Contrast Security, the code security platform built for developers and trusted by security, has successfully implemented Contrast Assess — Contrast’s leading Interactive Application Security Testing (IAST) solution — for NTT DATA, a trusted global innovator of IT and business services headquartered in Tokyo. Contrast Assess enabled the company to achieve secure code flow, accelerate digital transformation and unleash innovation velocity.
“NTT DATA has been analyzing trends in vulnerabilities detected during web application development. We checked whether the vulnerabilities from this analysis could be detected by Contrast Assess and also evaluated whether there were any false negatives or false positives using the OWASP Benchmark. As a result, we determined that Contrast Assess was able to detect high-risk vulnerabilities with a lower false positive rate than other tools, minimizing the need to respond to false positives,” said Satoshi Seimiya, Assistant Manager of the Information Security Office, Cyber Security Department, at NTT DATA.
Contrast Assess was able to demonstrate that it could meet NTT DATA’s non-functional requirements, as well as having an easy-to-use management console. The fact that NTT DATA’s cloud-native platform iQuattro® already had been using Contrast Assess was an additional reason for the company’s decision. As a result of Contrast Assess, NTT DATA was able to release applications with zero high-risk vulnerabilities. NTT DATA’s developers and security teams were also able to confirm high-risk vulnerabilities at an early stage and check that all detected high-risk vulnerabilities have been confirmed and addressed.
“We are thrilled to have worked with Contrast Security to implement Contrast Assess,” said Hiroaki Kamoda, Head of the Cybersecurity Department at NTT DATA Corp. “Since we started using Contrast Assess, we have been getting a good feeling that we are able to analyze in real time what kind of vulnerabilities are detected, how long it takes to fix them, and how much damage could be created if the vulnerabilities were left unfixed, depending on the timing of security tests and characteristics and scale of the project. By visualizing such data, we expect that NTT DATA as a whole will have a greater sense of urgency, which will lead to improvements in the level of secure development,” Kamoda said.
NTT DATA has also turned its attention to addressing vulnerabilities in the open-source libraries used in its applications. To tackle the issue, NTT DATA is working on supply-chain security, having begun evaluation of Contrast SCA in FY 2021.
“Contrast SCA allows us to verify whether or not a zero-day vulnerability has been identified in an OSS [Open-Source Software] library or component and whether or not the component is being used, as well as whether it can be affected or not. Since Contrast SCA also has a function to output a [Software Bill of Materials (SBOM)], we are currently evaluating whether we can utilize the SBOM in the software supply chain using Contrast SCA,” Seimiya said. In this way, the company is exploring ways to efficiently manage SBOMs and vulnerabilities while involving partners and customers.
“We are proud to have played a key role in helping NTT DATA find and fix in real -time the vulnerabilities that really matter in your code,” said Contrast Security Chief Revenue Officer Andy Vallila. “We remain committed to delivering world-leading code security solutions that help our customers get secure code moving.”
The official NTT DATA case study is available now. If you are looking for more information about Contrast Assess or the Contrast Secure Code Platform, please visit https://www.contrastsecurity.com/request-demo.