The value provided by the Contrast Security platform starts with gaining insights into your applications using a patented byte-code instrumentation technique. This instrumentation approach is accomplished by embedding a lightweight agent into your running applications.
By instrumenting applications, you gain unparelled visibility into the code execution, data flow, and behaviors of your apps, which provides intelligence into whether any vulnerabilities exist (in your custom or open source code) or if potential vulnerabilities may be impacted by exploit attempts.
You will be able to quickly uncover vulnerabilities and/or block exploits by:
The Contrast Agent can be download via:
In order to download the agent for your speciifc Contrast Security account using the API, you should define the following environment variables:
CONTRAST__ORG_ID=<Organization ID from “Your Account” in Team Server>;
CONTRAST__API_KEY=<API KEY from “Your Account” in Team Server>;
CONTRAST__AUTHORIZATION=<Authorization Header from “Your Account” in Team Server>;
CONTRAST__BASEURL=<Contrast URL from “Your Account” in Team Server>/api/ng/$CONTRAST__ORG_ID;
AGENT=<“node” or “java” or “dotnet”>
Then you can run the following curl commands to:
Download the agent itself
curl --max-time 30 $CONTRAST__BASEURL/agents/default/$AGENT -H API-Key:$CONTRAST__API_KEY -H Authorization:$CONTRAST__AUTHORIZATION -o <“node-contrast.tgz” or “contrast.jar” or “ContrastSetup.zip”>
Download the agent configuration YAML file
curl --max-time 30 $CONTRAST__BASEURL/agents/external/default/$AGENT -H Accept:text/yaml -H API-Key:$CONTRAST__API_KEY -H Authorization:$CONTRAST__AUTHORIZATION -o contrast_security.yaml