Have a product question?
A Unified Foundation for Modern Application Security
The Contrast Application Security Platform is designed to integrate with Agile and DevOps processes by operating within the application itself. Contrast leverages instrumentation to embed security within the application runtime that solves the challenges legacy application security tools present in modern software environments. This inside-out approach to application security removes the guesswork of outside-in application security tools, delivering the accuracy, efficiency, and scalability modern software demands.
Contrast accelerates DevOps by removing security bottlenecks from application development, reducing the noise of false positives, and scaling security wherever an application exists across its life span without specialized security training and staff. It also provides runtime observability of application code in production to protect both known and unknown vulnerabilities from being exploited.
The Contrast Application Security Platform is comprised of:
- Contrast Assess offers interactive application security testing (IAST) with elements from static application security testing
(SAST) and dynamic application security testing (DAST) to automatically identify software vulnerabilities in real time while
developers write code. Contrast Assess agents monitor code and report from inside the application—enabling developers to
find and fix vulnerabilities without involving security experts and without specialized security expertise.
- Contrast OSS detects which open-source software components are called in the application runtime and prioritizes
vulnerability remediation based on which libraries are actively being used. It also helps organizations avoid unnecessary
security risks or legal problems due to open-source licensing complications. Contrast OSS provides critical versioning and
usage information and triggers alerts when risks and policy violations are detected.
- Contrast Scan utilizes a pipeline-native approach to static analysis application security testing (AST) that eliminates the
inefficiencies that delay release cycles. It delivers the fastest, most accurate static scanner available today.
- Contrast Serverless Application Security delivers developer-friendly security testing that is purpose-built for serverless
application development environments.
Key Platform Capabilities
The Contrast Application Security Platform continuously identifies application vulnerabilities in custom and open-source code—from left in development through release to production.
The Contrast platform offers vulnerability testing as well as protection against attacks in production through a single deployment. It can therefore present a full-stack view of application risk posture. With a single integration point, the Contrast platform delivers true DevSecOps with software composition analysis (SCA), AST, and exploit prevention capabilities using instrumentation across the entire software development life cycle (SDLC).
DevSecOps Control Center
- Policy Assurance and Orchestration allows for enterprise-wide reporting, assurance, and benchmarking of application security risk posture. It also helps security teams enforce consistent security policies across the enterprise, on a business unit, on a specific team, or across a portfolio of applications.
- Runtime Informed Risk Posture affords more accurate and effective vulnerability fixes, without correlating with other systems or requiring security expertise.
Contrast’s runtime protection capabilities offer two critical benefits. First, it provides “air-cover” protection against a vulnerability in the application until a patch is released or developers can fix the issue. Second, it discovers and defends against open-source and zero-day exploits that do not have a patch or fix.
Security at the Speed of DevOps
The Contrast platform aligns development and security efforts from design to production, applications new and old. It helps teams unblock the SDLC by finding true vulnerabilities in real time. It turns developers into security experts with developer-friendly “how-to-fix” guidance and prebuilt command-line interface (CLI) tools. It provides production air cover that allows organizations to ship securely, even with open vulnerabilities. And it defends against zero days and unpatched libraries with runtime protection.