewing code for security problems for about 15 years now. I'm privileged to have seen the code for many of..

HubSpot Vulnerability Fixed - Cross-Site Scripting (XSS) In The Cloud

This is the story of a minor XSS vulnerability in Contrast's website hosted at HubSpot. To be clear at the outset,..

Why SQL Injection Attacks Still Need to be Dealt With

Earlier this week, hackers claimed to have stolen $100,000 from users of a California-based ISP using a SQL injection..

A Continuous AppSec DashBoard in 8 Minutes Flat

The software world is moving quickly towards continuous integration, continuous delivery, and even continuous..

Automating AppSec

As developers, we have tools that we use every day to make ourselves more efficient. We use tools like Maven for..

The *OTHER* Security Problem with Your Insecure Libraries

In early 2012, we published a study called "The Unfortunate Reality of Insecure Libraries" where we found that just..

Why AppSec Tools Must have Good Coverage

What would you say if I told you your current application tools are only covering about 20% of your application? Saying..

Why Appsec Tools Need Great Data Flow Analysis

Many vulnerabilities, including XSS, SQL injection, command injection, LDAP injection, XML injection, and more happen..