Purpose-Built AppSec Integration With Microsoft Azure

Executive summary

Microsoft Azure is a fast, flexible, and ever-expanding set of cloud computing services. The Azure platform provides organizations the freedom to rapidly build, deploy, and manage complex applications on a massive, global network with ease. However, given the speed of application development, security isn’t always integrated into the application development process.

For this reason, Contrast Security and Microsoft formed a strategic alliance that pairs telemetry and intelligence from the Contrast Application Security Platform with security data and threat alerts from Microsoft’s global ecosystem. The partnership helps developers accelerate the creation of secure applications running in Microsoft Azure. As a result, developers working in Microsoft Azure can seamlessly find and fix application vulnerabilities. This approach makes it possible to improve the security of software code and better manage cyber risk.

A need to integrate security into the DevOps process

As DevOps continues to gain traction for rapid development and delivery of cloud-based applications, legacy software security tools have not kept pace and are often viewed as a roadblock to rapid application development.

The strategic alliance between Contrast Security and Microsoft Azure enables organizations to focus on continuous application security for Agile and DevOps environments (DevSecOps). Contrast offers the industry’s only application security platform that uses instrumentation to analyze and protect software from within the application during runtime—from development through production. Further, Contrast is one of the first companies to enable enterprise-grade application security that is both easy to deploy and use in the cloud. When Contrast is combined with Azure, development teams have security observability across the entire Azure cloud, as well as the entire software development life cycle (SDLC).

Contrast Security and Azure: Redefining DevOps with Security

• Security woven throughout SDLC
• Detailed threat telemetry and intelligence
• Secure DevOps kits for Microsoft Azure

Purpose-Built DevSecOps for Microsoft Azure

The alliance between Contrast and Microsoft redefines the DevOps workflow with security. Prebuilt integrations between Contrast’s platform and Microsoft Azure give developers confidence in the completeness of their security assessment, improved visibility of the attack surface, and automatic verification and remediation of vulnerabilities. Contrast’s purpose-built DevSecOps solution for Azure includes the following:

Integrate vulnerability assessment inside azure tools

Developers need a way to assess and discover vulnerabilities in the application quickly and accurately. Contrast Security’s vulnerability assessment can display results inside Microsoft Visual Studio Code, Visual Studio, and Visual Studio for Mac integrated development environments (IDEs). These plug-in integrations offer developers a vulnerability and remediation solution that is integrated into tools with which they are already very familiar. Since the integration lists application vulnerabilities directly in the development environment, developers can identify and remediate issues much faster.

Manage vulnerabilities like any other software bug

Security is often viewed as an obstacle to developer productivity since it requires development teams to spend more time managing code and fixing vulnerabilities. Contrast’s two-way bug tracker integration with Azure Boards within Azure DevOps Services (formerly Visual Studio Team Services [VSTS]) and Azure DevOps Server (formerly Visual Studio Team Foundation Server [TFS]) allows developers to manage vulnerabilities like any other bug using a single-issue tracking tool. Integrations into Azure Boards serve as bug tracking systems, giving developers independent route intelligence that illustrates data flows  and provides them with the discovery, visibility, and verification of vulnerabilities.

Contrast Security Integrations with Microsoft Azure:

• Microsoft Visual Studio Code
• Microsoft Visual Studio IDE
• Microsoft Visual Studio for Mac IDE
• Microsoft Azure DevOps Services (Boards + Pipelines)
• Microsoft Teams
• Microsoft Azure Web
  App Services
• Microsoft Security Graph API (MISA)
• Microsoft Application Insights

Secure the setup of a continuous CI/CD pipeline to azure

Developers looking to save time and simplify the setup of an entire continuous integration/ continuous deployment (CI/CD) pipeline are turning to Azure DevOps Pipelines. They are designed to build code in popular languages, test them, and then deliver them to your choice of endpoint. When integrated with the Azure DevOps Pipelines extension, Contrast delivers security testing and vulnerability thresholds directly in the build phase. As a result, application security testing works in tandem with all other testing workflows (unit, functional, regression). Developers can add vulnerability thresholds that identify exactly where the vulnerability occurred in the task.

Send notifications and alerts via Microsoft teams

Microsoft’s collaboration platform, Microsoft Teams, is a highly productive tool. Within Microsoft Teams, Contrast can send notifications and alerts about any vulnerable areas that need to be identified. All of Contrast Security’s real-time vulnerability and attack data is fed through Microsoft Teams. If a vulnerability is discovered, a notification is sent and a support ticket is created and assigned to the developer.

Build, run, and deploy secure web applications

Traditionally, web applications have encountered a high amount of attacks. Contrast allows developers to build, run, and deploy secure applications into Microsoft Azure App Services Web Apps, a Platform-as-a-Service (PaaS) solution. This is used when deploying Contrast at scale within Azure. Any workload that is put into a runtime environment includes a Contrast Security agent that is associated with it. The agent works alongside the Microsoft Application Insights agent as well, allowing for a seamless deployment across the SDLC. As a result, the workload is secure, whether the code is custom written or comprised of open-source components.

Unlock security intelligence from the application layer

Enterprises constantly seek to streamline security operations and improve threat detection and remediation. In response, Contrast integrates with the Microsoft Graph Security API to unlock relevant security intelligence from inside the application layer to manage overall cyber risk. The Microsoft Graph Security API allows developers to build and integrate solutions that correlate security alerts, provide context, and automate vulnerability identification and remediation verification. This integration essentially allows Contrast to be a data provider, feeding application attack insights and telemetry directly into the application programming interface (API). As a part of the Microsoft Intelligent Security Association (MISA), Contrast ensures more successful integrations with Azure Security Graph API.

Contrast and Microsoft partnership

As a highly valued Microsoft partner, Contrast is included in the following Azure affiliations:

• Microsoft’s venture arm is an investor in Contrast
• Microsoft is an integration partner of Contrast
• Contrast is a Gold Partner with the Microsoft Partner Network System
• Contrast is a Visual Studio Partner Program member
• Contrast is a Microsoft Intelligent Security Association (MISA) member

Contrast Security core value props

Continuous: Get instant feedback to developers with no extra steps (shift left, commit clean code, reduce cost)

Accurate: Eliminate the need for security experts in the critical path (increased speed and reduced cost)

Automated: Integrate with familiar SDLC tools (easy to drive adoption and build culture)

Scalable: Run in parallel across the entire portfolio (secure any application or API anywhere)