What is DORA? | Compliance Requirements for EU DORA Regulations | Contrast Security
Cyberattacks, supply-chain issues, flooding, tsunamis, wildfires, equipment failures and even war: The financial sector has no choice but to keep operations running through all these — among other — types of disruptions, challenges and incidents. ... Read More
Zero Trust Security | Trust ‘Zero Trust’ for Application Security | Contrast Security
The perimeter cybersecurity model is like the defensive walls that surround ancient cities. For thousands of years, these walls provided stout defense against invaders arriving by horse and on foot. ... Read More
Legal liability for insecure software might work, but it’s dangerous
Ensuring security in the software market is undeniably crucial, but it is important to strike a balance that avoids excessive government regulation and the burdens associated with government-mandated legal responsibility, also called a liability regime. While there's no question the market is broken with regards to security, and intervention is ... Read More
Cybersecurity Insights with Contrast Co-founder and CTO Jeff Williams | 11/18
Insight #1 " Feds continue to push aggressive timelines for requiring app/API security “attestations” from software vendors. OMB 22-18 is the latest and it requires all software vendors to publish a statement disclosing how they ensure their applications are secure by October 2023." Insight #2 " Organizations are running ... Read More
Building a modern API security strategy — API protection
Part four of the five-part series, Building a modern API security strategy ... Read More
Is Your AppSec Program Developer-Centric?
You need an AppSec program. Software supports your business, and you need to know that attackers can’t kick that ground out from under you. But which is the right path to take for your application security program: Minimal, adversarial or developer-centric? Regardless of what bells and whistles you opt for, ... Read More
Building a modern API security strategy — API components
Part three of the five-part series, Building a modern API security strategy ... Read More
Building a modern API security strategy — API testing
Part two of the five-part series, Building a modern API security strategy ... Read More
API inventory: Focusing on runtime code, not never-invoked libraries
Part one of the five-part series, Building a modern API security strategy ... Read More
Building a modern API security strategy: A five-part series — Overview
The Spring4Shell exploit was, really, quite elegant. ... Read More