Contrast Assess offers interactive application security testing (IAST) with elements from static application security testing (SAST) and dynamic application security testing (DAST) to automatically identify software vulnerabilities in real time while developers write code. Contrast Assess agents monitor code and report from inside the application—enabling developers to find and fix vulnerabilities without involving security experts and without specialized security expertise.
Contrast Protect uses real-time analysis of application runtime events to confirm exploitability before taking action to block an attack. This accuracy virtually eliminates the problems associated with false-positive alerts. Contrast Protect continuously detects and prevents both known threats and zero-day attacks by leveraging multi-technique precision sensors and dynamic control over the runtime. It offers an instrumentation-based approach that simplifies security deployment and scalability.
Contrast SCA detects which open-source software components are called in the application runtime and prioritizes vulnerability remediation based on which libraries are actively being used. It also helps organizations avoid unnecessary security risks or legal problems due to open-source licensing complications. Contrast SCA provides critical versioning and usage information and triggers alerts when risks and policy violations are detected.
Contrast Scan utilizes a pipeline-native approach to static analysis application security testing (AST) that eliminates the inefficiencies that delay release cycles. It delivers the fastest, most accurate static scanner available today.
Contrast Serverless Application Security delivers developer-friendly security testing that is purpose-built for serverless application development environments.