Traditional application security (AppSec) models that use static application security testing (SAST) and dynamic application security testing (DAST) are plagued by development delays, false positives, as well as false negatives. False positives are a foundational weakness of security results from code scanners that are “blind” to the runtime context of applications such as the controller, application logic, data layer, presentation view, user libraries, open-source components, and application server.
In addition to the above, their point-in-time security approaches, which are signature based, only identify known threats and miss unknown threats—thereby resulting in increased significant risk exposure. Scanning code line by line, SAST and DAST approaches also struggle to map out full visibility of the application attack surface—especially in the area of application programming interfaces (APIs).
Contrast Community Edition works by deploying an intelligent agent that instruments the application with smart sensors to analyze code in real-time from within the application.
You can hit the ground running with Contrast Community Edition—able to integrate AppSec directly into the modern DevOps tools you already use. Using the flexibility and extensibility of the Contrast DevOps-native AppSec Platform, you can deploy Community Edition onto your Platform-as-a-Service (PaaS) of choice, be the first to know about new vulnerabilities through chat tools, add security gates to continuous integration/continuous deployment (CI/CD) pipelines, track remediation through ticketing systems, and learn about remediation options in integrated development environments (IDEs) and code editors.
To make modern security available to all organizations, large or small, regardless of ability to pay, Contrast Security launched Community Edition in 2018, a free and full-strength application security platform that provides “always on” IAST, RASP, and SCA for Java applications and APIs.