Contrast AST technology
The Contrast AST technology combines Static (SAST), Dynamic (DAST), and Interactive Application Security Testing (IAST) approaches to provide highly accurate and continuous information on security issues in your applications.
Contrast AST uses an agent that instruments applications with sensors. The sensors look at data flow in real time and analyze the application from within to help figure out vulnerabilities in:
Libraries, frameworks, and custom code
Configuration information
Runtime control and data flow
HTTP requests and responses
Back-end connections
This technology is appropriate for environments such as a test, QA, or staging servers. It is also applicable to developer workstations. When coupled with Contrast integrations, such as Visual Studio, developers can find and fix vulnerabilities without leaving their integrated development environment (IDE).
AST features
Once you configure the Contrast platform and onboard an agent,Northstar offers you these features:
A list of issues for your applications, along with remediation guidance.
Scores to gauge the security of an application at a glance.
A comprehensive view of risks in your application layer in Explorer.
AST customization
To customize AST for your needs, you have the option of configuring these types of policies:
Assess rules that you can enable or disable to fine tune the detection capabilities of Assess.
Security controls are methods in your code that make sure data is safe to use.
Configuration of allowlists and denylists.