Sold by: Contrast SecurityÂ
Deployed on AWS
Contrast secures your entire application portfolio with industry leading speed and accuracy, while empowering teams to automatically find and fix vulnerabilities across every step of the software developer lifecycle.
Overview
At Contrast, we take an inside out approach that embeds security testing throughout the development lifecycle. This full context improves accuracy, catching more critical vulnerabilities and remediating faster than any other approach in the market. Our comprehensive platform unifies development, security, and operations to help get secure code moving through your organization. You can secure code - web applications, cloud native, APIs, and open source - across the entire software development lifecycle all from one platform.
The Contrast Platform is comprised of: Contrast Assess offers interactive application security testing (IAST) to identify software vulnerabilities in real time while developers write code automatically. Contrast Assess agents instrument an application that allows monitoring code and report from within the application. With this depth of context, Contrast Assess can reduce alert noise caused by false positives and eliminate hours of work required by DevOps teams to find and fix vulnerabilities without the need for specialized security expertise.
Contrast Protect empowers teams to defend their applications anywhere they run, by embedding an automated and accurate runtime protection capability within the application to continuously monitor and block attacks.
Contrast Scan is a (SAST) source code scanning tool built from the ground up. Contrast Scan utilizes a pipeline-native approach to static application security testing that eliminates the inefficiencies that delay release cycles. Make security testing a simple routine that prioritizes the most pressing vulnerabilities to deliver fast, accurate and actionable results.
Contrast SCA enables businesses to protect their software supply chain by identifying real threats from third-party libraries across the entire software development lifecycle. With Contrast SCA, detect which open-source software components are called in the application runtime and prioritize vulnerability remediation based on which libraries are actively being used.
Contrast Serverless is a purpose-built cloud native application security testing solution to help customers secure their AWS Lambda functions and improve their security posture across their environment.
Need help? For custom pricing, EULA, or a private contract, please contact marketplace.selling@contrastsecurity.com , for a private offer.
Highlights
- Analyze code 10x faster with great accuracy to get secure code moving
- Find vulnerabilities and remediate 45x faster
- Secure your code throughout the entire development lifecycle from one platform
Details
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Contrast Assess | Includes 10 developers; priced per app. (IAST+SCA) | $28,000.00 |
Contrast Protect | SaaS- Priced per application instance. (RASP) | $5,000.00 |
Contrast Scan | SaaS- Priced per developer. (SAST) | $1,000.00 |
Contrast Serverless | Cloud Native Solution. Priced per Developer.(SCA/SAST/DAST/IAM) | $1,000.00 |
Vendor refund policy
All fees are non-cancellable and non-refundable except as required by law.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Contrast Security offers a variety of support options to help ensure your success. Please visit our support page for more information
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Contrast Security
By Aqua Security Software Inc.
By Checkmarx
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Application Security Testing
Interactive application security testing (IAST) that identifies software vulnerabilities in real-time while developers write code
Runtime Protection
Embedded automated defense mechanism that continuously monitors and blocks attacks within the application runtime
Source Code Scanning
Static application security testing (SAST) tool with pipeline-native approach that prioritizes critical vulnerabilities
Software Supply Chain Protection
Identifies and prioritizes threats from third-party libraries across the software development lifecycle based on active component usage
Cloud Native Security
Purpose-built security testing solution for cloud environments, specifically designed to secure serverless functions and cloud infrastructure
Cloud Native Security
Comprehensive protection for containers, serverless, Kubernetes, and AI workloads across multiple cloud environments
Runtime Protection Mechanism
Advanced threat detection and blocking of malicious activities in production cloud native environments
AI Workload Governance
Security controls for large language models and generative AI applications with policy enforcement and abuse detection
Lifecycle Security Integration
Embedded security across software development lifecycle from code creation to production deployment
Compliance Framework
FedRAMP High Authorized platform meeting rigorous enterprise security and compliance standards
Static Application Security Testing
Flexible solution capable of identifying vulnerabilities across 25+ programming languages and frameworks
Software Composition Analysis
Comprehensive scanning of open source software and third-party libraries to identify and prioritize potential vulnerabilities and license risks
Infrastructure as Code Analysis
Detection of security misconfigurations in infrastructure templates to prevent potential deployment errors and security risks
Multi-Scan Integration
Single event trigger for simultaneous scanning of source code, dependencies, and infrastructure templates with centralized result aggregation
Vulnerability Detection Mechanism
Advanced scanning of uncompiled code with targeted re-scanning of new or modified code segments for efficient threat identification
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
No security profile
-
-
-
No security profile
Standard contract
No
No
No
Customer reviews
0 ratings
0 AWS reviews
|
52 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Mustufa Bhavnagarwala
A stable solution that provides lots of details on web-based vulnerabilities and source code reviews
Reviewed on Nov 27, 2023
Review provided by PeerSpot
What is our primary use case?
Contrast Security Assess has a really good UI and gives the details in more depth. It gives more information about web application vulnerabilities. If third-party libraries, JS files, and JAR files have any CVEs in them, the solution reports that and gives a grade from A to E. It gives good information about vulnerabilities. It does the secure source code review, and the vulnerability it reports gives the file name and the line numbers indicating the issue and where it is.
What is most valuable?
When we access the application, it continuously monitors and detects vulnerabilities. Contrast Security Assess detects, even at runtime and in the code part, which file or line of code has the vulnerability.
What needs improvement?
Technical support for the solution should be faster.
We have to further analyze what kind of CVEs are in the reported libraries and what part of the code is affected. That analysis can be added to the report that Contrast Security Assess gives. Further analysis should be done of the third-party libraries report that it gives. The solution should provide more details in the section where it shows that third-party libraries have CVEs or some vulnerabilities.
The onboarding or the setup of Contrast Security Assess can get a little easier.
For how long have I used the solution?
I have been using Contrast Security Assess for five years.
What do I think about the stability of the solution?
Contrast Security Assess is a very stable solution.
What do I think about the scalability of the solution?
Contrast Security Assess is a scalable solution. More than 200 employees were using Contrast Security Assess in my previous organization.
How are customer service and support?
Many tickets have been raised to understand some functionality or issues in what the solution reports. We can customize the issues that Contrast Security Assess gives. A ticket was raised to the support team for the customization we wanted. They took some time to understand the customization we actually wanted. It would have been better if their response was more quick.
How would you rate customer service and support?
Positive
How was the initial setup?
The solution’s initial setup was easy.
What other advice do I have?
Contrast Security Assess is deployed on-cloud in our organization.
I would recommend Contrast Security Assess to other users. It's a really good tool. It provides lots of details on web-based vulnerabilities, source code reviews, and third-party library issues.
Overall, I rate Contrast Security Assess an eight out of ten.
Slobodan O.
Contrast Security is manageable
Reviewed on Oct 20, 2023
Review provided by G2
What do you like best about the product?
The default scoring, for libraries sometimes be discouraging. There are some security risk categories that are not covered I have noticed that the product keeps improving. There is room for improvement in terms of SCA options and UI functionalities.
What do you dislike about the product?
The absence of alerts also limits our ability to proactively solve security threats. Navigating through the interface is difficult for users.
What problems is the product solving and how is that benefiting you?
Contrast Security has transformed our cybersecurity approach. It continuously monitors our applications in time and identifies vulnerabilities promptly. It automates security testing and removes the necessity, for code reviews.
Sibila D.
Security and compliance of our applications
Reviewed on Oct 09, 2023
Review provided by G2
What do you like best about the product?
Contrast Security provide language support is a bit slow, on occasion.It is customized to prioritize vulnerability detection.
What do you dislike about the product?
The interface of Contrast Security sometimes is cluttered making it difficult to navigate and locate information. This platform improves from a intuitive design that enhances user experience.
What problems is the product solving and how is that benefiting you?
They have solved our application security difficulties by providing vulnerability detection and protection.
Higher Education
Contrast Security makes application security simple
Reviewed on Aug 23, 2023
Review provided by G2
What do you like best about the product?
Contrast makes understanding vulnerabilities easy. For every vulnerability found in custom code, there is an answer to what the vulnerability is, why it is a risk, and how to fix the vulnerability. It is also great at identifying libraries used within the application and the potential vulnerabilites for each library.
What do you dislike about the product?
Although Contrast is great at identitfying libraries, the default scoring for the libraries can be very particular. It can make developers feel discouraged seeing an F score because the library is a version behind. There is a way to change the scoring to only look at associated vulnerabilities, but there is still a benefit to seeing libraries that are behind on updates.
What problems is the product solving and how is that benefiting you?
With Contrast's IAST product we are able to see vulnerabilities at runtime and it reduces the amount of false positives that we see with other tools. Communication with development teams has improved because the breakdown of vulnerabilities is so clear.
Kiran S.
Shift-Smart with Contrast
Reviewed on Aug 17, 2023
Review provided by G2
What do you like best about the product?
Contrast allows us to test an application during the run-time, which reduces the number of false positives we have to deal with in traditional SAST scans. The IAST testing combines SAST and DAST into one while identifying the issues in open-source libraries and custom code. The Integrations are easy and don't consume more system resources to run the agent. The Sales, TAM, management, and Support team has the customer-first approach; their support is amazing they cater to your needs.
What do you dislike about the product?
Language Support in IAST is a bit slow and manageable, but handling legacy applications is tough without having to scan some old versions of programming languages if they could expand their language support and have backward compatibility, that would be great.
What problems is the product solving and how is that benefiting you?
Securing our application in Run-time is a huge advantage, while developers can remediate the vulnerabilities during the development phases. Their platform provides us the 360 visibility and security for our application, which is a key business problem for any fin-tech company.