Skip to content

AppSec Observer: vulnerabilities (3)

Contrast's application security blog provides the latest trends and tips in DevSecOps through instrumentation and security observability.

Subscribe Now
    Topics
    0-Day Detection of Log4j2 Exploit Vulnerability

    0-Day Detection of Log4j2 Exploit Vulnerability

    The world’s most used logging framework was just hit by the Log4j2 exploit, but DevSecOps teams can quickly identify..

    Contrast SECURITY VULNERABILITY DETECTION vs the Log4J2 CVE - A demonstration

    Contrast SECURITY VULNERABILITY DETECTION vs the Log4J2 CVE - A demonstration

    This week, Contrast Security proved that we could detect the Log4j2 vulnerability that caused CVE-2021-44228 and stop..

    Detecting a New Grafana Exploit in Go

    Detecting a New Grafana Exploit in Go

    A new Grafana vulnerability has been discovered that enables arbitrary file reads off the system. This vulnerability..

    President Biden’s Executive Cybersecurity Order: Secure the Software Supply Chain

    President Biden’s Executive Cybersecurity Order: Secure the Software Supply Chain

    In the fallout of a successful ransomware attack on a pipeline that supplies nearly half the East Coast’s gasoline,..

    Contrast Labs: Apache Struts CVE-2020-17530

    Contrast Labs: Apache Struts CVE-2020-17530

    On December 8, 2020, Apache published a security bulletin providing details for CVE-2020-17530, a forced double..

    Contrast Security’s Approach to SCA Enables Vulnerability Prioritization and Faster Remediation

    Contrast Security’s Approach to SCA Enables Vulnerability Prioritization and Faster Remediation

    Open Source Is a Mainstay in Modern Development It goes without saying that modern applications are rarely built from..

    Eating Our Own Cooking at Contrast: Securing and Protecting TeamServer

    Eating Our Own Cooking at Contrast: Securing and Protecting TeamServer

    It’s very rare that one has an opportunity to experience the development of a major software solution from the ground..

    Authenticated Remote Code Execution in OpenMRS

    Authenticated Remote Code Execution in OpenMRS

    Early in May of 2020, Contrast Labs was exploring different ways in which we could help the community or world combat..

    XML External Entity (XXE) Attack Vulnerability and JAXB Pitfalls

    XML External Entity (XXE) Attack Vulnerability and JAXB Pitfalls

    The Java XML Binding (JAXB) runtime that ships with OpenJDK 1.8 uses a default configuration that protects against XML..