Director of Threat and Vulnerability Management at a consultancy with 10,001+ employees
MSP
2021-06-18T08:38:00Z
Jun 18, 2021
The solution is very accurate in identifying vulnerabilities. In cases where we are performing application assessment using Contrast Assess, and also using legacy application security testing tools, Contrast successfully identifies the same vulnerabilities that the other tools have identified but it also identifies significantly more. In addition, it has visibility into application components that other testing methodologies are unaware of.
Technical Information Security Team Lead at Kaizen Gaming
Real User
2020-09-14T06:48:00Z
Sep 14, 2020
In our most critical applications, we have a deep dive in the code evaluation, which was something we usually did with periodic vulnerability assessments, code reviews, etc. Now, we have real time access to it. It's something that has greatly enhanced our code's quality. We have actually embedded a KPI in regards to the improvement of our code shell. For example, Contrast provides a baseline where libraries and the usability of the code are evaluated, and they produce a score. We always aim to improve that score. On a quarterly basis, we have added this to our KPIs.
The most valuable feature is the continuous monitoring aspect: the fact that we don't have to wait for scans to complete for the tool to identify vulnerabilities. They're automatically identified through developers' business-as-usual processes.
No other tool does the runtime scanning like Contrast does. Other static analysis tools do static scanning, but Contrast is runtime analysis, when the routes are exercised. That's when the scan happens. This is a tool that has a very unique capability compared to other tools. That's what I like most about Contrast, that it's runtime.
Senior Security Architect at a tech services company with 5,001-10,000 employees
Real User
2020-06-07T09:09:00Z
Jun 7, 2020
We use the Contrast OSS feature that allows us to look at third-party, open-source software libraries, because it has a cool interface where you can look at all the different libraries. It has some really cool additional features where it gives us how many instances in which something has been used... It tells us it has been used 10 times out of 20 workloads, for example. Then we know for sure that OSS is being used.
Director of Innovation at a tech services company with 1-10 employees
Real User
2020-06-02T08:40:00Z
Jun 2, 2020
The accuracy of the solution in identifying vulnerabilities is better than any other product we've used, far and away. In our internal comparisons among different tools, Contrast consistently finds more impactful vulnerabilities, and also identifies vulnerabilities that are nearly guaranteed to be there, meaning that the chance of false positives is very low.
What I find most valuable is the fact that we can install the agents onto the web server and then it does the automatic scanning. Every day when I come in, I log into Contrast and I can see the agent reports, real-time, on the vulnerabilities. I can see my list of security vulnerabilities that are immediately reported on a daily basis.
Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside...
When we access the application, it continuously monitors and detects vulnerabilities.
I am impressed with the product's identification of alerts and vulnerabilities.
Assess has an excellent API interface to pull APIs.
The solution is very accurate in identifying vulnerabilities. In cases where we are performing application assessment using Contrast Assess, and also using legacy application security testing tools, Contrast successfully identifies the same vulnerabilities that the other tools have identified but it also identifies significantly more. In addition, it has visibility into application components that other testing methodologies are unaware of.
By far, the thing that was able to provide value was the immediate response while testing ahead of release, in real-time.
In our most critical applications, we have a deep dive in the code evaluation, which was something we usually did with periodic vulnerability assessments, code reviews, etc. Now, we have real time access to it. It's something that has greatly enhanced our code's quality. We have actually embedded a KPI in regards to the improvement of our code shell. For example, Contrast provides a baseline where libraries and the usability of the code are evaluated, and they produce a score. We always aim to improve that score. On a quarterly basis, we have added this to our KPIs.
The most valuable feature is the continuous monitoring aspect: the fact that we don't have to wait for scans to complete for the tool to identify vulnerabilities. They're automatically identified through developers' business-as-usual processes.
No other tool does the runtime scanning like Contrast does. Other static analysis tools do static scanning, but Contrast is runtime analysis, when the routes are exercised. That's when the scan happens. This is a tool that has a very unique capability compared to other tools. That's what I like most about Contrast, that it's runtime.
We use the Contrast OSS feature that allows us to look at third-party, open-source software libraries, because it has a cool interface where you can look at all the different libraries. It has some really cool additional features where it gives us how many instances in which something has been used... It tells us it has been used 10 times out of 20 workloads, for example. Then we know for sure that OSS is being used.
The accuracy of the solution in identifying vulnerabilities is better than any other product we've used, far and away. In our internal comparisons among different tools, Contrast consistently finds more impactful vulnerabilities, and also identifies vulnerabilities that are nearly guaranteed to be there, meaning that the chance of false positives is very low.
What I find most valuable is the fact that we can install the agents onto the web server and then it does the automatic scanning. Every day when I come in, I log into Contrast and I can see the agent reports, real-time, on the vulnerabilities. I can see my list of security vulnerabilities that are immediately reported on a daily basis.