AppSec Observer: Application Security (13)

The Guerrilla Guide to Buying an Application Security Tool

If you're going to buy an application security tool, don't get distracted by hype. Purchasing an application security..

Application Security: We Still Have A Long Way To Go

The past decade shows only trivial progress in improving web app security, according to new vulnerability guidelines in..

3 Critical Things You Can Do During A Code Freeze With Contrast

HubSpot Vulnerability Fixed - Cross-Site Scripting (XSS) In The Cloud

This is the story of a minor XSS vulnerability in Contrast's website hosted at HubSpot. To be clear at the outset,..

Why SQL Injection Attacks Still Need to be Dealt With

Earlier this week, hackers claimed to have stolen $100,000 from users of a California-based ISP using a SQL injection..

A Continuous AppSec DashBoard in 8 Minutes Flat

The software world is moving quickly towards continuous integration, continuous delivery, and even continuous..

The *OTHER* Security Problem with Your Insecure Libraries

In early 2012, we published a study called "The Unfortunate Reality of Insecure Libraries" where we found that just..

Why Appsec Tools Need Great Data Flow Analysis

Many vulnerabilities, including XSS, SQL injection, command injection, LDAP injection, XML injection, and more happen..

Eliminating SQL Injection the Contrast Way

SQL Injection is one of the most serious application security problems. The vulnerability exists anytime a developer..