“Before Contrast, we were using different static application security testing (SAST), software composition analysis (SCA), and WAF solutions. We found ourselves overwhelmed with tool soup. Contrast consolidated everything into a single platform with accurate and fast results that we were not aware of before. The ability to offer interactive application security testing (IAST) and runtime application self-protection (RASP) in a single agent was a major selling point for us. The platform features were more mature than their competition and made it easier to manage, integrate and consume results. We were also impressed with the seamless onboarding process. As an example, Contrast is protecting us against the recently disclosed Log4j vulnerability without having to patch or update our servers.”
Just received the official notification that Contrast is protecting against this. GREAT WORK! This highlights a really big win and has direct resource impacts for folks internally using it. They actually get to have the weekend off vs. other teams scrambling to fix.
We were able to analyze whether our own built software would be vulnerable to the Log4j zero-day, using the Contrast Secure Code Platform, and got the answer within 30 seconds by just looking at the Libraries menu! How fast is that!
Contrast provided useful reporting on log4j CVE for apps onboarded to Contrast. We also used information from your blog. After this week I can categorically say there is a LOT more interest in Contrast