Author Archives: David Lindner, Director, Application Security

CONTRAST CUSTOMERS HIT REMEDIATION MILESTONE NEARLY 29X FASTER THAN TRADITIONAL APPROACHES

Posted on by

Application Security Observability Report Finds Median Time To Remediate Is 3 Days Versus 86 Days
Security debt—the backlog of known and unresolved vulnerabilities in an organization’s applications—is a real burden on organizations when it gets too hig… Continue reading CONTRAST CUSTOMERS HIT REMEDIATION MILESTONE NEARLY 29X FASTER THAN TRADITIONAL APPROACHES

CONTRAST STUDY FINDS THAT LESS THAN 10% OF APPLICATION CODE IS ACTIVE THIRD-PARTY LIBRARY CODE

Posted on by

2021 State of Open-source Security Report Examines Real-world Software Supply Chains
Prompted by the devastating SolarWinds attack, the White House is reportedly preparing an executive order on software security to be released in the next several … Continue reading CONTRAST STUDY FINDS THAT LESS THAN 10% OF APPLICATION CODE IS ACTIVE THIRD-PARTY LIBRARY CODE

Remote Code Execution Deserialization Vulnerability Blocked by Contrast

Posted on by

On May 20, 2020, the National Vulnerability Database (NVD) published a new CVE—CVE-2020-9484. The vulnerability associated with CVE-2020-9484 allows any anonymous attacker with internet access to submit a malicious request to a Tomcat Server… Continue reading Remote Code Execution Deserialization Vulnerability Blocked by Contrast

Contrast Labs: CVE-2020-11444: Privilege Escalation Vulnerability in Sonatype Nexus Repository Manager

Posted on by

In this time of COVID-19, social distancing, stay at home, shelter in place, and all the other things that force us to really do nothing outside the home, I have spent more time bug hunting.
The post Contrast Labs: CVE-2020-11444: Privilege Escalation … Continue reading Contrast Labs: CVE-2020-11444: Privilege Escalation Vulnerability in Sonatype Nexus Repository Manager

Contrast Labs: Mapping Risk Profiles for Select OWASP Top 10 Vulnerabilities to Understand Their AppSec Risk

Posted on by

At Contrast Security, the Contrast Labs team is charged with numerous things. Part of this charter includes looking at threat intelligence and understanding the true threat landscape. This encompasses risks that different vulnerabilities may pose to an… Continue reading Contrast Labs: Mapping Risk Profiles for Select OWASP Top 10 Vulnerabilities to Understand Their AppSec Risk

Videoconferencing Is Being Weaponized, Tips on Making Your Meetings More Secure

Posted on by

Zoom, the videoconferencing application that has grown from 10 million users in December to over 200 million today (an increase of 1,900%), is easily the most popular virtual meeting service for businesses, nonprofits, schools, and social groups from a… Continue reading Videoconferencing Is Being Weaponized, Tips on Making Your Meetings More Secure

Public WiFi is actually still pretty dangerous

Posted on by

I wanted to write a short response to an article EFF posted, Why Public Wi-Fi is a Lot Safer Than You Think. It’s no secret transport layer security has vastly improved over the years — so I generally agree with a lot of the points made here. For the … Continue reading Public WiFi is actually still pretty dangerous

Why You Need Both a WAF and RASP to Protect Your Web Applications

Posted on by

One thing that you learn in the technology space is that change is constant. Companies, solutions, and people who sit on their laurels can find themselves in a position of never-ending catch up. For security operations and application security pro… Continue reading Why You Need Both a WAF and RASP to Protect Your Web Applications