Community edition (CE) for Java and .NET core

Challenges

• Problems are exposed late in the software development process, contributing to added costs and crunch-time testing.
• Workarounds can plague and mask gaps in enforcements. 
• Compromises of source code may be revealed, but not of components.
• False positives and false negatives are common with current static analysis tools.
• The number of serious vulnerabilities continues to increase at a rate that makes remediation nearly impossible, if teams continue to rely on traditional methods.

Solution

Contrast CE is a FREE and full-strength application security platform that provides “always on” IAST, RASP, and SCA for Java and .NET Core applications and APIs.

Contrast CE operates differently from traditional scanners and web application firewalls, since it works from the inside of a running application via a well known methodology called instrumentation. By instrumenting an application with passive sensors, you’re provided with more access to information about the application and its execution, delivering unprecedented levels of speed and accuracy in identifying vulnerabilities.

This embedded, scalable approach allows the sensors to integrate transparently into your build, testing and deployment processes, never disrupting you or your team. For example with Java applications, Contrast leverages the standard java.lang.instrumentation API to operate without any changes to source code or Java Virtual Machine. Security is woven in from the moment code is written and tested in development/QA all the way through to operations when it is deployed into production environments.

Differentiators

Contrast Community Edition delivers the power of Contrast Assess and Contrast Protect, and is used by all sizes of organization — from large global enterprises to one person development teams.

Integrate with tools within the SDLC

CE integrates in the bug tracking tools, Continuous Integration (CI) and Continuous Development (CD) frameworks, SIEMs, and IDEs to ensure security and remediation is possible across the environments you work in.

Protect against attacks

Powerful Runtime Application Self-Protection (RASP) prevents security bugs from being exploited in production. Our innovative security trace format pinpoints exactly where a vulnerability appears in the code, and how it works, providing remediation guidance that is easy to understand and implement.

Assess custom code

Instant and accurate Interactive Application Security Testing (IAST) finds security vulnerabilities in your custom code. DevOps teams can assess both custom code and open source libraries for security vulnerabilities and prevent vulnerabilities from being exploited in production applications.

Secure open source software

Continuous inventory and software composition analysis (SCA) ensures the security of open source software (OSS) libraries and frameworks. Third-party and custom code is automatically assessed for vulnerabilities and OSS license risk across all software development and delivery pipelines.

TeamServer management console

Features & capabilities

The Contrast CE solution is designed to help small teams building .NET or Java applications and APIs protect against a broad range of security flaws, including the Open Web Application Security Project (OWASP) top 10 vulnerabilities.

• Discover vulnerabilities in code as you write it. Receive line number accurate remediation instructions and remediate them without leaving your IDE.
• Map out open source libraries to identify key components and vulnerabilities across them.
• Protect against attacks and issue virtual patches in production without having to tangle with a WAF.
• CE doesn't require any changes to applications or the runtime environment, and no network configuration or learning mode is necessary.
• Once instrumented, applications will self-report the following about an attack: the attacker, the method of attack, which applications were attacked, frequency, volume, and level of compromise.
• Advanced workflow management.
• Zero-day attack protection.

Key integrations

All Contrast integrations such as Visual Studio IDE and Azure DevOps are free and compatible with Contrast CE. Developers and security teams can have application security visibility within the tools and processes that they already use today.