Overview

Contrast’s integrated application security platform is used by the most progressive development and security teams to continuously defend their application portfolios throughout the entire software lifecycle. Contrast helps development teams ship secure code faster, protects applications from attacks, and provides visibility to unlock threat intelligence. No code changes or security experts are required to keep applications secure.

Multi-Layered Defenses

Contrast provides three layers of application security: Protection, Assessment and Visibility. All integrated to deliver continuous, automated and scalable defenses, woven into all the tools you already use.

Protection

Contrast provides unparalleled defense from within the application, viewing attacks the same way the application sees them. No network or code changes are required, and protection stays with the application wherever it is hosted.

Deploy automated runtime protection against known and unknown attacks. Out-of-the-box your applications and APIs will defend themselves against entire classes of attacks, like SQL Injection or XSS, and protect against zero-day exploits.
Leverage multi-technique detection and response with Runtime Exploit Prevention.
Focus on real threats with unparalleled detection efficacy allowing you to accurately discern legitimate traffic from attacks, and then distinguish between effective and ineffective attacks.
Use Virtual Patches to shrink the window of opportunity for hackers to reach newly discovered vulnerabilities until they can be properly patched.

Assessment

Contrast delivers the most accurate and comprehensive vulnerability analysis and remediation guidance. Contrast operates unobtrusively to automatically discover vulnerabilities in real-time across development, test, and production environments, without requiring scans, experts, access to source code, or process changes.

Fully automated Vulnerability Self- Assessment during general testing, eliminates the need for a separate security testing phase by delivering continuous security feedback that stays in the flow of development.
Insanely accurate vulnerability analysis, driven by patented Deep Security Instrumentation, means no more chasing your own tail with false positives. Deliver results developers can immediately act on without dependence on security experts.
Comprehensive assessment coverage, fusing together runtime data and control flow analysis with static, dynamic, configuration and full software composition analyses into one, lightweight capability. Analyzing your web applications and APIs across custom code and open source software, for both known and unknown vulnerabilities.
Automatic Software Architecture supports threat modeling and strategic security defenses.

Visibility

Contrast unlocks the intelligence hidden in applications to secure the entire application attack surface and give you the continuous visibility you need in order to know (not guess) what’s the current security posture across your portfolio.

Capture highly accurate Application Threat Intelligence and attack data.
Enable Custom Security Logging without modifying your application code to monitor user activity or indication of compromise.
Leverage Security Analytics using the Contrast TeamServer UI, or integrate directly into a SIEM. Contrast operates inside the application giving your SOC and IR teams full visibility into your apps.

Key Features

Deep Security Instrumentation

Contrast’s patented technology gives you a huge information advantage over any other tool and delivers unparalleled detection efficacy. Running along with your application, Contrast analyzes all code as it loads, including dynamically loaded code, all http requests and responses, the actual runtime data and code execution flow, all libraries and frameworks being used, your server configuration, software architecture backend connections and more. All this information is used in real-time to accurately identify vulnerabilities across your entire application stack and effectively prevent them from being exploited in-the-wild.

Centralized Control and Real-Time Reporting

One-platform, leveraging the same underlying technology, with accurate, consistent and real-time results and data, and transparency for development, security and operations. Security uses Contrast to set policies, gain continuous insight into risk and ensure compliance; development sees all the same data with enriched vulnerability remediation guidance in their IDE, defines custom security controls, tracks remediation progress in their bug tracking system, and gets notifications in their chatops tool of choice; operations sees real-time alerts and analytics into all apps and execs benefit from portfolio-wide reporting, benchmarking and risk trends.

Automated Inventory, Discovery and Awareness

Contrast automatically discovers all applications and components, including open source, deployed on enabled servers across your development, QA and production environments. It then builds and maintains a complete, searchable security-focused inventory, so you have increased visibility into your attack surface, know what’s deployed where, what’s in use and what needs to be secured. All done automatically and passively in the background, without disrupting your teams. Contrast also automatically alerts to the known (and unknown risks third-party libraries may bring with them, and provides critical versioning information. We then highlight what libraries are actually used by your applications to help you more effectively prioritize remediation efforts.

Lightweight Agent

Contrast uses modern agent-based technology to deploy sensors across all layers in your application, detect vulnerabilities, monitor and block attacks, and provide enhanced security logging for analytics, all without modifying your source code or impacting production performance. The Contrast Agent integrates transparently into your build, testing and deployment processes, and never, never disrupts you or your team.

SaaS or On-Premise Deployment, Enterprise-Class Scalability

Flexible deployment model allows you to leverage Contrast-as-a-service in our cloud, or host and administer Contrast on-premise for a completely private service. Regardless of how you consume it, Contrast transparently automates application security and easily scales out to support application portfolios of virtually any size.

DevOps-by-Design with Tight Integrations Across your SDLC

Your CI/CD pipelines require automated and continuous security that moves as fast as you do. Scriptable silent installers, automated updates, and a robust REST API, enable Contrast to deliver security that is continuous with development and moves seamlessly into production. Recognized in the industry as the best AST solution in automation & turnaround, Contrast fits into your existing workflows and integrates with all the tools you already use to code, build, test and deploy your software, so you can implement a complete DevSecOps pipeline that works.

How It All Works Together

Get started with Contrast in minutes. Simply add the Contrast agent to any application server and it starts working within minutes. The agent instruments the application, deploying sensors to identify vulnerabilities and monitor and block attacks with pinpoint accuracy. Agents report all data to the Contrast TeamServer, available either as a cloud service or deployed on-premise.

Contrast agents add security sensors INSIDE applications
Agents relay CONTINUOUS sensor data to the Contrast platform
In development and QA, sensors provide the most ACCURATE vulnerability assessment
In production, sensors provide visibility and ACCURATE attack defense in real time
CONTRAST SCALES across your ENTIRE application portfolio and stakeholders

YOU’VE ARRIVED AT THE ERA OF SELF-PROTECTING SOFTWARE