AppSec Observer
Contrast’s application security blog provides the latest trends and tips in DevSecOps through instrumentation and security observability. Learn about real-world insight and “in-the-trenches” experiences on topics ranging from application and information s
Cybersecurity Insights with Contrast CISO David Lindner | 10/20
Insight #1 It’s time to stop measuring your security organization success by the number of vulnerabilities you find. Security is a journey not a destination. Measure how quickly you are mitigating the ...
What is an island hopping cybersecurity attack? | Cyber Bank Heists Report | Contrast Security
Tom Kellermann, SVP Cyber Strategy, Contrast Security | | API security, APIs, Application Attacks, Below the Waterline, crime, Cyber Bank Heists, cybercrime, financial, financial institutions, financial sector, Organized Crime
Cyber Bank Heists report sheds light on the evolution of island-hopping cyber threats This year’sCyber Bank Heists report by Contrast Security was eye-opening. The annual report sheds light on the cybersecurity threats ...
What is DORA? | Compliance Requirements for EU DORA Regulations | Contrast Security
Jeff Williams | | Article 25, Compliance, Cybersecurity, DAST, DEVOPS, Digital Operational Resilience Act, digital resilience, DORA, European Union, IAST, rasp, regulation, Regulation (EU) 2022/2554, runtime security, waf
Cyberattacks, supply-chain issues, flooding, tsunamis, wildfires, equipment failures and even war: The financial sector has no choice but to keep operations running through all these — among other — types of disruptions, ...
Cybersecurity Insights with Contrast CISO David Lindner | 10/13
David Lindner, Director, Application Security | | AI, cisa, CISO, Cybersecurity, google, Known Exploited Vulnerabilities, Passkeys, passwords, Thought Leaders, Vulnerabilities
Insight #1 Google is now defaulting to the use of passkeys for authentication. This is a huge step in increasing the strength of the authentication mechanism out of the box for users, ...
Biggest GitHub code security threats | Software Supply Chain Security | Contrast Security
Lisa Vaas, Senior Content Marketing Manager, Contrast Security | | Contrast SCA, Cybersecurity, GitHub, github application security, github secure code, github security scanning, PATs, personal access tokens, SCA, supply chain
GitHub is the Megladon of source code hosts, and as such, it sports a gargantuan bulls-eye that flashes neon to hackers looking to poison the software supply chain. ...
Cybersecurity Insights with Contrast CISO David Lindner | 10/6
David Lindner, Director, Application Security | | AI, Attack, CISO, Cybersecurity, Cybersecurity Awareness Month, Scams, Thought Leaders, Voice Cloning
Insight #1 AI voice cloning is a problem: It’s reportedly taken the top spot in scam trends, particularly targeting seniors. “My voice is my passport” can no longer be a thing. ...
AWS root account management best practices
Lisa Vaas, Senior Content Marketing Manager, Contrast Security | | authentication security, aws, Best Practices, CISO Insights, root account
Amazon Web Services (AWS) has revolutionized the way organizations manage their IT infrastructure and applications. It’s also created a soft pink underbelly for your business — one that can have catastrophic consequences ...
Cybersecurity Insights with Contrast CISO David Lindner | 9/29
David Lindner, Director, Application Security | | Attack, CISO, Cybersecurity, Dependabot, GitHub, passwords, supply chain, Thought Leaders
Insight #1 For years — since 2018 — the National Institute of Standards and Technology (NIST) has said that password length trumps password complexity requirements. Now LastPass is forcing users into choosing ...
Runtime Security fits fast-paced AppDev environments | Contrast Security
Lisa Vaas, Senior Content Marketing Manager, Contrast Security | | AppSec, backlog, CVE, runtime protection, runtime security, SAST, SCA, waf
Are traditional AppSec tools keeping up with advances in software? That was the question The Application Security Podcast host Chris Romeo recently asked Contrast Security Co-founder and Chief Technology Officer Jeff Williams. ...
WAF cybersecurity limitations and alternatives | Contrast Security
Tom Kellermann, SVP Cyber Strategy, Contrast Security | | Cybersecurity, runtime protection, runtime security, sql injection
Why WAFs leave you adrift in the treacherous waters of cybersecurity In the ever-shifting currents of the cybersecurity ocean, debates about the relevance and effectiveness of various defense mechanisms continue to surface, ...