Contrast Security Adds Go Language Support For Industry's First Interactive Application Security Analyzer
New agent delivers dramatically better accuracy and lower false positives than legacy application security approaches — particularly critical for API security
LOS ALTOS, Calif., May 6, 2021 – Contrast Security today announced the addition of the Contrast Go agent to the Contrast Application Security Platform — the industry's most comprehensive DevSecOps platform. Contrast virtually eliminates false positives that plague legacy application security testing that approaches security from the outside-in. Using instrumentation to embed the agent within software, Contrast dramatically reduces security noise resulting from false positives while empowering developers to easily and quickly fix vulnerabilities themselves.
The Contrast platform delivers the industry's first interactive application security analyzer for Go language applications. Its release is particularly important for organizations seeking to secure application programming interfaces (APIs). As building APIs is one of the primary uses of Go (done by 74% of developers), organizations previously had to secure and protect these APIs using legacy application scanning solutions. In addition to generating high rates of false positives, these legacy scanning tools missed unknown threats. The Contrast Go agent performs software composition analysis (SCA) to locate known vulnerabilities while employing integrated analysis that analyzes API runtime to detect unknown vulnerabilities. Additionally, if a new — previously unknown — vulnerability is discovered at a later date, the Contrast DevSecOps Control Center shows which applications are affected.
"Extending Contrast platform coverage to include Go applications makes it possible for organizations to dramatically reduce application risk at both test and runtime in ways that were not previously possible," said Steve Wilson, Chief Product Officer at Contrast Security. "Contrast eliminates false-positive security alerts that plague legacy application security approaches. These inundate security teams with alerts that pose no risk and bog down development release cycles. For applications in Go, a better alternative did not exist until now. The Contrast Go agent detects only those vulnerabilities that matter while making it simple and fast for developers to remediate vulnerabilities on their own.
Contrast enables organizations to address vulnerabilities in both custom and open-source code in Go applications. The integrated analysis approach of Contrast weaves sensors into an application to trace data flow and improve the accuracy and quality of vulnerabilities found — for everything from path traversal to injection attacks. The Contrast Go agent works by source rewriting to add fail-safe entry-exit sensors to different methods based on what they do. The impact to performance is low and only impacts test environments rather than production deployments. At build time, the composition analysis takes only a couple of seconds to surface results.
Contrast's unique approach supports security testing as well as delivers active protection of applications in production environments with very little performance impact while providing tremendous risk-reduction benefits. The release of Go support in the Contrast Application Security Platform extends Contrast's already extensive language support that includes Java, .NET, Node.js, Ruby, and Python.
Contrast customer Teradata, the connected multi-cloud data platform for enterprise analytics, uses Contrast for dynamic application security testing.
“Teradata leverages Golang to deliver API services that can match the proven scale of Teradata Vantage, providing support for the most effective platform for delivering business outcomes to our customers around the globe,” said Ian Anderson, Application Security Architect, and Javier Godinez, Director of Product Security at Teradata. “Security is a top priority, and given our firm belief in an open partnering approach throughout the data analytics ecosystem, we were thrilled to be involved in the early stages of integrating the Contrast Go agent into our Application Security Platform. The new capability will help streamline and automate our security processes for Go applications.”
About Contrast Security:
Contrast Security is the leader in modernized application security, embedding code analysis and attack prevention directly into software. Contrast's patented deep security instrumentation completely disrupts traditional application security approaches with integrated, comprehensive security observability that delivers highly accurate assessment and continuous protection of an entire application portfolio. This eliminates the need for disruptive scanning, expensive infrastructure workloads, and specialized security experts. The Contrast Application Security Platform accelerates development cycles, improves efficiencies and cost, and enables rapid scale while protecting applications from known and unknown threats.
Recent Press Releases
Contrast Security DevSecOps Expert to Educate SecTor 2022 Attendees on How to Achieve the Cultural Shift to a Developer-First Security Approach
Contrast Security to Discuss Major Market Shift to Cloud-Native & Importance of Serverless Application Security at InfoSec World 2022
Contrast Security DevSecOps Transformation Architect to Present Top API Security Risks at TechStrongTV’s AppSec/API Security Virtual Event
Award and Recognition
Contrast Security Makes Its Debut on the Inc. 5000 List of America’s Fastest Growing Companies
Contrast Security Named Enterprise Security Tech Cyber Top 20 Company
Contrast Security Named Publisher’s Choice DevSecOps and Market Leader Software Development Lifecycle Security by Global InfoSec Awards