X
What is a brute force attack? With a brute force attack, the attacker attempts to crack a password or username using an..
What is .NET core framework? .NET Core is the latest version of .NET Framework, a free, open-source, general-purpose..
What is .NET framework? Microsoft .NET was first released in 2016 as an open-source, cross-platform iteration of the..
Active IAST testing and passive IAST testing Compared with traditional application testing tools and methodologies,..
What is Agile? Agile is a frequently used methodology applied to the management of software development projects. It is..
AI-generated code isn’t inherently more or less secure than human-written code, but the speed it enables can introduce..
What is Apache Struts? Apache Struts is a free, open-source framework for creating elegant, enterprise-ready Java web..
What is Apache Tomcat? Apache Tomcat is an open-source Java servlet and Java Server Page container that lets developers..
What is API security? With organizations pushing forward various digital transformation initiatives, the number of..
What is an application? app stack and tech stack explained Applications encompass a wide range of functionalities to..
Application attacks: An overview Application security vulnerabilities have become a top attack vector that can result..
What is application detection and response (ADR)? In cybersecurity, ADR stands for application detection and response...
Attacks targeting the application layer (Layer 7) are increasingly on the rise, with the application layer now being..
What is application security? Application security is the use of software, hardware, and procedural methods to protect..
Application security testing tools Application security testing describes the various approaches used by organizations..
What is application vulnerability? Application vulnerabilities are flaws or weaknesses in an application that can lead..
Contrast Application Vulnerability Monitoring (AVM) provides best-in-class monitoring that, when combined with our ADR..
ARP stands for Address Resolution Protocol which is used in network communications. ARPs translate Internet Protocol..
Authentication bypass vulnerabilities remain common and can cause significant harm. Traditional application defenses..
What is binary code analysis? Binary code analysis, also referred to as binary analysis or code review, is a form of..
What is broken access control? Broken access control has moved up from #5 in 2017 to #1 in 2021 in the OWASP Top 10..
What is broken authentication? Broken authentication was #2 on the 2017 OWASP Top 10 list. In 2021 the Broken..
What is buffer overflow? Buffers provide a temporary area for programs to store data. A buffer overflow, also known as..
What is code injection? Code injection is the term used to describe attacks that inject code into an application. That..
What is a code repository A code repository is a central location where software developers can store, manage, and..
What is command injection? With a command injection attack, an attacker can hijack a vulnerable application in order to..
What is a computer worm? Computer worms have been around for more than three decades and show no sign of extinction...
What is cross-site scripting? "Cross-site scripting" originally referred to loading the attacked, third-party web..
Cross-site request forgery (CSRF) attack Application attacks are on the rise and becoming more advanced. On average,..
CVE-2016-1000027 Learn about the CVE-2016-1000027 Spring Framework vulnerability, its background, its description, its..
What are dangerous functions? Dangerous functions are the root cause of all Application Security (AppSec) problems. In..
What is a data breach and how to prevent it? A data breach is an incident in which an unauthorized person or entity..
What is DevOps security? DevOps security refers to the practice of safeguarding an organization’s entire..
As organizations rush to embrace various digital transformation initiatives, DevOps (development and operations)..
Contrast Security takes a novel approach to application and API security by creating a digital twin of the application..
Organizations across all industries are transforming digitally to keep up with the competition. Modern software..
What is EDR? Endpoint Detection and Response (EDR) is a cybersecurity solution that monitors and protects endpoints —..
What is expression language injection? Expression Language Injection (aka EL Injection) enables an attacker to view..
What is a false negative? Designing test cases that accurately identify defects in software can be challenging. As..
What is false positive? False positives occur when a scanning tool, web application firewall (WAF), or intrusion..
What is a firewall network security system? A firewall is a network security system that monitors and controls incoming..
What is fuzz testing, or “fuzzing”? In the world of cybersecurity, fuzz testing (or fuzzing) is an automated software..
What is go language? Go language is an open-source programming language used for general purposes. Go was developed by..
Some organizations that promote their solutions as ADR utilize eBPF technology to underpin their offerings. However,..
Definitions of SAST and IAST testing methodologies Static Application Security Testing (SAST) is a static application..
What does incident response mean? In cybersecurity, incident response refers to the process of detecting, analyzing and..
Overview Injection attacks remain one of the most common application attack vectors. To help prevent these attacks,..
Deserialization is a core component of web applications At the heart of the essentially limitless realm of information..
What is code instrumentation? Code instrumentation is a technique where additional code is injected into an..
What is insufficient logging and monitoring? Insufficient logging and monitoring is #10 on 2017 OWASP Top Ten list of..
What is interactive application security testing (IAST)? Application security testing describes the various approaches..
What is java programming language? Java is a programming language and computing platform first released by Sun..
What is JavaScript programming language?? JavaScript is a text-based programming language used both on the client-side..
What is Kotlin programming language? Kotlin is a general purpose, free, open source, statically typed "pragmatic"..
What is Log4Shell? Log4shell is the nickname provided to the Remote Code Execution (RCE) vulnerability that was..
What is malicious code? Malicious code is code inserted in a software system or web script intended to cause undesired..
What is a malicious cyber intrusion? As developers strive to meet the demands of the modern software development life..
What is a Man-In-The-Middle (MITM) Attack? In a man-in-the-middle (MITM) attack, the attacker eavesdrops on the..
For Security Operations (SecOps) professionals and Security Operations Center (SOC) teams, having a low MTTD is crucial..
What is method tampering? Method tampering (aka verb tampering and HTTP method tampering) is an attack against..
The Contrast MCP server is a bridge between Contrast’s data — most notably, the powerful and contextual Interactive..
No matter if you define MTTR as mean time to respond or mean time to remediate, Contrast Security can help you meet..
What is NDR in cybersecurity? Network detection and response (NDR) is a cybersecurity solution that monitors network..
Overview NIST CSF 2.0 provides key guidance to organizations of all sizes looking to improve their security posture...
What is Node.js? Node.js is an open-source, server-side script that runs on top of Google's open-source scripting..
When it comes to code and package security, Runtime Security is the best option out there for both engineering and..
What is OGNL injection (OGNL)? Object-Graph Navigation Language is an open-source Expression Language (EL) for Java..
Implementing a good open source security strategy The term "open source" refers to software in the public domain that..
With attacks targeting OSI layer 7, the application layer, on the rise, organizations need more robust solutions to..
What is OWASP Top 10? The Open Web Application Security Project (OWASP) is a worldwide not-for-profit organization..
What is PCI application? The Payment Card Industry Data Security Standard (PCI DSS) is a set of widely followed..
What is PCI compliance? Payment card industry (PCI) compliance, also referred to as Payment Card Industry Data Security..
What is penetration testing? Penetration testing, also known as pen testing, security pen testing, and security..
What is PHP programming language? PHP (short for Hypertext PreProcessor) is the most widely used open source and..
What is a Project? A project is a collection of source code contained in a ‘folder’, ‘Zip file’, war file or one or..
What is python programming language? Python has become one of the most popular programming languages in the world in..
What is a ReDoS attack? A ReDoS attack is a denial-of-service (DoS) attack that exploits an application’s exponential..
What is regular expression DoS (ReDoS)? Regular expressions can reside in every layer of the web. The Regular..
Get a free trial of Contrast ADR and see how it can protect your applications from cyberattacks that result in RCE...
What is ruby programming language? Ruby is an open-source, object-oriented scripting language developed in the mid-90s..
What is RASP security? Coined by Gartner in 2012, Runtime Application Self-Protection, RASP, is an emerging security..
What is runtime security? Runtime Security is defined as protecting software everywhere it runs. Typically, runtime is..
What is a SAST tool? Static Application Security Testing (SAST) is a static application analysis technique used to..
What is an SBOM (Software Bills of Materials)? Software Bills of Materials (SBOMs) were born out of the need to provide..
What is scala programming language? Scala is a statically-typed, general-purpose programming language that can be both..
What is agile scrum environment? As a set of values and principles that describes a group's day-to-day interactions and..
What is security misconfigurations? Security misconfigurations is #6 on the latest (2017) OWASP Top 10 list. This..
What is a SOC? A SOC is a centralized facility that monitors and analyzes an organization's security systems and data..
Any industry that collects, stores, or processes sensitive data is at risk for a data breach. In 2020, the average cost..
What is session fixation attack? Session fixation and session hijacking are both attacks that attempt to gain access to..
Session hijacking attacks The importance of security is on the rise as digital innovation explodes. And as..
What is software composition analysis (SCA)? Today’s software applications rely heavily on open-source components. SCA..
What is SCA in the repo? What is repository level SCA? When a Software Composition Analysis (SCA) tool scans a..
What is the software development life cycle, aka SDLC? The Software Development Life Cycle (SDLC) is a framework that..
What is spoofing? Spoofing is when a bad actor disguises themselves as a trusted device or user in order to gain access..
What is a spoofing attack? In a spoofing attack, a malicious party or program impersonates another device or user on a..
What is Spring Core? Spring Core (spring-core) is the core of the framework that powers features such as Inversion of..
What is Spring Framework? The Spring Framework provides a comprehensive programming and configuration model for modern..
What is Spring Web MVC? A Model-View-Controller (MVC) architecture for the Spring Framework that can be used to develop..
What is Spring Webflux? Spring Webflux is the reactive-stack web framework added in Spring version 5.0. Reactive..
What is Spring4Shell? Zero-day, remote code execution (RCE) vulnerability in the Spring Framework was Disclosed on..
What is a SQL injection? A SQL injection attack consists of an insertion or injection of a SQL query via the input data..
What is static application security testing (SAST)? Static application security testing (SAST) involves analyzing an..
What is untrusted or insecure deserialization? Serialization refers to the process of converting an object into a..
Cyber crimes are expected to cause more than 6 trillion dollars in damages in 2021. By the year 2025, it's estimated..
What is vulnerability scanning? Vulnerability scanning is the finding of security flaws and vulnerabilities, analyzing..
What is vulnerability testing? Vulnerability testing is an assessment used to evaluate application security by..
WAF vs. RASP security tools: a defense in depth approach to application security In today's threat landscape, web..
What is a web application? A web application is a program that can be accessed through a web browser and runs on a web..
While web application firewalls (WAFs) have long played — and continue to play — a key role in defending applications..
What is a web browser attack? A web browser attack is a type of cyber attack that targets vulnerabilities in web..
Development teams are a fundamental part of organizations, with digital transformation ascending to the top of..
What is a path traversal attack? Understanding the harm it can cause Path traversal attacks use an affected application..
Understand the different types of XSS attacks and how to protect against them. Cross-Site Scripting (XSS) - a common..
With zero-day exploits on the rise, organizations need robust defenses designed to protect their applications against..
What is zip file overwrite? Zip file overwrite (also known as Zip Slip) exploits a vulnerability that is found in..