Skip to content

AppSec Observer: DevOps (5)

Contrast's application security blog provides the latest trends and tips in DevSecOps through instrumentation and security observability.

Subscribe Now
    Topics
    Serialization Must Die: Act 1: Kryo

    Serialization Must Die: Act 1: Kryo

    When @frohoff, @gebl and @breenmachine all combined to melt Java security (in what I’m hereafter conflating under the..

    Third-Party Software Library and Airbag Grenades

    Third-Party Software Library and Airbag Grenades

    Recently Contrast Security ran some analysis of our customers’ 3rd party software usage, which is a huge security blind..

    A New, Open Source Tool Proves: Even After Patching, Deserializing Will Still Kill You

    A New, Open Source Tool Proves: Even After Patching, Deserializing Will Still Kill You

    With all the talk about Java serialization vulnerabilities, I thought I'd share a new, open source tool I built for you..

    The Fast, Free, Fantastic Way to Find Cross-Site Scripting (XSS)

    The Fast, Free, Fantastic Way to Find Cross-Site Scripting (XSS)

    What Is XSS? Cross-site scripting (XSS) is really pretty simple. Any time untrusted data ends up an HTML page without..

    The 10 Most Important Security Controls Missing in JavaEE

    The 10 Most Important Security Controls Missing in JavaEE

    JavaEE has some excellent built-in security mechanisms, but they don’t come close to covering all the threats that your..

    Five Application Security New Year's Resolutions Every Developer Can Make

    Five Application Security New Year's Resolutions Every Developer Can Make

    New Year's Resolutions can be tricky, and advice abounds on how you can do a better job at keeping them. For the sake..

    Automating AppSec

    Automating AppSec

    As developers, we have tools that we use every day to make ourselves more efficient. We use tools like Maven for..