Contrast’s ability to access a wealth of data about the code, the runtime environment, HTTP traffic, and even runtime data flows is far more than traditional application security tools. This wealth of information combined with Contrast’s innovative application vulnerability fingerprinting algorithms enables Contrast to identify more vulnerabilities, cover more code, and produce less false alarms than other application security technologies.
“With Contrast, organizations can break out of the penetrate-and-patch culture, and fix problems early in the SDLC,” said Jeff Williams, CEO Aspect Security. “Contrast is compatible with real-world software development practices, including Agile and DevOps techniques. No more out-of-date paper-based vulnerability reports, annual scans, or pre-launch security surprises.”
Contrast also protects organizations against insecure and improperly used open source components. It is the first truly scalable application security solution. Organizations can enable their application servers with Contrast in just seconds, and leverage their existing development and testing teams to get security coverage. Enterprise developers will enjoy an unprecedented level of clear, actionable guidance.
Aspect Security researchers recently discovered a new remote code execution vulnerability in the Spring Framework, an open-source web application framework. Over 22,000 organizations worldwide downloaded susceptible versions of Spring over 1.3 million times last year alone.
Contrast is the only automated tool that can identify this type of expression-language injection vulnerability in addition to many other types of complex, significant vulnerabilities, the company said.
Contrast Enterprise on Premise is available now, starting at $4,800 per application per year.