This report highlights analytics gathered from within 1,857 running applications, which included several thousand different open source libraries, frameworks, and modules.
Software Libraries Represent Just 7 % of Vulnerabilities
Custom Code Accounts for 93% of Overall Vulnerabilities
If these stats look interesting, you need to read the full report. You'll get all analysis results gathered by Contrast Labs from running applications and APIs using Contrast’s security analysis and protection platform.
Being named a Visionary validates Contrast's ability to replace legacy application security testing solutions. Read the NEW 2017 report to see:
See how Contrast is transforming the market by delivering a solution that is a perfect fit with agile, DevOps-friendly, high-velocity software development.
We reject the old paradigm of periodic and serial scanning, hacking, and patching, which has proven expensive and ineffective. Instead, Continuous Application Security (CAS) relies on security instrumentation in every application. This instrumentation provides security visibility, assessment, and protection in real time and in parallel across the entire application portfolio.
CAS is a unified program covering the entire software lifecycle, including both development and production, designed to create a clear line of sight from the threat to strong defenses, and ultimately to assurance.
This paper reviews why today's application security does not work and how they failed to deliver on their promises. Worse, the adoption of these tools has caused tensions within businesses and, in some cases, cultivated a false sense of security. After reviewing some of the pitfalls of legacy application security tools and why they have failed, a new approach for securing applications will be introduced. An approach that provides the speed, visibility and accuracy across the entire application portfolio while delivering all layers off defense that organizations need.
An introduction to the philosophy of Interactive Application Security Testing (IAST) and how it enables continuous realtime application security. Learn how instrumentation works to find vulnerabilities, insecure libraries, and how it compares to other security testing methodologies.
Did you know that 29.8 million (26%) of library downloads have known vulnerabilities? Learn more about this prelavent issue and how to prevent hacks from software libraries. The study analyzies millions of downloads of libraries from the Central repository and identifies startling patterns of insecure component used by major enterprises. This analysis reveals interesting findings and insights, including:
Contrast Security has witnessed and assisted in the revolution of information security in an agile & DevOps-first world. Provided in this technical brief are the most important lessons learned through the years and seen consistently across every successful DevOps focused organizations.
Establishing a DevOps-ready security program is possible. Leveraging the 6 pro tips outlined in this brief will allow you to do that in a way that gives you quick wins, gets key stakeholders on board and improves total cost of ownership.
For many vendors, “coverage” is the third rail — but perhaps the most critical part of your application security strategy. It is a deceptively complex concept, but in this Technical Brief, our recommendations can help you build an application security program that allows you to understand and improve coverage, instead of just measuring the size of your pile of vulnerabilities.
Application security professionals need to investigate what RASP can do for their organizations. From visibility into application security events, to better, broader application protection, to security that fits with modern application approaches, RASP promises to deliver where legacy application security solutions have come up short.
This Executive Brief outlines 5 facts that executives must know about RASP. RASP is an emerging technology that lets organizations accurately easily stop hackers from comprising the #1 data breach vector – custom enterprise applications.
RASP products use instrumentation to automatically and accurately weave protection directly into applications, without requiring any application changes. The result: applications can defend themselves against attacks in real-time. Instrumentation technology has already helped transform other markets, such as Application Performance Monitoring. Leading vendors such as Dynatrace, New Relic and AppDynamics have successfully employed this approach. By leveraging instrumentation, RASP delivers a level of accuracy with the potential to dramatically alter the product and labor costs for securing apps against determined attackers.
In 2015, the Cyber Security Division of the United States Department of Homeland Security (DHS) co-funded an application security benchmark project to measure the speed, coverage, and accuracy of application security products. The Open Web Application Security Project (OWASP) Benchmark Project lets organizations freely assess products they have or are planning to use. The results demonstrate conclusively that most organizations are operating with a false sense of security, and need to revisit their application security technology choices.
With the OWASP Benchmark, organizations now have a way to systematically evaluate the strengths and weaknesses of their current solutions and alternatives. Contrast Enterprise, which the OWASP Benchmark demonstrated is exceptionally accurate, is a natural choice to augment or replace existing SAST and DAST solutions.