AppSec Observer: Contrast Assess

Contrast discovers CSRF vulnerability in NSA’s SkillTree training platform that allows attackers to modify content

Contrast Security Assess — Contrast’s Interactive Application Security Testing (IAST) Application Security (AppSec)..

How Contrast ‘secures from within:’ Code vulnerabilities set off smoke alarms; runtime incidents & cyberattacks trigger the sprinklers

What does Contrast Security mean when we say “secure from within?”

Cybersecurity Insights with Contrast CISO David Lindner | 5/24/24

Insight #1 Tool consolidation continues, with Palo Alto’s plans to absorb IBM's QRadar software. This movement will..

Contrast Security discovers Netflix OSS Genie bug that can lead to RCE during file upload

Genie is a federated big data orchestration and execution engine developed and open sourced by Netflix.

What’s a basketball got to do with Application Security instrumentation?

It's not just any basketball — it’s a sensor-packed basketball.

Contrast Labs: Apache Struts CVE-2020-17530

On December 8, 2020, Apache published a security bulletin providing details for CVE-2020-17530, a forced double..

Eating Our Own Cooking at Contrast: Securing and Protecting TeamServer

It’s very rare that one has an opportunity to experience the development of a major software solution from the ground..

Legacy SAST and the Fallacy of 100% Code Coverage

In October of 2019, three months into my tenure at Contrast Security, I received a challenge question from a customer..

What You Need to Know About the New IAST and RASP Guidelines in NIST 800-53