Contrast Security Assess has a really good UI and gives the details in more depth. It gives more information about web application vulnerabilities. If third-party libraries, JS files, and JAR files have any CVEs in them, the solution reports that and gives a grade from A to E. It gives good information about vulnerabilities. It does the secure source code review, and the vulnerability it reports gives the file name and the line numbers indicating the issue and where it is.
Director of Threat and Vulnerability Management at a consultancy with 10,001+ employees
MSP
2021-06-18T08:38:00Z
Jun 18, 2021
The primary use case is application security testing, where we try to identify vulnerabilities within applications developed by our company. Contrast a cloud-hosted solution. That's where most of the data and analysis takes place. It's also how most users interact with that data. Data is collected by agents that are deployed to servers within our environment. The agent component is internal to our organization, gathering data that is sent back to the cloud.
Senior Customer Success Manager at a tech company with 201-500 employees
Real User
2021-02-17T23:07:51Z
Feb 17, 2021
A good use case is a development team with an established DevOps process. The Assess product natively integrates into developer workflows to deliver immediate results. Highly accurate vulnerability findings are available at the same time as functional /regression testing results. There is no wait for time-consuming static scans. Assess works with several languages, including Java and .NET, which are common in enterprise environments, as well as Node.JS, Ruby and Python.
Technical Information Security Team Lead at Kaizen Gaming
Real User
2020-09-14T06:48:00Z
Sep 14, 2020
Up to this point, as an information security company, we had very limited visibility over the testing of the code. We have 25 Scrum teams working but we were only included in very specific projects where information security feedback was required and mandatory to be there. With the use of Contrast, including the evaluation we did, and the applications we have included in the system, we now have clear visibility of the code.
We've been using Contrast Security Assess for our applications that are under more of an Agile development methodology, those that need to deliver on faster timelines. The solution itself is inherently a cloud-based solution. The TeamServer aspect, the consolidated portal, is hosted by the vendor and we have the actual Assess agent deployed in our own application environments on-prem.
The product scans runtime and that is our main use case. We have deployed it for one application in our testing environment, and for the other one on in our Dev environment. Whatever routes are exercised with those environments are being scanned by Contrast.
Senior Security Architect at a tech services company with 5,001-10,000 employees
Real User
2020-06-07T09:09:00Z
Jun 7, 2020
We use the solution for application vulnerability scanning and pen-testing. We have a workflow where we use a Contrast agent and deploy it to apps from our development team. Contrast continuously monitors the apps. When any development team comes to us and asks, "Hey, can you take care of the Assess, run a pen test and do vulnerability scanning for our application?" We have a workflow and deploy a Contrast agent to their app. Because Contrast continuously monitors the app, when we have notifications from Contrast and they go to the developers who are responsible for fixing that piece of the code. As soon as they see a notification, and especially when it's a higher, critical one, they go back into Contrast, look at how to fix it, and make changes to their code. It's quite easy to then go back to Contrast and say, "Hey, just consider this as fixed and if you see it come back again, report it to us." Since Contrast continuously looks at the app, if the finding doesn't come back in the next two days, then we say, "Yeah, that's fixed." It's been working out well in our model so far. We have pre-production environments where dedicated developers look at it. We also have some of these solutions in production, so that way we can switch back. It's hosted in their cloud and we just use it to aggregate all of our vulnerabilities there.
Director of Innovation at a tech services company with 1-10 employees
Real User
2020-06-02T08:40:00Z
Jun 2, 2020
It is used primarily to help put a layer of security around some of our legacy applications that were built quite some time ago. It's also used to provide better quality assessments on the vulnerabilities of some of these applications, compared to some of the other tools that we've been using. We're using the SaaS platform.
Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside...
Contrast Security Assess has a really good UI and gives the details in more depth. It gives more information about web application vulnerabilities. If third-party libraries, JS files, and JAR files have any CVEs in them, the solution reports that and gives a grade from A to E. It gives good information about vulnerabilities. It does the secure source code review, and the vulnerability it reports gives the file name and the line numbers indicating the issue and where it is.
We use the tool to evaluate our customer-facing apps. We analyze the request, identify the weak parts of the code, and remediate them.
Assess handles our DST and ISD. Assess and Protect run on the same server and agents, but you activate different licenses for each component.
The primary use case is application security testing, where we try to identify vulnerabilities within applications developed by our company. Contrast a cloud-hosted solution. That's where most of the data and analysis takes place. It's also how most users interact with that data. Data is collected by agents that are deployed to servers within our environment. The agent component is internal to our organization, gathering data that is sent back to the cloud.
A good use case is a development team with an established DevOps process. The Assess product natively integrates into developer workflows to deliver immediate results. Highly accurate vulnerability findings are available at the same time as functional /regression testing results. There is no wait for time-consuming static scans. Assess works with several languages, including Java and .NET, which are common in enterprise environments, as well as Node.JS, Ruby and Python.
Up to this point, as an information security company, we had very limited visibility over the testing of the code. We have 25 Scrum teams working but we were only included in very specific projects where information security feedback was required and mandatory to be there. With the use of Contrast, including the evaluation we did, and the applications we have included in the system, we now have clear visibility of the code.
We've been using Contrast Security Assess for our applications that are under more of an Agile development methodology, those that need to deliver on faster timelines. The solution itself is inherently a cloud-based solution. The TeamServer aspect, the consolidated portal, is hosted by the vendor and we have the actual Assess agent deployed in our own application environments on-prem.
The product scans runtime and that is our main use case. We have deployed it for one application in our testing environment, and for the other one on in our Dev environment. Whatever routes are exercised with those environments are being scanned by Contrast.
We use the solution for application vulnerability scanning and pen-testing. We have a workflow where we use a Contrast agent and deploy it to apps from our development team. Contrast continuously monitors the apps. When any development team comes to us and asks, "Hey, can you take care of the Assess, run a pen test and do vulnerability scanning for our application?" We have a workflow and deploy a Contrast agent to their app. Because Contrast continuously monitors the app, when we have notifications from Contrast and they go to the developers who are responsible for fixing that piece of the code. As soon as they see a notification, and especially when it's a higher, critical one, they go back into Contrast, look at how to fix it, and make changes to their code. It's quite easy to then go back to Contrast and say, "Hey, just consider this as fixed and if you see it come back again, report it to us." Since Contrast continuously looks at the app, if the finding doesn't come back in the next two days, then we say, "Yeah, that's fixed." It's been working out well in our model so far. We have pre-production environments where dedicated developers look at it. We also have some of these solutions in production, so that way we can switch back. It's hosted in their cloud and we just use it to aggregate all of our vulnerabilities there.
It is used primarily to help put a layer of security around some of our legacy applications that were built quite some time ago. It's also used to provide better quality assessments on the vulnerabilities of some of these applications, compared to some of the other tools that we've been using. We're using the SaaS platform.