Contrast Security- The Secure Code Platform
Contrast SecurityReviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
54 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Solid option for IAST scanning within certain languages & public clouds
What do you like best about the product?
Simple UI with solid IAST & SCA scans built into Contrast Assess/OSS product.
What do you dislike about the product?
Less robust features for .NET-based workloads: Azure functions/serverless not available (only app services), Azure DevOps integrations work but are not intensive, Contrast support are generally less-knowledgeable on .NET environments (optimized for Java & AWS environments).
What problems is the product solving and how is that benefiting you?
Implementing DevSecOps initiatives for a large health care client.
Building Assess & OSS into pipelines & app service scans are helpful feedback loops for our dev teams. This project is the first time our client has prioritized this sort of work and the client is very excited to have security more baked-in to the development lifecycle.
Building Assess & OSS into pipelines & app service scans are helpful feedback loops for our dev teams. This project is the first time our client has prioritized this sort of work and the client is very excited to have security more baked-in to the development lifecycle.
Recommendations to others considering the product:
Contrast is easy to use once integrated, but it depends on your development stack. Contrast is heavily-optimized towards Java and AWS workloads/environments but are creating more and more in the .NET and Azure fields as well. Unfortunately for my client, they are heavily .NET and Azure-based so some features are not available at the time of this review. If you are looking for an IAST, SCA, RASP option, Contrast is solid.
IAST tool that will boost your Application Security Programme
What do you like best about the product?
The tool is straightforward to use; alerts and errors do not overpower developers during the Coding phase. The experience of Security Analyst, Developer, and Management is very positive.
The reports against Standards (OWASP Top 10 and PCI) are very convenient for audits allowing for better efficiency.
The reports against Standards (OWASP Top 10 and PCI) are very convenient for audits allowing for better efficiency.
What do you dislike about the product?
I have not been able to identify a feature that does not help the organization achieve the results aimed when implementing the solution. The features on the roadmap, along with the ones already in place, offer a complete suite that leaves no room for disliking.
What problems is the product solving and how is that benefiting you?
Our main Customer-facing applications are checked for vulnerabilities against widespread threats (OWASP Top 10). Checking the production version of our applications allows for identifying and resolving actual exploitable vulnerabilities in our Environment. Additionally, due to the level of detail on how to fix section, we train our Software Engineers boosting the security by design culture we have in mind.
Recommendations to others considering the product:
Try Contrast out! Easy setup for a PoC and very flexible to adjust to your environment to get a quick glimpse and results
Contrast ASSESS meets our requirements.
What do you like best about the product?
Very detailed information about findings in team server.
What do you dislike about the product?
nothing, everything is good. we are very satisfied
What problems is the product solving and how is that benefiting you?
Scanning and analysis of security vulnerabilities of web applications
Less Noise, More Security, Room to Improve
What do you like best about the product?
I like the proprietary way in which it scans for vulnerabilities compared to some of the traditional application scanning tools we use/used. Noise is the number one issue we hear from our engineers, and Contrast is really good at reducing the noise and focusing on actual vulnerabilities. The team we have been working with at Contrast has also been very helpful and responsive. It comes with a really good reporting solution out of the box, even though we use our own vulnerability aggregation solution.
What do you dislike about the product?
The biggest thing we are dealing with on Contrast is code coverage. We currently his a much smaller code coverage than what you would see with a traditional SAST or SA scanning solution. We need to figure out a better way to increase that coverage to reduce the amount of risk that we are trying to employ with these new security test methods.
What problems is the product solving and how is that benefiting you?
The problems we are solving is stated above in what I like about the solution. We are reducing the noise that is a part of traditional security scanning solutions and offering actual vulnerabilities for development teams to focus on. With less noise, this allows our team to work closer with our Engineers on being security analysts and not tool administrators. We are still in the process of rolling out at a larger scale, so some of the benefits are still being measured.
"Gives the guidance and learning to developers to improve security of application"
What do you like best about the product?
-Technology used to detect the vulnerabilities, the way it's presented along with complete tracing, guidance for teams to learn about the vulnerability and associated risk are plus.
-Another great advantage is giving visibility into route coverage which helps to identify the route's that not exercised or having high number of vulnerabilities, but please note that it's not supported for all Java frameworks.
-Ease of implementation, works great for both SDLC/DevOps model.
-Another great advantage is giving visibility into route coverage which helps to identify the route's that not exercised or having high number of vulnerabilities, but please note that it's not supported for all Java frameworks.
-Ease of implementation, works great for both SDLC/DevOps model.
What do you dislike about the product?
- Log collection could be improved, for any troubleshooting/debugging require coordination with application teams to set required configuration to collected required logs. Heard that they are changing this approach, looking forward to same.
- Integration with systems like JIRA and other ticketing systems have issues. Again in roadmap to fix.
- Some of the updates require configuration change at the app end, which is hard to implement as it requires coordination with app teams - very hard to adopt to new enhancements.
- Technical support could be improved, slowly seeing the quality of support going down.
- For certain frameworks and app servers, vulnerabilities within commercial app server/framework is getting reported - kind of mess if it's one of the unsupported framework.
- Integration with systems like JIRA and other ticketing systems have issues. Again in roadmap to fix.
- Some of the updates require configuration change at the app end, which is hard to implement as it requires coordination with app teams - very hard to adopt to new enhancements.
- Technical support could be improved, slowly seeing the quality of support going down.
- For certain frameworks and app servers, vulnerabilities within commercial app server/framework is getting reported - kind of mess if it's one of the unsupported framework.
What problems is the product solving and how is that benefiting you?
Application Security Testing, visibility into vulnerabilities in both custom code and libraries.
Application Security Testing at scale.
What do you like best about the product?
The tool helps find high-quality security vulnerabilities at the speed of DevOps. "Fail fast, fail often" at the requirement of daily changes to the application landscape. Traditional SAST and DAST tools struggle to keep up with the rate of change and cause more noise than acceptable. Contrast Security helped us reach our goal of coverage without the hassle of the terrible signal-to-noise ratio common to other application security tools.
What do you dislike about the product?
The main struggle that is inherit with this style of tool is the agent. However, it's unclear how you could have the best of both worlds without it.
What problems is the product solving and how is that benefiting you?
see "What do you like best?"
Great Tool - Easy to setup - Great Support
What do you like best about the product?
As an administrator, the tool being saas, I do not have to worry about the server and I just need to take care of the agents. Installation is easy and the configuration is not much harder. The documentation is well written and you will usually find what you need. For the maintenance, on some machines, I periodically update the agent, which is as simple as executing the installer. In the CI build, with docker image, I always fetch the latest version.
For the developer, they get a warning in our security slack channel when something in their code needs to be "improved".
Support has always been stellar when I needed them for clarification.
For the developer, they get a warning in our security slack channel when something in their code needs to be "improved".
Support has always been stellar when I needed them for clarification.
What do you dislike about the product?
There is nothing I dislike about that tool. It does the job we bought it for, in the background, with minimal maintenance.
What problems is the product solving and how is that benefiting you?
The developers get feedback on their code quickly, and they can fix it while it is fresh in their memory. You end up with a better, more secure application.
Recommendations to others considering the product:
Ask them for a demo, try it out on your product. You will be surprised how good it is.
Contrast Security for developers
What do you like best about the product?
We find the best part of Contrast Security to be the IDE features for developers in real time
What do you dislike about the product?
No disliked items or issues to report here.
What problems is the product solving and how is that benefiting you?
Real-time code recommendations to developers
Contrast Rocks
What do you like best about the product?
It is easy to get useful security information out of Contrast quickly. Easy to onboard and get to exactly where security defects exist in applicaitons.
What do you dislike about the product?
It can be a little pricey but worth the money.
What problems is the product solving and how is that benefiting you?
Contrast fills the gap of dynamic analysis in our SDLC.
Innovation in a security product that delivers real change in ways all other products hope for
What do you like best about the product?
Contrast delivers easy and fast vulnerability data about our applications (IDE environments) that continues through production with the RASP functionality.
What do you dislike about the product?
Initial installation is easy and fast, but the integration to the pipeline takes coordination in a large enterprise.
What problems is the product solving and how is that benefiting you?
Contrast delivers better application telemetry (data flow even, unique) in addition to accurate and verified vulnerability data that includes how to fix code and the line number of the issues. This can be sent to the IDE or to Jira bug tracking queues. We can get this needed info as fast as a developer's sprint operates and there is no more waiting for the security to push the product out to production.
With defects or backlogs of old issues, the RASP can neutralize these allowing more time to address them, essentially like giving aireal coverage.
With defects or backlogs of old issues, the RASP can neutralize these allowing more time to address them, essentially like giving aireal coverage.
Recommendations to others considering the product:
Take into consideration the total cost of ownership and all the value available by contrast.
showing 41 - 50