Instrument an application

For Assess and Protect to work, you need to instrument your applications by installing language-specific agents in your application code.

Instrumenting inserts Contrast code in the application’s existing methods across custom code and libraries. These sensors are hooked in based on the locations where data enters and leaves the application. This creates real-time visibility into any data that flows through the application and allows it to detect security flaws or vulnerabilities in this code path and report them to the interface.

To instrument an application:

  1. Identify the application server you want Contrast to analyze. It can be any of these:

    • Developer's local application server running in the integrated development environment (IDE)

    • Continuous integration application server that's used during the automated testing process

    • Application test server

    • Application staging server

    • Embedded server in an appliance

    • Application server running in a virtual machine

    • Remote application server running in the cloud

    • Production application server


    Installing on a server earlier in the software development lifecycle will catch issues earlier on.

  2. Install and configure the agent that corresponds to your application language (Java, Ruby, Node.js, .NET Framework, .NET Core, Python, Go (beta)).

  3. Exercise your application: use it as you normally would in your browser, click on links, submit forms using normal data, etc. The agent sensors gather information about the application’s security, architecture and libraries.