SECURITY INFLUENCERS BLOG

Security influencers provide real-world insight and “in-the-trenches” experiences on topics ranging from application security to DevOps and risk management

START FREE TRIAL

The Last Mile of Application Security & Integrated Development Environments

The Last Mile … a colloquial term that translates to: the final leg of a journey. For example, folks who take public transportation refer to the last mile as the distance between where you are dropped off at the public stop and the distance to your actual destination. 

Application security has a last mile too. 

The “last mile,” for application security, is getting vulnerability data into the hands of the developers that fix it. 

At Contrast, our products are:

Accurate – since nothing in AppSec frustrates developers more than being giving findings which are false positives. 

Real time – since the best time to fix a vulnerability is when developers are actively building product. 

For delivering accurate, real-time data to developers, there is no better place than the integrated development environment (IDE). Integrated Development Environments (IDEs) are the lifeblood of any development organization. In fact, they are the lifeblood of every developer! IDEs provide all the tools necessary to design good software, and code is usually written within the IDE.

To get developers information about their vulnerabilities in the most convenient way, Contrast Assess transforms these security flaws into “just another bug,” making it easier to find and fix vulnerabilities. What’s even better, we integrate with popular bug-tracking tools such as Jira, Microsoft TFS and VSTS, so that the vulnerabilities can be added to a backlog. 

devops-security-program

So, it’s only natural that to help developers build a secure world.

Contrast has announced the availability of new plugins for three IDEs: Eclipse, IntelliJ and Visual Studio. 

These easy-to-install plug-ins communicate directly with Contrast Assess and populate information about vulnerabilities directly into the IDE. 

With Contrast, developers can now treat vulnerabilities like a bug.  You can click through any vulnerability and go directly to the line of source.  By looking at the stack trace Contrast Assess delivers, developers can see how the application was behaving, and why it was flagged as a vulnerability. 

Simply download the plugin and put in your Contrast API credentials. Voila! Vulnerabilities are now displayed right inside your IDE console.  

With these new Contrast plugins, developers now are in charge of the entire vulnerability lifecycle:

  • To tracking it (via VSTS, TFS, Jira, etc.)

  • Until it is fixed by development (via two-way integration with bug trackers)

And, if you’re in a pinch, turn on Protect to automatically block exploits of these vulnerabilities in production.

Applications drive the modern economy and are an integral part of how businesses grow and engage with their customers.  Developers are the engine that drives this capability. Contrast Security turns the last mile into a quick trip by making it easier for developers to innovate and develop code securely … without adding cruft into the process.

self-protecting

 

Kaushik Srinivas

Kaushik Srinivas

Kaushik has architected and built web and mobile apps for more than 10 years. His current area of focus is Web Application Security and how enterprises can adopt security best practices as part of their SDLC in an ever changing world of Agile and DevOps.

SUBSCRIBE TO THE BLOG

Learn how to unify security strategy across & development operations. See how to set up a CAS program with only eight activities!

Download the Handbook