Announcing Contrast™ – A Revolutionary New Service that Illuminates Web Application Vulnerabilities from Within -- 'Finally, an application security technology that just works,' notes AppSec expert
Columbia, MD, Oct. 1, 2012 -- Today, Aspect Security announces the launch of Contrast™, a highly accurate and scalable SaaS solution to manage application security across an entire portfolio. Contrast is the first application security service that installs on application servers in less than five minutes and creates a real-time dashboard of intelligence and vulnerabilities. Anyone - even those with no previous security experience - can use Contrast to obtain an unprecedented level of clear, actionable security guidance.
Contrast is an IAST solution, integrating the best aspects of static application security testing (SAST) and dynamic application security testing (DAST) and applies them from inside the application server while it is running. This revolutionary innovation provides the Contrast engine with the most information possible, resulting in highly accurate findings across a broad coverage of vulnerabilities. Contrast also catalogs the application portfolio and automatically gathers information about each application's size, libraries, architecture, backend connections, sitemap, and test coverage.
"We love software, and it frustrates us to see criminals abuse it to do harm to others," said Jeff Williams, CEO of Aspect Security and a founding member of the Open Web Application Security Project (OWASP). "Application security technology doesn't work unless it's simple enough for anyone to use, is accurate enough so developers don't waste time, and is scalable across an entire application portfolio. As development and operations iterate faster and faster, application security challenges demand the use of instrumentation and real-time analysis like Contrast."
Patent-pending technology allows Contrast to instrument each application with a network of passive sensors that reveal both control and data flow through the code. While the application runs, Contrast pinpoints the exact location of security issues in the code, as well as the full HTTP request that caused that code to execute. The detailed traces include real data, enabling developers to identify the specific security problem and implement the necessary remediation with guidance from Contrast.
The Air Force Research Laboratory sponsored research for Contrast in hopes of finding scalable ways of making apps safer for government and civilian corporations world-wide. The research resulted in innovative, new performance approaches that make it possible to use Contrast in development, test and production environments.
"Organizations have very little insight into the security of the complex applications and components that they trust with the full control of their business," said Wayne Jackson, CEO of Sonatype. "I'm excited about the way Contrast creates visibility into security by examining what's actually happening within a running application. Contrast's approach to application security is simple to deploy, scales across the portfolio, and works with newer development approaches like Agile and DevOps."
"Aspect Security is committed to bringing application security to all of the world's software. Breaches don't happen only to flagship applications; attackers often target small internal applications that are less protected," said Williams. "To that end, we have priced Contrast to be affordable by small projects and entire portfolios, alike."
Starting today, anyone can use Contrast Intelligence Edition for free. To get started at no cost in just minutes, users can register www.contrastsecurity.com. Contrast Pro, Business and Enterprise editions are offered on a per-application-per-month basis, starting at just $199.
About Aspect Security
Founded in 2002, Aspect Security is a consulting firm focused exclusively on application security, ensuring that the software that drives business is protected against hackers. Aspect Security's engineers analyze, test and validate on average of 5,000,000 lines of critical application code every month. The company unearths more than 10,000 vulnerabilities every year across a wide range of technologies and architectures, and the company's practical recommendations dramatically improve clients' security posture.
CEO Jeff Williams is a founding member of the Open Web Application Security Project (OWASP), through which he has made vast industry contributions including: the OWASP Top Ten, Enterprise Security API (ESAPI), Application Security Verification Standard (ASVS), Risk Rating Methodology and WebGoat.
For more information, please visit www.aspectsecurity.com.