Yesterday we (Contrast Security) announced availability of our Contrast agent for Microsoft .NET. We wanted to first take this opportunity to thank our Beta testers, developers, and everyone else involved in getting this incredibly useful product to market. It was a big effort and a major achievement for the company. It, of course, won’t be the last platform we’ll support. There is more on the way.
Microsoft applications are in many ways no different from Java applications; they can be coded with many of the same security flaws that, as we’ve seen in the beta tests, can go undetected for years.What’s different about Microsoft .NET is the lack of tools that specifically understand the details of .NET running code to accurately identify security flaws. I won’t go too deep into that, Jeff Williams, our CTO, covers it in his own blog post.
Like Contrast for Java, Contrast for .NET enables Microsoft .NET web applications to continuously test themselves for dozens of common and uncommon dangerous vulnerabilities. It continuously verifies the security of Microsoft .NET applications as they are developed, tested and run, even on the Microsoft Azure cloud service.
Contrast .NET easily and continuously verifies your .NET applications for security issues
As an agent extension to the existing Contrast SaaS and on-site software platform, there is nothing new for Contrast customers to buy or learn, .NET applications are automatically discovered after a simple agent install and the results of our continuous run-time analysis are presented in the existing Contrast Team Server console in exactly the same way as for Java.
Contrast for .NET also features:
- Accurate identification of dozens of vulnerabilities in code, configuration and run-time
- A fast and familiar and easy-to-use zero-configuration installer. The installer can also be run silently through a script during build processes in development, integration and production.
- Support for .NET 2.0 and later applications. This enables retroactive security analysis of legacy apps dating back to 2005.
- Support for Microsoft C#, Visual Basic and composite applications.
- Unofficial support for many more CLR compiled languages.
- Support for applications built on ASP.NET web platforms including ASP.NET, Web Forms, Web Pages, and MVC
- Context sensitive .NET remediation guidance that educates developers as issues are discovered
- Full code-level pinpointing and stack analysis that enables clear communication between AppSec personnel and developers for fast remediation
- Support for Microsoft Azure cloud service instances
- Fast performance, equal to or better than that of our optimized Java agent
Again we would like to thank everyone who helped us get Contrast .NET into production. Give Contrast .NET a try and let us know what you think in the comments. It is available now at app.contrastsecurity.com if you already have an account and through our on-site Enterprise software. Please let us know and we’ll walk you through a quick demo.
Developing a robust application security program does not need to be a daunting task...
Perhaps, all it takes is rethinking your existing program and moving to one that leverages a continuous application security (CAS) approach. Organizations practicing CAS quickly determine how a new risk affects them, design a defense strategy, and measure their progress to 100% coverage. By implementing eight functions within an enterprise you can assemble an effective application security program.