Assess

Contrast Assess is an application security testing tool that combines Static (SAST), Dynamic (DAST), and Interactive Application Security Testing (IAST) approaches to provide highly accurate and continuous information on security vulnerabilities in your applications.

This image shows the Assess workflow

Contrast Assess uses an agent that instruments applications with sensors. The sensors look at data flow in real time and analyze the application from within to help figure out vulnerabilities in:

  • Libraries, frameworks, and custom code

  • Configuration information

  • Runtime control and data flow

  • HTTP requests and responses

  • Back-end connections

Assess is appropriate for environments such as a test, QA, or staging servers. It is also applicable to developer workstations. When coupled with Contrast integrations, such as Visual Studio, developers can find and fix vulnerabilities without leaving their integrated development environment (IDE).

Features

Once you install and configure an agent and enable Assess, Contrast offers you these features:

Customization

To customize Assess for your needs, you have the option of configuring these types of policies:

  • Assess rules that you can enable or disable to fine tune the detection capabilities of Assess.

  • Security controls are methods in your code that make sure data is safe to use.