It’s enough to make your eyes cross: Floods of vulnerabilities pour in from disparate sources and tools.
Can’t there be one, single platform that helps you identify vulnerabilities and tells you what and how to remediate them? That’s what Snap Finance is looking for in a security tool, says Kiran Sharma, senior privacy program manager and security program manager.
Thankfully there is, in fact, one, single platform to do all that.
Sharma met up with Contrast Security at the April 2023 RSA Security Conference to chat about how he’s finally stopped the madness of tool proliferation with Contrast technology — specifically, with the use of Contrast Assess, Contrast SCA, and Contrast Scan. To hear what Snap loves about Contrast from Sharma himself, check out the video from RSA. For some of the highlights from our RSA chat, read on.
Finally, some security tool sanity
Sharma said that what Snap loves about Contrast technology is getting, all in one package, everything the company would otherwise have to stitch together from a bunch of disparate security tools. That means Contrast SCA, a tool that enables businesses to protect their software supply chain by identifying real threats from third-party components across the entire Software Development Life Cycle (SDLC) — from code, through test, to production.
Then too, there’s Contrast Scan, a Static Application Security Testing (SAST) tool built from the ground up to make security testing as routine as a code commit while focusing on the most imperative vulnerabilities to deliver fast, accurate and actionable results. Assess, Contrast’s IAST tool, also provides Snap with the feature of a Dynamic Application Security Testing (DAST) tool, he said.
“We can completely [avoid having to buy] another tool,” Sharma said. “And at the same time, IAST also provides us with the [cloud] coverage and the flow map for that application, [from] which we can understand what are the other areas that that application is connecting to, and what we should concentrate on.”
A welcome respite from the deluge of legacy tools
Sharma noted that some of the legacy tools he’s used in the past were suitable for one, narrow area of Application Security (AppSec). It’s been a relief for Snap to move to Contrast, he said, where he and his team have been able to combine multiple areas of AppSec into a single platform, including source code analysis, static code analysis and dynamic AppSec testing.
“That provides us the ability to kind of concentrate on the highest, or the critical vulnerabilities that we need to work on,” he said. “That helps us a lot, because it becomes a single platform for our development teams to look at and work with.”
To check out the chat from RSA, you can watch the video here.