Contrast Assess is purpose-built from the ground up to work interactively with developers as they write and test web applications and APIs. DevOps teams can use Contrast with their standard messaging and build tools, automated provisioning systems and containers such as Slack, Maven, and Docker, to discover and report on vulnerabilities within an application.
Contrast Assess uses deep security instrumentation to produce accurate vulnerability analysis. Development, QA, and Security teams get real-time results as they develop and test software, enabling them to find and fix security flaws early in the SDLC when they are easiest and cheapest to remediate.
Unlike legacy manual application security testing tools, Contrast Assess produces accurate results that developers can immediately act upon. This is due to the automation and visibility Contrast Assess has into the application and its runtime environment. It fuses together the most effective elements of IAST, SAST, and DAST application security testing approaches, with configuration and open-source security analyses, and delivers them directly into applications.
Contrast Assess scales, since it instruments application security into each application, delivering and distributing vulnerability assessment across an entire application portfolio. Every running application continuously produces results in parallel.
Agents that run alongside the application on the application server and perform vulnerability assessment. A centralized management console (TeamServer) that collects and reports on vulnerabilities identified by the agents and controls the deployment.
Contrast provides extensive coverage over the most common application security risks, including the OWASP Top Ten.
Contrast’s innovative security trace format pinpoints exactly where a vulnerability appears in the code, and how it works. Contrast “speaks the developer’s language,” providing remediation guidance that is easy to understand and implement.
Like icebergs, 80% of the code in modern applications is “beneath the surface,” lurking in libraries, frameworks, and other components. Applications often have 50 or more of these libraries, comprising millions of lines of potentially vulnerable code.
Though it may appear simple, application inventory may be the hardest problem to solve for application security teams. Organizations may have hundreds or thousands of applications, Microservices, APIs – each with multiple instances of different versions installed across development and QA – and they’re all constantly changing. Contrast tracks and continuously feeds information about internal and external web services, and their relationships across an application into a unified security inventory and bill of materials that’s always up-to-date.
Contrast automatically generates simple diagrams that illustrate the application’s major architectural components. This information helps the developer quickly identify the meaning of a vulnerability.
"Contrast provides amazing results - confirmed security vulnerabilities with near zero false positives. This is a massive upgrade on their competitors we've used in the past, who tend to provide us a cornucopia of "possible" findings, most of which are false positives and/or overly categorized as critical. We spend more time triaging the issues that we do fixing them. The installation process is stunningly easy. Just install the agent and then use your website normally - don't do a penetration test. From just normal browsing, QA testing, regression testing, and integration tests done as part of the normal SDLC, security vulnerabilities just flow into the Contrast console."
"While the company is small and growing and you experience some of those pains, they have been very responsive to our needs and customer friendly. We are so glad to have found them as their unique technology and solution has saved us a lot of money as we improved the security of our applications and enabled faster development and deployments. Way better than all the other leading product offerings and we have tried nearly every one that was at the top recommendation lists."