Skip to content

AppSec Observer: Threat

Contrast's application security blog provides the latest trends and tips in DevSecOps through instrumentation and security observability.

Subscribe Now
    Topics
    If only I’d known ADR was possible when I was a SOC analyst!

    If only I’d known ADR was possible when I was a SOC analyst!

    Paged at 3 a.m. again … we had another breach to respond to in the security operations center (SOC). While the incident..

    DHS Warns of Imminent Nation State Cyberthreats

    DHS Warns of Imminent Nation State Cyberthreats

    Situation Due to the ongoing degradation in Ukrainian and Russian relations, today, intelligence agencies from major..

    [Upgrade to 2.17] Updated Guidance on Addressing Log4J CVEs

    [Upgrade to 2.17] Updated Guidance on Addressing Log4J CVEs

    The Apache Software Foundation provided another update to log4j (version 2.17.0) to address a new CVE-2021-45105 on..

    Log4Shell By The Numbers

    Log4Shell By The Numbers

    We monitor many thousands of applications with Contrast Assess (IAST), Contrast SCA, and Contrast Protect (RASP) so we..

    Updated Guidance on Addressing Log4J CVEs

    Updated Guidance on Addressing Log4J CVEs

    The information below is no longer current against the evolving security landscape. See [updated guidance] again on..

    Instantly Inoculate Your Servers Against Log4J With New Open Source Tool

    Instantly Inoculate Your Servers Against Log4J With New Open Source Tool

    Contrast is releasing SafeLog4j, a free and open-source, general purpose tool that can detect/verify vulnerable log4j..

    President Biden’s Executive Cybersecurity Order: Secure the Software Supply Chain

    President Biden’s Executive Cybersecurity Order: Secure the Software Supply Chain

    In the fallout of a successful ransomware attack on a pipeline that supplies nearly half the East Coast’s gasoline,..

    A BIGGER SHARE OF VULNERABILITIES WERE SERIOUS IN THE FIRST TWO MONTHS OF THE YEAR

    A BIGGER SHARE OF VULNERABILITIES WERE SERIOUS IN THE FIRST TWO MONTHS OF THE YEAR

    Until recently, the word “Hafnium” most commonly referred to an obscure atomic element—atomic number 72 in the Periodic..

    DEPENDENCY CONFUSION: A NEW THIRD-PARTY RISK FOR THE SOFTWARE FACTORY

    DEPENDENCY CONFUSION: A NEW THIRD-PARTY RISK FOR THE SOFTWARE FACTORY

    The SolarWinds attack has been extensively covered over the past two months—and rightly so. This dependency confusion..