We use the tool to evaluate our customer-facing apps. We analyze the request, identify the weak parts of the code, and remediate them.
Contrast Security- The Secure Code Platform
Contrast SecurityReviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
52 reviews
from
and
External reviews are not included in the AWS star rating for the product.
A cost-effective solution that is easy to implement and detects vulnerabilities within minutes of launch
What is our primary use case?
How has it helped my organization?
The product has helped us identify vulnerabilities.
What is most valuable?
I am impressed with the product's identification of alerts and vulnerabilities.
What needs improvement?
The product's retesting part needs improvement. The tool also needs improvement in the suggestions provided for fixing vulnerabilities. It relies more on documentation rather than on quick fixes.
For how long have I used the solution?
I have been using the tool for four years.
What do I think about the stability of the solution?
The tool has high stability. I would rate it a ten out of ten.
What do I think about the scalability of the solution?
I would rate the product's scalability an eight out of ten. My company has 32 users for the tool.
How are customer service and support?
The solution's support is very helpful and fast. They offer quality support.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have used SonarQube and GitLab Premium before. We decided to go with Contrast because it has the best price model since it takes into accord only the number of applications. It also finds vulnerabilities within minutes of its launch. The product is also developer-friendly.
How was the initial setup?
The product's setup is easy. I would rate it a ten out of ten. The tool's deployment took one day to complete. The engineers from Contrast did an analysis and submitted a report post which we initiated the tool's installation.
What about the implementation team?
We did the product's deployment in-house.
What was our ROI?
We have seen ROI with the product's use since it has improved the quality of our codes.
What's my experience with pricing, setup cost, and licensing?
The product's pricing is low. I would rate it a two out of ten.
What other advice do I have?
I would rate the solution a ten out of ten. It is a cost-effective solution that is easy to implement. You need to try the solution over POC.
Which deployment model are you using for this solution?
On-premises
An overall stable solution that has significant experience in the market
What is most valuable?
Contrast Security Assess is one of the first players in this market, so they have experience and customers, especially abroad. Overall, it's a good product. But, again, if you are commercially weak, you remain a single supplier. In any given market with only one supplier, the market cannot function. It is important to have competition, and one should gain market share through flexibility. It will be too late in two years, as many companies claim to be doing IAST. It's like selling there's no Desktop antivirus versus traditional antivirus. Everybody shall do signature-less virus detection. Otherwise, you're out of the market. This scenario is very similar here, especially in the forward applications.
What needs improvement?
The solution needs to improve flexibility and provide a complete ecosystem like its competitor named, Synopsys. An ecosystem could appeal to their large customers because they are looking for a complete solution, not just a best-in-class solution, but something which integrates into the rest of the development framework.
For how long have I used the solution?
I have been using Contrast Security Assess since 2017.
What do I think about the stability of the solution?
It is a stable solution.
What do I think about the scalability of the solution?
The scalability of the product is a problem in the solution, especially from a commercial perspective.
There must be an integration with the ecosystem and application development landscape. So once the solution is integrated with many tools, it is scalable. It's different from the product, which is scalable because the product is one of the steps within a complex process.
To complete the process, you must integrate the solution with other tools.
How was the initial setup?
I have no direct experience with the initial setup, but I needed a couple of proofs of concept for comparing Contrast with one of its Spanish competitors.
What's my experience with pricing, setup cost, and licensing?
The solution is expensive.
What other advice do I have?
The IAST adoption in Italy, at least, is slow. My customers' feedback is that their commercial aptitude could be more flexible. It needs to be more flexible. They need to understand that they have an opportunity window that will last only a few years. And they are selling to win market share now, wherein in the next two years, everybody will be doing IAST. Whether it is good or bad, more or less, everybody will be doing that because the proposition is unbeatable.
I recommend others to try the solution because it is the most rewarding investment you can make in security access, apart from end-user training and user-awareness training.
But my bad side is that I think three, four years in advance. For example, I made a marketing campaign on VPNs in nineteen ninety-eight. Because VPNs were unbeatable, and it took another ten years before the market took off.
So I'm sure it will happen. Especially in the Italian market, there are market specifics because, in Italy, most of the development is outsourced, and very little development is done in-house.
So the big customers usually do not make the investment. The company which generates the code should be tailored to be bought by the leading company, which then uses the product to assess the work. Technology vendors usually focus on technology, and companies focus on organizational processes. So I was trying to sell outlets, which now are IBM source good edition, Upscaler. I was selling outlets to telecoms and proposing ounce levels as portfolio management. So that they have thousands of applications and you have a tool that assesses any given application's security. And the problem was that the guys in charge of the portfolio were not supposed to have access to the code.
So there was an additional problem stopping the customer from buying a perfect technological solution. They could manage the security, but the guys managing the application portfolio were not supposed to add access to the source code. And so they were not the proper organization for the thing to happen. And this is a problem which in large customers is quite frequent. But, again, you should see any market, a single customer, the needs, the processes, the power struggle, and data on a power struggle; it's more complicated though it can be done.
I would give Synopsys a nine because no one is at ten today.
I have ranked Contrast just below Synopsys because Synopsys has the size and the scope, and they have an internal vertically integrated solution apart from all the partnerships you could have. Since Contrast is a much smaller company, they should enter into some partnerships.
I rate the overall solution an eight out of ten.
Engineering Manager , I have full visibility across cybersecurity, vulnerability, devices protection
What do you like best about the product?
learning to understand the PROS/CONS but contrast security had some goodies for enteprise companies like us .
What do you dislike about the product?
Need to run POC to identify the product details
What problems is the product solving and how is that benefiting you?
runtime application security layer 01, layer 02 (code scan/code approvals)
The ultimate solution for securing your application
What do you like best about the product?
My favorite features of Contrast Security are its convenient interface and how quickly it spots possible security hazards in my code. The platform's capacity to be scaled for projects of any size is something else I value.
What do you dislike about the product?
The biggest problem I have with Contrast Security is that it doesn't integrate with some of the software applications I frequently use. The platform can be challenging to use at times, despite its effectiveness in spotting possible security risks.
What problems is the product solving and how is that benefiting you?
The peace of mind I get from using it and understanding that my tasks are secure is one of the primary advantages. The platform's convenient interface makes it simple to use in my daily routine, and it is extremely effective at spotting possible security risks.
Full secured feeling
What do you like best about the product?
All the security features which makes me more productive.
What do you dislike about the product?
It sometimes makes the system very slow but that is ok.
What problems is the product solving and how is that benefiting you?
Application runtime security is what I am least bothered.
Broad Support For Multiple Technologies
What do you like best about the product?
Feature complete with growing support for most industry used lenguages. Very low false positives & Guidance on how to fix the vunerabilities.
What do you dislike about the product?
License structure seems to be very clear on contract but inside the tool you have to deal with different entitlements.
What problems is the product solving and how is that benefiting you?
We needed low false positive solution that allowed our develepers to step up their secure dev practices. Now they can get early alerts on real stuff that needs to be fixed.
It was easy to use
What do you like best about the product?
I like how it is easily integrated to our system
What do you dislike about the product?
I would like to be able to have more control during deployment phase
What problems is the product solving and how is that benefiting you?
Contrast security helped to track down any vulnerabilities that we may have in code
My experience with Contrast Security
What do you like best about the product?
It help organizations identify and remediate vulnerabilities in their software applications, thereby improving their overall security posture. Some of the key features of their solutions include real-time vulnerability detection, precise attack visibility, and seamless integration with DevOps processes. These features can be useful for organizations that prioritize security in their software development lifecycle.
What do you dislike about the product?
Nothing much. Everything was good but the accuracy can further be improved.
What problems is the product solving and how is that benefiting you?
Application security testing
Best and fast security scanner
What do you like best about the product?
It's free to some extent
Fast then most security scanners
Fast then most security scanners
What do you dislike about the product?
Nothing other than the learning and usage curve
What problems is the product solving and how is that benefiting you?
No intervention in the GitHub Actiosn CI/CD pipeline
Contrast Review
What do you like best about the product?
Good findings, relatively to other SAST/DAST solutions has lower false positive alerts
What do you dislike about the product?
Although it has relatively to SAST/DAST solutions lower number of false positive alerts, it is still a lot of false positives
What problems is the product solving and how is that benefiting you?
It helps me to scan services that I don't have the capacity to test manually
showing 21 - 30