How Contrast works

Contrast Security provides accurate, continuous, real-time application security for your application portfolio. Contrast works within each application to secure it across the entire development lifecycle with our principal products:

  • Assess accurately finds vulnerabilities and offers remediation guidance during development.

  • Protect automatically identifies attacks and prevents vulnerabilities from being exploited in production.

  • OSS offers unparalleled visibility into security risks and legal issues introduced by open source components.

Contrast uses agents to directly measure security from fully assembled and running applications. You can use Contrast to support your entire software development lifecycle from development to production. Developers can use Contrast during development to get instant and accurate feedback and check in secure code. During testing, whether manual, automated, or in a CI/CD pipeline, Contrast provides assurance that applications have been thoroughly security tested. And in production, Contrast can provide full visibility into attacks and even protect you from being exploited.

Contrast combines numerous data sources and a variety of analysis techniques including:

  • Runtime control flow and data flow (typically called IAST)

  • The code of the application or API (typically called SAST)

  • HTTP requests and responses (similar to DAST)

  • All libraries and frameworks in the application and how they are used (typically called SCA)

  • Configuration information

  • Backend connections

Because Contrast doesn't require any changes to the way that you build, test, or deploy your code, it is easy to integrate with a variety of software development processes. Essentially, Contrast transforms functional tests into security tests, so that you get security feedback every time you run tests. Unlike scanners, Contrast's results are delivered continuously and in real time, so that you don't slow down your pipeline.

No matter how you build software, whether traditional, Agile, or DevOps, you can use Contrast's integrations to ensure that all team members get accurate security feedback through the tools they are already using. This approach accelerates the software development process by encouraging security and development to work together effectively.

Tip

You can access Contrast Community Edition for free to try it out and see how it works.