PRESS RELEASE: Contrast Security Named the Only Visionary in Gartner 2017 Magic Quadrant for Application Security Testing

logo-gartner.jpgCompany growth, innovative technology and fit with DevOps strengthen Contrast in a fast growing market

Los Altos, Calif. – March 2, 2017Contrast Security, the first company to enable self-protecting software, today announced it was named the only Visionary vendor in the February 2017 Gartner Magic Quadrant for Application Security Testing (AST). Contrast considers this placement validation of its ability to replace the legacy application security solutions that have been on the market for more than 10 years.

As software is being created at a faster pace, using new development techniques, the need for application security has never been more critical. Gartner’s Magic Quadrant for AST states that software “application security testing is growing faster than any other security market as AST solutions adapt to new development methodologies and increased application complexity.” And, “by 2019, enterprise IAST adoption will have exceeded 30 percent.”

Contrast believes that in order to meet the market need, a new, fully automated and breathtakingly accurate approach is required – one that performs at DevOps speed and enterprise scale. To effectively protect software applications, continuous security must go along with continuous integration, delivery and deployment to provide up-to-the-minute analysis of web application vulnerabilities.

The reality is that most legacy approaches to application security require multiple products and an army of application security experts. With Contrast Assess, developers can finally instantly discover and secure their own vulnerabilities without requiring security experts or having to wait hours or days for a security testing scan to complete.  

Contrast Assess: Why It Works

Contrast Assess uses deep security instrumentation to analyze code in real time from within the application. Contrast produces accurate results, continuously, which is ideal for DevOps style environments, transparent to developers and security specialists, and does not require training or experts. Contrast works everywhere software is developed and run: on-premises, in the cloud and containers, and even elastic and hybrid environments.

Contrast Assess covers more code, produces more accurate results and verifies a broader range of security rules than either Static Application Security Testing (SAST) or Dynamic Application Security Testing (DAST) tools. In fact, Contrast Assess delivers all the analysis capabilities and benefits of IAST (Interactive Application Security Testing), SAST, DAST, SCA (Software Composition Analysis) and more, combined into a single, integrated and continuous application security platform.

Contrast Assess and Protect: A Complete Application Security Solution

Application Security Testing is only part of a complete solution. The Contrast platform also includes Contrast Protect, our Runtime Application Self-Protection (RASP) solution which delivers attack monitoring and blocking, CVE Shields, bot blocking and zero-touch application security log enhancement. Contrast Protect leverages the same powerful instrumentation platform as the revolutionary Assess product, providing incredibly fast, accurate, and scalable protection for the application layer. Contrast also provides a comprehensive set of application security APIs that enable automation and orchestration of continuous application security across the entire SDL.

Contrast is the only solution that provides both application security testing and protection in a single integrated product. The Contrast platform ensures application security from the first line of code written all the way through production and operations.

The Contrast Vision

Contrast’s vision is one where application security testing products are accurate, continuous and scalable, therefore dramatically reducing the need for software security expertise. This enables organizations to:

  • Focus on their business
  • Innovate faster
  • Sleep at night                                                         

“We are confident that no other vendor has the right market vision, and that no other product – IAST or otherwise – embodies this vision like Contrast does,” said Jeff Williams, CTO and cofounder of Contrast Security. “Our Assess solution straddles the definitions of all application security testing and analysis tools – IAST, SAST, DAST, SCA – combining the best elements of each technique, while minimizing the weakness inherent in each individual approach. As a result, our customers get the most accurate results, at the speed of today’s modern development environments. 

Continuing Issues with Application Security

Despite the fact that the vulnerabilities in the OWASP Top Ten have been documented for over a decade, they are still a major problem. Data recently collected by Contrast Labs from the Contrast Security platform found that there were an average of 45 vulnerabilities per application. The most common vulnerability was sensitive data exposure, which plagues 69 percent of web applications.


“With such strong awareness of web application vulnerabilities, it’s disheartening to see that they are still happening with such frequency,” said Williams. “Insecure code has become the leading security risk for business today. Our data further demonstrates the need for disruption and reinvention in application security, with solutions that can keep pace with new development methodologies and increased application complexity.”

A full copy of the Gartner AST MQ can be downloaded here.


Required Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose

About Contrast Security

Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production. More information can be found at or by following Contrast on Twitter at @ContrastSec.

Mark Hodgson, Vice President of Marketing

Mark Hodgson, Vice President of Marketing

Mark's extensive experience spans over 28 years in marketing high-tech products and services to consumers and corporations. Specific area of expertise is application security and mobile application security.


Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook