How Contrast works

Contrast Security provides accurate, continuous, real-time application security for your application portfolio. Contrast works within each application to secure it across the entire development lifecycle with our principal products:

  • Assess accurately finds vulnerabilities and offers remediation guidance during development.

  • Protect automatically identifies attacks and prevents vulnerabilities from being exploited in production.

  • OSS offers unparalleled visibility into security risks and legal issues introduced by open-source components.

Contrast uses agents to directly measure security from fully assembled and running applications. Install and configure an agent to get started.

You can use Contrast to support your entire software development lifecycle from development to production. Developers can use Contrast during development to get instant and accurate feedback and check in secure code. During testing, whether manual, automated, or in a CI/CD pipeline, Contrast provides assurance that applications have been thoroughly security tested. And in production, Contrast can provide full visibility into attacks and even protect you from being exploited.

Contrast combines numerous data sources and a variety of analysis techniques including:

  • Runtime control flow and data flow (IAST)

  • Application code or APIs (SAST)

  • HTTP requests and responses (similar to DAST)

  • All libraries and frameworks in the application and how they are used (SCA)

  • Configuration information

  • Backend connections

Because Contrast doesn't require any changes to the way that you build, test, or deploy your code, it is easy to integrate with a variety of software development processes. Essentially, Contrast transforms functional tests into security tests, so that you get security feedback every time you run tests. Unlike scanners, Contrast's results are delivered continuously and in real time, so that you don't slow down your pipeline.

Contrast works with several different integrations to provide accurate security feedback with tools you are already using. This approach accelerates the software development process by encouraging security and development to work together effectively.


You can access Contrast Community Edition for free to try it out and see how it works.