Contrast Security

𝘖𝘶𝘳 𝘭𝘢𝘵𝘦𝘴𝘵 𝘳𝘦𝘴𝘦𝘢𝘳𝘤𝘩 𝘴𝘩𝘰𝘸𝘴 𝘸𝘩𝘦𝘳𝘦 𝘢𝘵𝘵𝘢𝘤𝘬𝘦𝘳𝘴 𝘢𝘳𝘦 𝘢𝘤𝘵𝘶𝘢𝘭𝘭𝘺 𝘨𝘦𝘵𝘵𝘪𝘯𝘨 𝘪𝘯. 𝗜𝗻 𝘁𝗵𝗲 𝗦𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝗨𝗻𝗱𝗲𝗿 𝗦𝗶𝗲𝗴𝗲 𝟮𝟬𝟮𝟱 𝗿𝗲𝗽𝗼𝗿𝘁, 𝘆𝗼𝘂’𝗹𝗹 𝗱𝗶𝘀𝗰𝗼𝘃𝗲𝗿: 🔍 𝗪𝗵𝘆 𝗮𝘁𝘁𝗮𝗰𝗸𝗲𝗿𝘀 𝗮𝗿𝗲 𝘀𝘁𝗶𝗹𝗹 𝘄𝗶𝗻𝗻𝗶𝗻𝗴 — and the blind spots most tools leave behind 🎯 𝗪𝗵𝗶𝗰𝗵 𝘃𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 𝘁𝗿𝘂𝗹𝘆 𝗴𝗲𝘁 𝗲𝘅𝗽𝗹𝗼𝗶𝘁𝗲𝗱 — and which are just noise 🏗️ 𝗛𝗼𝘄 𝗹𝗮𝗻𝗴𝘂𝗮𝗴𝗲 & 𝗮𝗿𝗰𝗵𝗶𝘁𝗲𝗰𝘁𝘂𝗿𝗲 choices quietly shape your real risk ⚡ 𝗛𝗼𝘄 𝗹𝗲𝗮𝗱𝗶𝗻𝗴 𝘁𝗲𝗮𝗺𝘀 𝘀𝗵𝗶𝗳𝘁 𝗳𝗿𝗼𝗺 𝗖𝗩𝗘-chasing to stopping live runtime threats 📍 𝗥𝗲𝘀𝗲𝗿𝘃𝗲 𝘆𝗼𝘂𝗿 𝘀𝗽𝗼𝘁 → https://okt.to/unC4hD #AppSec #RuntimeSecurity #ADR #AICode

𝗧𝗵𝗿𝗼𝘄𝗯𝗮𝗰𝗸 𝘁𝗼 𝗼𝘂𝗿 𝗕𝗹𝗮𝗰𝗸𝗛𝗮𝘁 𝗮𝗳𝘁𝗲𝗿𝗽𝗮𝗿𝘁𝘆 𝘄𝗶𝘁𝗵 𝗦𝗽𝗹𝘂𝗻𝗸 𝗮𝗻𝗱 𝗖𝗶𝘀𝗰𝗼 𝗮𝘁 𝗔𝗹𝗹𝗲𝗴𝗶𝗮𝗻𝘁 𝗦𝘁𝗮𝗱𝗶𝘂𝗺! #BlackHat #Splunk #Cisco #Allegiant Stadium #ADR 

🚨 𝟮 𝗺𝗶𝗹𝗹𝗶𝗼𝗻 𝗮𝘁𝘁𝗮𝗰𝗸𝘀. 𝗭𝗲𝗿𝗼 𝗯𝗿𝗲𝗮𝗰𝗵𝗲𝘀. 𝗝𝘂𝗹𝘆’𝘀 𝗔𝗗𝗥 𝗥𝗲𝗽𝗼𝗿𝘁 𝘀𝗵𝗼𝘄𝘀: 🔴 One org hit with 𝟮𝗠+ 𝗮𝘁𝘁𝗮𝗰𝗸𝘀 𝗶𝗻 𝗮 𝘀𝗶𝗻𝗴𝗹𝗲 𝗺𝗼𝗻𝘁𝗵 🔴 Another targeted by a 𝗺𝘂𝗹𝘁𝗶-𝘃𝗲𝗰𝘁𝗼𝗿 𝗰𝗮𝗺𝗽𝗮𝗶𝗴𝗻 (𝘚𝘘𝘓𝘪, 𝘗𝘢𝘵𝘩 𝘛𝘳𝘢𝘷𝘦𝘳𝘴𝘢𝘭, 𝘜𝘯𝘵𝘳𝘶𝘴𝘵𝘦𝘥 𝘋𝘦𝘴𝘦𝘳𝘪𝘢𝘭𝘪𝘻𝘢𝘵𝘪𝘰𝘯) 🔴 Every attempt 𝗯𝗹𝗼𝗰𝗸𝗲𝗱 𝗶𝗻 𝗿𝗲𝗮𝗹 𝘁𝗶𝗺𝗲 𝗯𝘆 𝗖𝗼𝗻𝘁𝗿𝗮𝘀𝘁 𝗔𝗗𝗥 👉 𝗥𝗲𝗮𝗱 𝘁𝗵𝗲 𝗳𝘂𝗹𝗹 𝗝𝘂𝗹𝘆 𝗔𝗗𝗥 𝗥𝗲𝗽𝗼𝗿𝘁: [https://okt.to/I3l5fm #ADR #SQLi #PathTraversal #UntrustedDeserialization

I’ve been cranking away at lots of research lately. If you get IDC publishing notifications for me, brace yourself for a September flood. I just submitted my Application Security Budget Outlook and Spending Trends report today. A standout insight: AI-powered security features (62%) and software supply chain protection (59%) are now the top drivers of AppSec budget growth. The timing could not be more relevant. Today’s Nx npm package compromise, where malicious versions weaponized AI CLI tools to steal credentials, shows just how quickly supply chain threats are evolving, making these areas a natural focus for new investment.

🔍 𝗧𝗵𝗲 𝗮𝘁𝘁𝗮𝗰𝗸𝗲𝗿'𝘀 𝗮𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗼𝗻 𝗽𝗹𝗮𝘆𝗯𝗼𝗼𝗸 𝗲𝘅𝗽𝗼𝘀𝗲𝗱. 𝗧𝗵𝗲 𝟴𝟱% 𝗿𝘂𝗹𝗲: 𝗝𝘂𝘀𝘁 𝟱 𝘁𝗲𝗰𝗵𝗻𝗶𝗾𝘂𝗲𝘀 𝗱𝗿𝗶𝘃𝗲 𝗻𝗲𝗮𝗿𝗹𝘆 𝗮𝗹𝗹 𝗽𝗿𝗼𝗯𝗲𝘀 𝗧𝗼𝗽 𝗽𝗿𝗼𝗯𝗲𝘀 𝗼𝗯𝘀𝗲𝗿𝘃𝗲𝗱 1️⃣ 𝗣𝗮𝘁𝗵 𝗧𝗿𝗮𝘃𝗲𝗿𝘀𝗮𝗹 → 34.8% 2️⃣ 𝗥𝗲𝗳𝗹𝗲𝗰𝘁𝗲𝗱 𝗫𝗦𝗦 → 18.2% 3️⃣ 𝗦𝗤𝗟 𝗜𝗻𝗷𝗲𝗰𝘁𝗶𝗼𝗻 → 13.0% 4️⃣ 𝗨𝗻𝘁𝗿𝘂𝘀𝘁𝗲𝗱 𝗗𝗲𝘀𝗲𝗿𝗶𝗮𝗹𝗶𝘇𝗮𝘁𝗶𝗼𝗻 → 11.2% 5️⃣ 𝗖𝗼𝗺𝗺𝗮𝗻𝗱 𝗜𝗻𝗷𝗲𝗰𝘁𝗶𝗼𝗻 → 8.4% 𝗦𝗲𝗲 𝘁𝗵𝗲 𝘁𝗼𝗽 𝗮𝘁𝘁𝗮𝗰𝗸 𝘁𝗮𝗰𝘁𝗶𝗰𝘀 𝗮𝗻𝗱 𝘄𝗵𝗮𝘁’𝘀 𝗲𝗺𝗲𝗿𝗴𝗶𝗻𝗴 𝗶𝗻 𝟮𝟬𝟮𝟱 → [Get the full report] https://okt.to/lJs5wc #ThreatIntelligence #CISO #SOC #RuntimeSecurity #APIProtection

🐶 🐕 𝗦𝗮𝘆 𝗵𝗲𝗹𝗹𝗼 𝘁𝗼 𝗼𝘂𝗿 𝗳𝘂𝗿𝗿𝘆 𝗳𝗿𝗶𝗲𝗻𝗱𝘀! 𝘏𝘢𝘱𝘱𝘺 #𝘐𝘯𝘵𝘦𝘳𝘯𝘢𝘵𝘪𝘰𝘯𝘢𝘭𝘋𝘰𝘨𝘋𝘢𝘺 𝗣𝗼𝘀𝘁 𝗮 𝗽𝗵𝗼𝘁𝗼 𝗼𝗳 𝘆𝗼𝘂𝗿 𝗽𝘂𝗽 𝗶𝗻 𝘁𝗵𝗲 𝗰𝗼𝗺𝗺𝗲𝗻𝘁𝘀 and let’s fill this feed with cuteness overload! 🐾💛 Thor (David Lindner), Quinn and Gabby (Jake Milstein), Reef (Michele Leung), Sansa (Ian Melrose), Honey (Kelly Dress),  Milo (Sophie Wells), Samoyed (Jonah Capozzoli), Boomer, Lucy and Owen (Jamie Polick), Gumbo and Pibe (Pee-bay) (Tracey Mead) , Buzz (Charlotte Durrant) Timber and Bella (Holly Farmer), Lotti (Jessica Hansmann), Tilly (Sean C.) , Azul (Munir C.), Toast (Gavin Fenton), Toffee (Kate Lapan Fox), Kike Hernandez (Taline Felix)

Mark the date. "Shift left is dead" --Gartner

𝗠𝗲𝗲𝘁 Maarten B. 𝗛𝗲 𝘀𝗽𝗼𝗸𝗲 𝗮𝘁 𝗙𝘂𝘁𝘂𝗿𝗲𝗖𝗼𝗻 𝗦𝗮𝗹𝘁 𝗟𝗮𝗸𝗲 𝗖𝗶𝘁𝘆 𝘄𝗵𝗲𝗿𝗲 𝘁𝗵𝗲 𝗮𝘂𝗱𝗶𝗲𝗻𝗰𝗲 𝗮𝘀𝗸𝗲𝗱 𝘁𝗼𝘂𝗴𝗵 𝗾𝘂𝗲𝘀𝘁𝗶𝗼𝗻𝘀 𝗼𝗻 𝗔𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻 𝗮𝗻𝗱 𝗥𝗲𝘀𝗽𝗼𝗻𝘀𝗲 (𝗔𝗗𝗥): ❓ Do the 𝘁𝗵𝗿𝗲𝗮𝘁𝘀 𝗴𝗼 𝘁𝗼 𝗮 𝗱𝗮𝘁𝗮𝗯𝗮𝘀𝗲? ❓ What is the 𝗽𝗲𝗿𝗳𝗼𝗿𝗺𝗮𝗻𝗰𝗲 𝗶𝗺𝗽𝗮𝗰𝘁 𝗼𝗳 𝗔𝗗𝗥? ❓ When you run 𝗔𝗜 𝘁𝗼 𝗳𝗶𝘅 𝗮 𝘃𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆, does it run its 𝗼𝘄𝗻 𝘁𝗲𝘀𝘁 𝘀𝗰𝗿𝗶𝗽𝘁𝘀? ❓ If the 𝗱𝗲𝘃𝗲𝗹𝗼𝗽𝗲𝗿 𝗱𝗼𝗲𝘀 𝗻𝗼𝘁 𝘁𝗲𝘀𝘁 𝘁𝗵𝗲 𝗔𝗜 𝗳𝗶𝘅, then what happens? We have some interesting findings for you. Come check out this talk with Jeff Williams, Tyler Rosonke, Naomi Buckwalter, and Jake Milstein, to learn about what every security leader needs to know about application defense. 📍 𝗥𝗲𝘀𝗲𝗿𝘃𝗲 𝘆𝗼𝘂𝗿 𝘀𝗽𝗼𝘁 → https://okt.to/unC4hD #ADR #FutureCon