Skip to main content


Contrast agents are responsible for gathering security relevant data from an application, analyzing that data, and reporting findings to Contrast when necessary. In specific situations, a Contrast agent can also take actions within an application to prevent exploitation or enable a security defense.

A Contrast agent gathers security relevant information using a variety of security instrumentation techniques, including code scanning, library scanning, instrumenting an application, configuration file scanning, and other techniques. Any security instrumentation technique that gathers information is a sensor.

Sensors generate events that snapshot information directly from within an application. For example, a sensor might capture an incoming HTTP parameter, or the details of a SQL query being made to the database. Some sensors may also take action if necessary to help strengthen defenses or block malicious activity, typically by throwing a security exception that causes a vulnerability to be bypassed.

Events generated by sensors are all reported to the tracking and analysis part of the agent. Over time, the analysis engine receives events from all over the code of the application and builds them into traces. The analysis engine watches these traces for patterns of behavior that represent a violation of the Contrast rules.

For example, the analysis engine might see a data flow like this:

  • An incoming HTTP parameter event

  • Then another event shows that parameter being appended to a SQL query

  • Finally another event shows that query being sent to a database

If the analysis engine sees that data flow without the proper defenses (escaping or parameterization), it recognizes that trace to match the Contrast rule for SQL injection reports it to Contrast. The vast majority of the analysis is done locally in the agent, which enables Contrast's scalability and performance.

Use the agents that matches the language of the application you want to instrument:

  • Java instruments Java web applications and web APIs running on your container.

  • .NET Framework instruments .NET web applications and APIs running on IIS.

  • .NET Core instruments applications and APIs running in the .NET Core runtime.

  • Node.js instruments Node.js web applications and APIs.

  • PHP analyzes PHP web applications at runtime for library usage and vulnerability detection.

  • Python instruments Django, Flask and Pyramid web applications.

  • Ruby instruments Ruby on Rails web applications.

  • Go instruments Go web applications for library support and vulnerability reporting.


Contrast agents are supported for one year after release. Older agents may continue to function and remain compatible, but they are no longer fully supported.

Contrast applies bug fixes and develops new features on the latest version of the agent. Code changes are not backported to previous versions. While a workaround may be provided for a bug, to resolve issues, you should update to the release in which the issue was addressed.