The Contrast .NET agent analyzes the behavior of .NET web applications as users interact with these applications.
To start analyzing an application, download the .NET agent installer from the Contrast interface and run this installer on the server where the web application is deployed. You can then point your browser to the web application and use it as you normally would: click on links, submit forms using normal data, etc. The .NET agent's sensors will gather information about the application's security, architecture and libraries. The results of the agent's analysis can be viewed in the Contrast interface.
The Contrast .NET agent for Azure App Service is a fully featured version of the .NET agent. It analyzes the behavior of .NET web applications as users interact with their Azure App Service applications.
There are two ways to install the .NET agent for Azure App Service:
Before installing the .NET agent, confirm that you can meet the following requirements:
The server must have .NET Framework 4.5.1 installed; however, this requirement doesn't extend to applications that need to be analyzed. The .NET agent can analyze web applications that run on supported Common Language Runtimes (CLRs): CLR 2 (.NET 3.5) and CLR 4 (.NET 4.0+).
The .NET agent roughly doubles the RAM requirements of analyzed applications. Applications should use less than half of the available memory when the .NET agent is not installed.
The .NET agent uses the CLR Profiling API to perform data and code flow analysis - detect SQL-injection, XSS, weak cryptography, etc. - as well as to detect libraries and technologies used by analyzed applications. The Contrast agent can now exist alongside other .NET Profiler agents, such as performance or APM tools with the
agent.dotnet.enable_chainingconfiguration setting enabled.
The Contrast .NET agent supports analysis of web applications built on the following technologies.
|.NET Framework||3.5, 4.0, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2|
|Processor Architecture||The agent can be installed on both 32-bit and 64-bit systems. On 64-bit systems, you can use the agent to analyze both 32-bit and 64-bit web applications.|
|Web Application Frameworks||While Contrast has built explicit tests against only the frameworks listed below, Contrast may still be able to analyze your application, if its framework simply wraps the typical ASP.NET classes (e.g.,
- The Mono runtime isn't supported because Mono doesn't have a Profiler API. The Profiler API is an interface based on a Component Object Model (COM), and isn't supported on Linux.
- The Classic ASP language isn't supported because Classic ASP applications don't run on the .NET runtime.
The .NET agent for Azure App Service supports analysis of web applications built on the following technologies.
|.NET Framework||Your application must be set to use CLR4. Any application that can run on this version is supported. (.NET 4.7.2 is deployed currently on Azure. Version 3.5 isn't supported.)|
|Processor Architecture||Both 32-bit and 64-bit applications are supported.|
|Web Application Frameworks||All of the frameworks supported by the Windows agent are analyzed on Azure.|
Note: Only applications using the full .NET Framework are currently supported. Contrast plans to add support for .NET Core applications in the future.