Contrast believes that in order to meet the market need, a new, fully automated and breathtakingly accurate approach is required – one that performs at DevOps speed and enterprise scale. To effectively protect software applications, continuous security must go along with continuous integration, delivery and deployment to provide up-to-the-minute analysis of web application vulnerabilities.
The reality is that most legacy approaches to application security require multiple products and an army of application security experts. With Contrast Assess, developers can finally instantly discover and secure their own vulnerabilities without requiring security experts or having to wait hours or days for a security testing scan to complete.
Contrast Assess: Why It Works
Contrast Assess uses deep security instrumentation to analyze code in real time from within the application. Contrast produces accurate results, continuously, which is ideal for DevOps style environments, transparent to developers and security specialists, and does not require training or experts. Contrast works everywhere software is developed and run: on-premises, in the cloud and containers, and even elastic and hybrid environments.
Contrast Assess covers more code, produces more accurate results and verifies a broader range of security rules than either Static Application Security Testing (SAST) or Dynamic Application Security Testing (DAST) tools. In fact, Contrast Assess delivers all the analysis capabilities and benefits of IAST (Interactive Application Security Testing), SAST, DAST, SCA (Software Composition Analysis) and more, combined into a single, integrated and continuous application security platform.
Contrast Assess and Protect: A Complete Application Security Solution
Application Security Testing is only part of a complete solution. The Contrast platform also includes Contrast Protect, our Runtime Application Self-Protection (RASP) solution which delivers attack monitoring and blocking, CVE Shields, bot blocking and zero-touch application security log enhancement. Contrast Protect leverages the same powerful instrumentation platform as the revolutionary Assess product, providing incredibly fast, accurate, and scalable protection for the application layer. Contrast also provides a comprehensive set of application security APIs that enable automation and orchestration of continuous application security across the entire SDL.
Contrast is the only solution that provides both application security testing and protection in a single integrated product. The Contrast platform ensures application security from the first line of code written all the way through production and operations.
The Contrast Vision
Contrast's vision is one where application security testing products are accurate, continuous and scalable, therefore dramatically reducing the need for software security expertise. This enables organizations to:
- Focus on their business
- Innovate faster
- Sleep at night
"We are confident that no other vendor has the right market vision, and that no other product – IAST or otherwise – embodies this vision like Contrast does," said Jeff Williams, CTO and cofounder of Contrast Security. "Our Assess solution straddles the definitions of all application security testing and analysis tools – IAST, SAST, DAST, SCA – combining the best elements of each technique, while minimizing the weakness inherent in each individual approach. As a result, our customers get the most accurate results, at the speed of today's modern development environments."
Continuing Issues with Application Security
Despite the fact that the vulnerabilities in the OWASP Top Ten have been documented for over a decade, they are still a major problem. Data recently collected by Contrast Labs from the Contrast Security platform found that there were an average of 45 vulnerabilities per application. The most common vulnerability was sensitive data exposure, which plagues 69 percent of web applications.
"With such strong awareness of web application vulnerabilities, it's disheartening to see that they are still happening with such frequency," said Williams. "Insecure code has become the leading security risk for business today. Our data further demonstrates the need for disruption and reinvention in application security, with solutions that can keep pace with new development methodologies and increased application complexity."
A full copy of the Gartner AST MQ can be downloaded here.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose
About Contrast Security
Contrast Security is the world's leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production. More information can be found at www.contrastsecurity.com or by following Contrast on Twitter at @ContrastSec.
For more information:
SHIFT Communications for Contrast Security
To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/contrast-security-named-the-only-visionary-in-gartner-2017-magic-quadrant-for-application-security-testing-300417201.html
SOURCE Contrast Security