Contrast Application
Security Platform

A unified foundation for modern application security

The Contrast Application Security Platform is designed to integrate with Agile and DevOps processes by operating within the application itself. Contrast leverages instrumentation to embed security within the application runtime that solves the challenges legacy application security tools present in modern software environments. This inside-out approach to application security removes the guesswork of outside-in application security tools, delivering the accuracy, efficiency, and scalability modern software demands.

Contrast accelerates DevOps by removing security bottlenecks from application development, reducing the noise of false positives, and scaling security wherever an application exists across its life span without specialized security training and staff. It also provides runtime observability of application code in production to protect both known and unknown vulnerabilities from being exploited.

The Contrast Application Security Platform is comprised of:

• Contrast Assess offers interactive application security testing (IAST) with elements from static application security testing (SAST) and dynamic application security testing (DAST) to automatically identify software vulnerabilities in real time while developers write code. Contrast Assess agents monitor code and report from inside the application—enabling developers to find and fix vulnerabilities without involving security experts and without specialized security expertise.
• Contrast OSS detects which open-source software components are called in the application runtime and prioritizes vulnerability remediation based on which libraries are actively being used. It also helps organizations avoid unnecessary security risks or legal problems due to open-source licensing complications. Contrast OSS provides critical versioning and usage information and triggers alerts when risks and policy violations are detected.
• Contrast Protect uses real-time analysis of application runtime events to confirm exploitability before taking action to block an attack. This accuracy virtually eliminates the problems associated with false-positive alerts. Contrast Protect continuously detects and prevents both known threats and zero-day attacks by leveraging multi-technique precision sensors and dynamic control over the runtime. It offers an instrumentation-based approach that simplifies security deployment and scalability.
• Contrast Scan utilizes a pipeline-native approach to static analysis application security testing (AST) that eliminates the inefficiencies that delay release cycles. It delivers the fastest, most accurate static scanner available today.
• Contrast Serverless Application Security delivers developer-friendly security testingthat is purpose-built for serverless application development environments.

Contrast customers report 25% of serious vulnerabilities remediated in one day and 75% in 16 days—as compared to 19 days and 292 days, respectively, for traditional SAST application security.¹

Key platform capabilities

The Contrast Application Security Platform continuously identifies application vulnerabilities in custom and open-source code—from left in development through release to production.

One deployment

The Contrast platform offers vulnerability testing as well as protection against attacks in production through a single deployment. It can therefore present a full-stack view of application risk posture. With a single integration point, the Contrast platform delivers true DevSecOps with software composition analysis (SCA), AST, and exploit prevention capabilities using instrumentation across the entire software development life cycle (SDLC).

DevSecOps control center

Only Contrast provides a true DevSecOps view of an application (or portfolio of applications) from development to production—including open-source components. Through instrumentation, the Contrast platform provides comprehensive visibility and control of software risk at every level—from a single application or microservice up to team, business unit, or even enterprise wide levels.

• Policy Assurance and Orchestration allows for enterprise wide reporting, assurance, and benchmarking of application security risk posture. It also helps security teams enforce consistent security policies across the enterprise, on a business unit, on a specific team, or across a portfolio of applications.
• Runtime Informed Risk Posture affords more accurate and effective vulnerability fixes, without correlating with other systems or requiring security expertise.

Zero-day defense

In production, Contrast monitors runtime data flows to detect the exact moment an attack reaches an application vulnerability. Then, before a breach can occur, it instantly blocks any exploitable runtime events without affecting the application. This includes unknown threats, new variants, and zero-day attacks that often slip past perimeter defenses (e.g., web application firewalls), directly exposing internal application stacks to exploitation.

Contrast’s runtime protection capabilities offer two critical benefits. First, it provides “air-cover” protection against 
a vulnerability in the application until a patch is released or developers can fix the issue. Second, it discovers and defends against open-source and zero-day exploits that do not have a patch or fix.

Security at the Speed of Devops

The Contrast platform aligns development and security efforts from design to production, applications new and old. It helps teams unblock the SDLC by finding true vulnerabilities in real time. It turns developers into security experts with developer-friendly “how-to-fix” guidance and prebuilt command-line interface (CLI) tools. It provides production air cover that allows organizations to ship securely, even with open vulnerabilities. And it defends against zero days and unpatched libraries with runtime protection.