Announcing Contrast™ – A Revolutionary New Service that Illuminates Web Application Vulnerabilities from Within -- 'Finally, an application security technology that just works,' notes AppSec expert
Columbia, MD, Oct. 1, 2012 -- Today, Aspect Security announces the launch of Contrast™, a highly accurate and scalable SaaS solution to manage application security across an entire portfolio. Contrast is the first application security service that installs on application servers in less than five minutes and creates a real-time dashboard of intelligence and vulnerabilities. Anyone - even those with no previous security experience - can use Contrast to obtain an unprecedented level of clear, actionable security guidance.
Contrast is an IAST solution, integrating the best aspects of static application security testing (SAST) and dynamic application security testing (DAST) and applies them from inside the application server while it is running. This revolutionary innovation provides the Contrast engine with the most information possible, resulting in highly accurate findings across a broad coverage of vulnerabilities. Contrast also catalogs the application portfolio and automatically gathers information about each application's size, libraries, architecture, backend connections, sitemap, and test coverage.
"We love software, and it frustrates us to see criminals abuse it to do harm to others," said Jeff Williams, CEO of Aspect Security and a founding member of the Open Web Application Security Project (OWASP). "Application security technology doesn't work unless it's simple enough for anyone to use, is accurate enough so developers don't waste time, and is scalable across an entire application portfolio. As development and operations iterate faster and faster, application security challenges demand the use of instrumentation and real-time analysis like Contrast."
Patent-pending technology allows Contrast to instrument each application with a network of passive sensors that reveal both control and data flow through the code. While the application runs, Contrast pinpoints the exact location of security issues in the code, as well as the full HTTP request that caused that code to execute. The detailed traces include real data, enabling developers to identify the specific security problem and implement the necessary remediation with guidance from Contrast.
The Air Force Research Laboratory sponsored research for Contrast in hopes of finding scalable ways of making apps safer for government and civilian corporations world-wide. The research resulted in innovative, new performance approaches that make it possible to use Contrast in development, test and production environments.
"Organizations have very little insight into the security of the complex applications and components that they trust with the full control of their business," said Wayne Jackson, CEO of Sonatype. "I'm excited about the way Contrast creates visibility into security by examining what's actually happening within a running application. Contrast's approach to application security is simple to deploy, scales across the portfolio, and works with newer development approaches like Agile and DevOps." (continued...)