Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Contrast Works well once it is configured well
What do you like best about the product?
Contrast's detection's of vulns are the best because they can point to exactly the line of code without having the count of false positives of other tools.
What do you dislike about the product?
Contrast's licensing and inventory system can be clunky if your application has micro-services
What problems is the product solving and how is that benefiting you?
Vulnerability testing that is managed by devs
- Leave a Comment |
- Mark review as helpful
Contrast Security works great for SAST and DAST security scanning
What do you like best about the product?
Contrast integrated well with our CI/CD pipeline using Travis. It was also great for scanning libraries used by our code. The reports from the scan were very informative. And you could even get email reports about any new attacks or vulnerabilities.
What do you dislike about the product?
The contrast agent has to be added to your application. This initially caused performance issues, especially on Java applications. Thankfully, we worked with Contrast to address those issues.
What problems is the product solving and how is that benefiting you?
Scanning stale libraries for vulnerabilities, detecting any security attacks, and static code analysis to improve the security of our code.
Contrast support you in achieving product value
What do you like best about the product?
They have a great product, backed by a strong team who will work with you to get the maximum value
What do you dislike about the product?
No complaints! I've encountered zero issues
What problems is the product solving and how is that benefiting you?
Giving our developers a tool that helps team to build secure applications from the get go
Shift Smart with Contrast
What do you like best about the product?
Detect and block run-time attacks on known and unknown code vulnerabilities with greater precision
Resolve security vulnerabilities on multi-cloud serverless functions platforms
Test and protect third party, open-source code moving through your software supply chain
Resolve security vulnerabilities on multi-cloud serverless functions platforms
Test and protect third party, open-source code moving through your software supply chain
What do you dislike about the product?
no as of now, I need for Java, Python and scala it supporting all.
What problems is the product solving and how is that benefiting you?
Harden your stack against zero-day exploits like Log4j2 and Text4Shell without developer interruption.
Find and fix in real-time the vulnerabilities that matter in your code with the lowest false positive rate in the industry
Find and fix in real-time the vulnerabilities that matter in your code with the lowest false positive rate in the industry
Great IAST Tool!
What do you like best about the product?
I love the API granularity and the passive nature of the scans. Accuracy is also key. Support is great!
What do you dislike about the product?
Added performance impact when agent is active.
What problems is the product solving and how is that benefiting you?
We're filling an area of code detection that is critical for accuracy and agility. The benefit is the accuracy and a fortified enviroment.
Recommendations to others considering the product:
Consider a way to abstract UI from Developers
Solid option for IAST scanning within certain languages & public clouds
What do you like best about the product?
Simple UI with solid IAST & SCA scans built into Contrast Assess/OSS product.
What do you dislike about the product?
Less robust features for .NET-based workloads: Azure functions/serverless not available (only app services), Azure DevOps integrations work but are not intensive, Contrast support are generally less-knowledgeable on .NET environments (optimized for Java & AWS environments).
What problems is the product solving and how is that benefiting you?
Implementing DevSecOps initiatives for a large health care client.
Building Assess & OSS into pipelines & app service scans are helpful feedback loops for our dev teams. This project is the first time our client has prioritized this sort of work and the client is very excited to have security more baked-in to the development lifecycle.
Building Assess & OSS into pipelines & app service scans are helpful feedback loops for our dev teams. This project is the first time our client has prioritized this sort of work and the client is very excited to have security more baked-in to the development lifecycle.
Recommendations to others considering the product:
Contrast is easy to use once integrated, but it depends on your development stack. Contrast is heavily-optimized towards Java and AWS workloads/environments but are creating more and more in the .NET and Azure fields as well. Unfortunately for my client, they are heavily .NET and Azure-based so some features are not available at the time of this review. If you are looking for an IAST, SCA, RASP option, Contrast is solid.
IAST tool that will boost your Application Security Programme
What do you like best about the product?
The tool is straightforward to use; alerts and errors do not overpower developers during the Coding phase. The experience of Security Analyst, Developer, and Management is very positive.
The reports against Standards (OWASP Top 10 and PCI) are very convenient for audits allowing for better efficiency.
The reports against Standards (OWASP Top 10 and PCI) are very convenient for audits allowing for better efficiency.
What do you dislike about the product?
I have not been able to identify a feature that does not help the organization achieve the results aimed when implementing the solution. The features on the roadmap, along with the ones already in place, offer a complete suite that leaves no room for disliking.
What problems is the product solving and how is that benefiting you?
Our main Customer-facing applications are checked for vulnerabilities against widespread threats (OWASP Top 10). Checking the production version of our applications allows for identifying and resolving actual exploitable vulnerabilities in our Environment. Additionally, due to the level of detail on how to fix section, we train our Software Engineers boosting the security by design culture we have in mind.
Recommendations to others considering the product:
Try Contrast out! Easy setup for a PoC and very flexible to adjust to your environment to get a quick glimpse and results
Contrast ASSESS meets our requirements.
What do you like best about the product?
Very detailed information about findings in team server.
What do you dislike about the product?
nothing, everything is good. we are very satisfied
What problems is the product solving and how is that benefiting you?
Scanning and analysis of security vulnerabilities of web applications
Less Noise, More Security, Room to Improve
What do you like best about the product?
I like the proprietary way in which it scans for vulnerabilities compared to some of the traditional application scanning tools we use/used. Noise is the number one issue we hear from our engineers, and Contrast is really good at reducing the noise and focusing on actual vulnerabilities. The team we have been working with at Contrast has also been very helpful and responsive. It comes with a really good reporting solution out of the box, even though we use our own vulnerability aggregation solution.
What do you dislike about the product?
The biggest thing we are dealing with on Contrast is code coverage. We currently his a much smaller code coverage than what you would see with a traditional SAST or SA scanning solution. We need to figure out a better way to increase that coverage to reduce the amount of risk that we are trying to employ with these new security test methods.
What problems is the product solving and how is that benefiting you?
The problems we are solving is stated above in what I like about the solution. We are reducing the noise that is a part of traditional security scanning solutions and offering actual vulnerabilities for development teams to focus on. With less noise, this allows our team to work closer with our Engineers on being security analysts and not tool administrators. We are still in the process of rolling out at a larger scale, so some of the benefits are still being measured.
"Gives the guidance and learning to developers to improve security of application"
What do you like best about the product?
-Technology used to detect the vulnerabilities, the way it's presented along with complete tracing, guidance for teams to learn about the vulnerability and associated risk are plus.
-Another great advantage is giving visibility into route coverage which helps to identify the route's that not exercised or having high number of vulnerabilities, but please note that it's not supported for all Java frameworks.
-Ease of implementation, works great for both SDLC/DevOps model.
-Another great advantage is giving visibility into route coverage which helps to identify the route's that not exercised or having high number of vulnerabilities, but please note that it's not supported for all Java frameworks.
-Ease of implementation, works great for both SDLC/DevOps model.
What do you dislike about the product?
- Log collection could be improved, for any troubleshooting/debugging require coordination with application teams to set required configuration to collected required logs. Heard that they are changing this approach, looking forward to same.
- Integration with systems like JIRA and other ticketing systems have issues. Again in roadmap to fix.
- Some of the updates require configuration change at the app end, which is hard to implement as it requires coordination with app teams - very hard to adopt to new enhancements.
- Technical support could be improved, slowly seeing the quality of support going down.
- For certain frameworks and app servers, vulnerabilities within commercial app server/framework is getting reported - kind of mess if it's one of the unsupported framework.
- Integration with systems like JIRA and other ticketing systems have issues. Again in roadmap to fix.
- Some of the updates require configuration change at the app end, which is hard to implement as it requires coordination with app teams - very hard to adopt to new enhancements.
- Technical support could be improved, slowly seeing the quality of support going down.
- For certain frameworks and app servers, vulnerabilities within commercial app server/framework is getting reported - kind of mess if it's one of the unsupported framework.
What problems is the product solving and how is that benefiting you?
Application Security Testing, visibility into vulnerabilities in both custom code and libraries.
showing 31 - 40