What it Does

Contrast CE is a free and full-strength application security platform that provides “always on” IAST, RASP, and SCA for Java applications and APIs (other languages coming soon). Contrast isn’t a scanner or firewall, instead it works from inside the running application -- like an AppDynamics or NewRelic for security. This approach is easier, faster, and more accurate than legacy AppSec tools.

Protect Against Attacks

Powerful Runtime Application Self-Protection (RASP) to prevent security bugs from being exploited in production

Assess Custom Code

Instant and accurate Interactive Application Security Testing (IAST) to find security bugs (i.e., vulnerabilities) in your custom code, including OWASP Top 10

Secure Open Source Software

Continuous inventory and software composition analysis (SCA) to ensure the security of open source software libraries and frameworks

Getting Started

  1. Sign up for a Free account
  2. Add the Contrast agent to your app
  3. Enjoy!

Create Free Account

Key Integrations

  • Development
    CS CE Page V1 CS CE Page V1 (1) CS CE Page V1 (2) CS CE Page V1 (5) CS CE Page V1 (4) CS CE Page V1 (3) CS CE Page V1 (6)
  • Testing
    gradle jenkins maveen bamboo junit
  • QA
    jira threadfix bugzilla serena
  • Operations
    splunk arcsight log-rythem pager-duty even-vault
  • Supported Environments
    amazon pivotal azure docker CS CE Page V1 (7)

Why We Built It

The world faces a software security crisis where most organizations are unable to perform even basic application security, putting everyone's personal financial, healthcare, and other data at risk. Firms can't rely on their development teams to address security and must depend on hard-to-find security experts, slow and inaccurate tools, and lengthy, complex review processes late in the SDLC.

To make modern security available to all organizations, large or small, regardless of ability to pay, Contrast Security launched Community Edition in 2018, a free and full-strength application security platform that provides “always on” IAST, RASP, and SCA for Java applications and APIs.