Skip to content

AppSec Observer: Contrast Assess

Contrast's application security blog provides the latest trends and tips in DevSecOps through instrumentation and security observability.

Subscribe Now
    Topics
    Contrast discovers CSRF vulnerability in NSA’s SkillTree training platform that allows attackers to modify content

    Contrast discovers CSRF vulnerability in NSA’s SkillTree training platform that allows attackers to modify content

    Contrast Security Assess — Contrast’s Interactive Application Security Testing (IAST) Application Security (AppSec)..

    How Contrast ‘secures from within:’ Code vulnerabilities set off smoke alarms; runtime incidents & cyberattacks trigger the sprinklers

    How Contrast ‘secures from within:’ Code vulnerabilities set off smoke alarms; runtime incidents & cyberattacks trigger the sprinklers

    What does Contrast Security mean when we say “secure from within?”

    Cybersecurity Insights with Contrast CISO David Lindner | 5/24/24

    Cybersecurity Insights with Contrast CISO David Lindner | 5/24/24

    Insight #1 Tool consolidation continues, with Palo Alto’s plans to absorb IBM's QRadar software. This movement will..

    Contrast Security discovers Netflix OSS Genie bug that can lead to RCE during file upload

    Contrast Security discovers Netflix OSS Genie bug that can lead to RCE during file upload

    Genie is a federated big data orchestration and execution engine developed and open sourced by Netflix.

    What’s a basketball got to do with Application Security instrumentation?

    What’s a basketball got to do with Application Security instrumentation?

    It's not just any basketball — it’s a sensor-packed basketball.

    Contrast Labs: Apache Struts CVE-2020-17530

    Contrast Labs: Apache Struts CVE-2020-17530

    On December 8, 2020, Apache published a security bulletin providing details for CVE-2020-17530, a forced double..

    Eating Our Own Cooking at Contrast: Securing and Protecting TeamServer

    Eating Our Own Cooking at Contrast: Securing and Protecting TeamServer

    It’s very rare that one has an opportunity to experience the development of a major software solution from the ground..

    Legacy SAST and the Fallacy of 100% Code Coverage

    Legacy SAST and the Fallacy of 100% Code Coverage

    In October of 2019, three months into my tenure at Contrast Security, I received a challenge question from a customer..

    What You Need to Know About the New IAST and RASP Guidelines in NIST 800-53

    What You Need to Know About the New IAST and RASP Guidelines in NIST 800-53