Assess
Contrast Assess is an application security testing tool that combines Static (SAST), Dynamic (DAST), and Interactive Application Security Testing (IAST) approaches to provide highly accurate and continuous information on security vulnerabilities in your applications.
Contrast Assess uses an agent that instruments applications with sensors. The sensors look at data flow in real time and analyze the application from within to help figure out vulnerabilities in:
Libraries, frameworks, and custom code
Configuration information
Runtime control and data flow
HTTP requests and responses
Back-end connections
Assess is appropriate for environments such as a test, QA, or staging servers. It is also applicable to developer workstations. When coupled with Contrast integrations, such as Visual Studio, developers can find and fix vulnerabilities without leaving their integrated development environment (IDE).
Features
Once you install and configure an agent and enable Assess, Contrast offers you these features:
A list of vulnerabilities in the application, along with remediation guidance.
Application scores to gauge the security of an application at a glance.
Route coverage that detects possible routes by associating vulnerabilities with the originating web request.
Flow maps that provide insight into the architecture of the running application.
Customization
To customize Assess for your needs, you have the option of configuring these types of policies:
Assess rules that you can enable or disable to fine tune the detection capabilities of Assess.
Security controls are methods in your code that make sure data is safe to use.