Have a product question?


A Unified Foundation for Modern Application Security

The Contrast Application Security Platform is designed to integrate with Agile and DevOps processes by operating within the application itself. Contrast leverages instrumentation to embed security within the application runtime that solves the challenges legacy application security tools present in modern software environments. This inside-out approach to application security removes the guesswork of outside-in application security tools, delivering the accuracy, efficiency, and scalability modern software demands.

Contrast accelerates DevOps by removing security bottlenecks from application development, reducing the noise of false positives, and scaling security wherever an application exists across its life span without specialized security training and staff. It also provides runtime observability of application code in production to protect both known and unknown vulnerabilities from being exploited.

The Contrast Application Security Platform is comprised of:

  • Contrast Assess offers interactive application security testing (IAST) with elements from static application security testing
    (SAST) and dynamic application security testing (DAST) to automatically identify software vulnerabilities in real time while
    developers write code. Contrast Assess agents monitor code and report from inside the application—enabling developers to
    find and fix vulnerabilities without involving security experts and without specialized security expertise.

  • Contrast OSS detects which open-source software components are called in the application runtime and prioritizes
    vulnerability remediation based on which libraries are actively being used. It also helps organizations avoid unnecessary
    security risks or legal problems due to open-source licensing complications. Contrast OSS provides critical versioning and
    usage information and triggers alerts when risks and policy violations are detected.

  • Contrast Scan utilizes a pipeline-native approach to static analysis application security testing (AST) that eliminates the
    inefficiencies that delay release cycles. It delivers the fastest, most accurate static scanner available today.

  • Contrast Serverless Application Security delivers developer-friendly security testing that is purpose-built for serverless
    application development environments.

Key Platform Capabilities

The Contrast Application Security Platform continuously identifies application vulnerabilities in custom and open-source code—from left in development through release to production.

One Deployment

The Contrast platform offers vulnerability testing as well as protection against attacks in production through a single deployment. It can therefore present a full-stack view of application risk posture. With a single integration point, the Contrast platform delivers true DevSecOps with software composition analysis (SCA), AST, and exploit prevention capabilities using instrumentation across the entire software development life cycle (SDLC).

DevSecOps Control Center

Only Contrast provides a true DevSecOps view of an application (or portfolio of applications) from development to production—including open-source components. Through instrumentation, the Contrast platform provides comprehensive visibility and control of software risk at every level—from a single application or microservice up to team, business unit, or even enterprise-wide levels.
  • Policy Assurance and Orchestration allows for enterprise-wide reporting, assurance, and benchmarking of application security risk posture. It also helps security teams enforce consistent security policies across the enterprise, on a business unit, on a specific team, or across a portfolio of applications.
  • Runtime Informed Risk Posture affords more accurate and effective vulnerability fixes, without correlating with other systems or requiring security expertise.

Zero-Day Defense

In production, Contrast monitors runtime data flows to detect the exact moment an attack reaches an application vulnerability. Then, before a breach can occur, it instantly blocks any exploitable runtime events without affecting the application. This includes unknown threats, new variants, and zero-day attacks that often slip past perimeter defenses (e.g., web application firewalls), directly exposing internal application stacks to exploitation.

Contrast’s runtime protection capabilities offer two critical benefits. First, it provides “air-cover” protection against a vulnerability in the application until a patch is released or developers can fix the issue. Second, it discovers and defends against open-source and zero-day exploits that do not have a patch or fix.

Security at the Speed of DevOps

The Contrast platform aligns development and security efforts from design to production, applications new and old. It helps teams unblock the SDLC by finding true vulnerabilities in real time. It turns developers into security experts with developer-friendly “how-to-fix” guidance and prebuilt command-line interface (CLI) tools. It provides production air cover that allows organizations to ship securely, even with open vulnerabilities. And it defends against zero days and unpatched libraries with runtime protection.