Contrast Security today has been included as a select product for Interactive Application Security Testing in the IDC TechBrief, Interactive Application Security Testing, (doc #US49376522, July 2022). According to the IDC Tech Brief, “Contrast Security is a pioneer in the IAST space. Assess is an organically developed IAST solution with a wide collection of supported programming languages and the ability to set up security gates and controls.”
With Contrast Assess and its breakthrough IAST technology, development teams can secure every line of code. Contrast Assess continuously detects and prioritizes vulnerabilities and guides developers on how to eliminate risks, all with industry-leading accuracy, efficiency, scalability and coverage. By embedding sensors inside applications, organizations can “shift left” and discover vulnerabilities earlier in the Software Development Life Cycle (SDLC). This enables companies to significantly decrease security team triage and DevOps remediation expenses. In addition, reducing alert noise, caused by false positives, helps eliminate hours of work required of DevOps teams to find and fix vulnerabilities without in-depth understanding of a specific vulnerability’s priority.
"Interactive application security testing provides important capabilities that modern software development teams need to improve their security posture and streamline their DevSecOps capabilities," said Jim Mercer, research director, DevOps and DevSecOps at IDC. "As organizations develop application security strategies, they need to understand how an IAST solution can play a role in avoiding a costly breach in application security while enabling their developers to be more engaged in the security of their applications." [1]
Instrumentation allows IAST to monitor your applications continuously for vulnerabilities and to monitor them throughout the development lifecycle. IAST also analyzes open-source libraries for both known and unknown vulnerabilities and produces detailed software bills of materials (SBOMs) for every application and application programming interface (API). This enables Contrast to find the next application vulnerability — like Spring4Shell and Log4Shell (commonly known as Log4j) — before it becomes a disclosed Common Vulnerability and Exposure (CVE) or major incident. Contrast’s Fortune 500 and global enterprise customers were all protected from the Log4j attacks in December 2021 because the Contrast Platform provides three layers of defense, including Contrast Assess, which detects the underlying vulnerability in applications.
“The days of long-running static and dynamic scanning are over. Contrast’s innovations in dynamic security instrumentation make real-time security testing possible without compromising accuracy,” said Jeff Williams, co-founder and CTO at Contrast Security. “Frictionless security feedback creates the tight feedback loops which are the key to aligning security and development and unlocking the benefits of DevSecOps.”
IDC is at the forefront of understanding the true value of code security with this IDC TechBrief, which examines the benefits of using IAST. It is a foundational technology for DevSecOps adoption, which can both improve security posture and accelerate the delivery of secure code to customers. The firm highlights that IAST is often considered a superset of Static Analysis Security Testing (SAST) and Dynamic Analysis Security Testing (DAST) security scanning tools, since it has a view of the running application and all the moving parts within the technical stack.
The IDC TechBrief also explains the urgency behind the adoption of IAST, given the increase in application/API breaches and increasing regulation from both government and compliance. There is an imminent threat to both financial and reputational risk. Supported by President Biden’s executive order on improving the nation’s cybersecurity, our customers, governments and many of the world’s largest companies are investing in code security prevention and resilience against software cyberattacks.
For more information about Contrast’s IAST solution, Contrast Assess, please visit our webpage and check out the content below.
IDC TECHBRIEF:[2] https://www.contrastsecurity.com/2022-idc-iast-report
CONTRAST ASSESS SOLUTION BRIEF: Contrast Assess with Interactive Application Security Testing (IAST)
