Contrast Assess is an innovative, automated application security testing solution that infuses software with vulnerability assessment capabilities so that security flaws are automatically identified. Leveraging a well-known industry methodology known as deep security instrumentation, Contrast Assess operates unobtrusively during development and testing of web applications or APIs. This passive approach to security testing eliminates the need for time-wasting and ineffective static security scans. Contrast Assess provides continuous vulnerability assessment that integrates seamlessly with existing software development life cycle (SDLC) processes scaling across the entire application portfolio.
Our unique approach to modern application security produces the real-time intelligence and continuous visibility necessary to detect and remediate vulnerabilities with virtually no false positives or false negatives.
Contrast Assess is purpose-built from the ground up to work interactively with developers as they write and test web applications and APIs. DevOps teams can use Contrast with their standard messaging and build tools, automated provisioning systems and containers such as Slack, Maven, and Docker to discover and report on vulnerabilities within an application. Contrast Assess automatically provides security analysis during automated tests and can be integrated with a CI/CD automation server, such as Jenkins, to fail a build that has excessive vulnerabilities.
Contrast Assess uses deep security instrumentation to produce accurate vulnerability analysis. Development, QA, and Security teams get real-time results as they develop and test software, enabling them to find and fix security flaws early in the SDLC when they are easiest and cheapest to remediate.
Unlike legacy application security testing tools, Contrast Assess produces accurate results that developers can immediately act upon. This is due to the automation and visibility Contrast Assess has into the application and its runtime environment. It fuses together the most effective elements of IAST, SAST, and DAST application security testing approaches, with configuration and open-source security analyses, and delivers them directly into applications.
Contrast Assess scales, since it instruments application security into each application, delivering and distributing vulnerability assessment across an entire application portfolio. Every running application continuously produces results in parallel.
Contrast provides extensive coverage over the most common application security risks, including the OWASP Top Ten.
Contrast’s innovative security trace format pinpoints exactly where a vulnerability appears in the code, and how it works. Contrast “speaks the developer’s language,” providing remediation guidance that is easy to understand and implement.
Like icebergs, 80% of the code in modern applications is “beneath the surface,” lurking in libraries, frameworks, and other components. Applications often have 50 or more of these libraries, comprising millions of lines of potentially vulnerable code.
Though it may appear simple, application inventory may be the hardest problem to solve for application security teams. Organizations may have hundreds or thousands of applications, Microservices, APIs – each with multiple instances of different versions installed across development and QA – and they’re all constantly changing. Contrast tracks and continuously feeds information about internal and external web services, and their relationships across an application into a unified security inventory and bill of materials that’s always up-to-date.
Contrast automatically generates simple diagrams that illustrate the application’s major architectural components. This information helps the developer quickly identify the meaning of a vulnerability.