With apologies to our IP attorneys, we present the first in a blog series pulling back the curtain on our RASP tech! So excited to share all this. We are going to talk about how all of our rules work. Tell your techie friends!

As promised, I spill some details on how our RASP uses instrumentation to stop zip file overwrite attacks: contrastsecurity.com/security-influ…

We spoke last year at BlueHat (Matt Austin and I). Didn't know those talks get posted. We go into some good detail making the case for RASP and how RASP should work! youtube.com/watch?v=2xmgPC…

RASP in the browser! Just, protecting you, the user, from evil or compromised sites, instead of the apps you develop.

After years of stealth R&D I’m excited to add pipeline-native SAST to the Contrast appsec platform!!

“Hey, you know how we built social networks and they’re literally destroying society? let’s do that again, but wayyyy more immersive and with 10000x the attack surface.” How do I have friends working at Facebook? You really Facebook is the one to steward our world?

There may be many ways to avoid detection :_( jndi: jn${env::-}di: jn${date:}di${date:':'} j${k8s:k5:-ND}i${sd:k5:-:} j${main:\k5:-Nd}i${spring:k5:-:} j${sys:k5:-nD}${lower:i${web:k5:-:}} j${::-nD}i${::-:} j${EnV:K5:-nD}i: j${loWer:Nd}i${uPper::} log4j bypass

64% of the Java apps we monitor package log4j2, 58% are vulnerable, but only 37% actually use log4j2. log4j2 is your favorite library's favorite library. More numbers in here.

This is not saying "Struts 2 is safe", but I added some unit tests to OgnlTest & ParameterInterceptorTest and it seems to defend against the new path

Hi! I made a new thing. Would love feedback from Java + Python devs right now, email/DM/signup/whatever! Short version: dependabot, but for your code.

Matt Austin one of our security researchers, strikes again! ⚡️ arshan writes about CVE-2023-30587, the bypass that Matt discovered in the Node.js sandbox in the latest Pixee blog post: pixee.blog/breaking-down-…

Codemodder – A new codemod library for Java and Python codemodder.io