Sold by: Contrast SecurityÂ
Deployed on AWS
Contrast secures your entire application portfolio with industry leading speed and accuracy, while empowering teams to automatically find and fix vulnerabilities across every step of the software developer lifecycle.
Overview
At Contrast, we take an inside out approach that embeds security testing throughout the development lifecycle. This full context improves accuracy, catching more critical vulnerabilities and remediating faster than any other approach in the market. Our comprehensive platform unifies development, security, and operations to help get secure code moving through your organization. You can secure code - web applications, cloud native, APIs, and open source - across the entire software development lifecycle all from one platform.
The Contrast Platform is comprised of: Contrast Assess offers interactive application security testing (IAST) to identify software vulnerabilities in real time while developers write code automatically. Contrast Assess agents instrument an application that allows monitoring code and report from within the application. With this depth of context, Contrast Assess can reduce alert noise caused by false positives and eliminate hours of work required by DevOps teams to find and fix vulnerabilities without the need for specialized security expertise.
Contrast Protect empowers teams to defend their applications anywhere they run, by embedding an automated and accurate runtime protection capability within the application to continuously monitor and block attacks.
Contrast Scan is a (SAST) source code scanning tool built from the ground up. Contrast Scan utilizes a pipeline-native approach to static application security testing that eliminates the inefficiencies that delay release cycles. Make security testing a simple routine that prioritizes the most pressing vulnerabilities to deliver fast, accurate and actionable results.
Contrast SCA enables businesses to protect their software supply chain by identifying real threats from third-party libraries across the entire software development lifecycle. With Contrast SCA, detect which open-source software components are called in the application runtime and prioritize vulnerability remediation based on which libraries are actively being used.
Contrast Serverless is a purpose-built cloud native application security testing solution to help customers secure their AWS Lambda functions and improve their security posture across their environment.
Need help? For custom pricing, EULA, or a private contract, please contact marketplace.selling@contrastsecurity.com , for a private offer.
Highlights
- Analyze code 10x faster with great accuracy to get secure code moving
- Find vulnerabilities and remediate 45x faster
- Secure your code throughout the entire development lifecycle from one platform
Details
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Contrast Assess | Includes 10 developers; priced per app. (IAST+SCA) | $28,000.00 |
Contrast Protect | SaaS- Priced per application instance. (RASP) | $5,000.00 |
Contrast Scan | SaaS- Priced per developer. (SAST) | $1,000.00 |
Contrast Serverless | Cloud Native Solution. Priced per Developer.(SCA/SAST/DAST/IAM) | $1,000.00 |
Vendor refund policy
All fees are non-cancellable and non-refundable except as required by law.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Contrast Security offers a variety of support options to help ensure your success. Please visit our support page for more information
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Contrast Security
By Aqua Security Software Inc.
By Checkmarx
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Application Security Testing
Interactive application security testing (IAST) that identifies software vulnerabilities in real-time while developers write code
Runtime Protection
Embedded automated defense mechanism that continuously monitors and blocks attacks within the application runtime
Source Code Scanning
Static application security testing (SAST) tool with pipeline-native approach that prioritizes critical vulnerabilities
Software Supply Chain Protection
Identifies and prioritizes threats from third-party libraries across the software development lifecycle based on active component usage
Cloud Native Security
Purpose-built security testing solution for cloud environments, specifically designed to secure serverless functions and cloud infrastructure
Cloud Native Security
Comprehensive protection for containers, serverless, Kubernetes, and AI workloads across multiple cloud environments
Runtime Protection Mechanism
Advanced threat detection and blocking of malicious activities in production cloud native environments
AI Workload Governance
Security controls for large language models and generative AI applications with policy enforcement and abuse detection
Lifecycle Security Integration
Embedded security across software development lifecycle from code creation to production deployment
Compliance Framework
FedRAMP High Authorized platform meeting rigorous enterprise security and compliance standards
Static Application Security Testing
Comprehensive vulnerability scanning for custom code across 25+ programming languages and frameworks
Software Composition Analysis
Automated identification and prioritization of risks in open source software and third-party library dependencies
Infrastructure as Code Analysis
Detection of security misconfigurations in infrastructure template deployments before production
Multi-Scan Integration
Single event trigger for simultaneous scanning of source code, dependencies, and infrastructure templates
Vulnerability Detection
Ability to identify and analyze hundreds of potential security weaknesses in uncompiled source code
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
No security profile
-
-
-
No security profile
Standard contract
No
No
No
Customer reviews
0 ratings
0 AWS reviews
|
3 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Mustufa Bhavnagarwala
A stable solution that provides lots of details on web-based vulnerabilities and source code reviews
Reviewed on Nov 27, 2023
Review provided by PeerSpot
What is our primary use case?
Contrast Security Assess has a really good UI and gives the details in more depth. It gives more information about web application vulnerabilities. If third-party libraries, JS files, and JAR files have any CVEs in them, the solution reports that and gives a grade from A to E. It gives good information about vulnerabilities. It does the secure source code review, and the vulnerability it reports gives the file name and the line numbers indicating the issue and where it is.
What is most valuable?
When we access the application, it continuously monitors and detects vulnerabilities. Contrast Security Assess detects, even at runtime and in the code part, which file or line of code has the vulnerability.
What needs improvement?
Technical support for the solution should be faster.
We have to further analyze what kind of CVEs are in the reported libraries and what part of the code is affected. That analysis can be added to the report that Contrast Security Assess gives. Further analysis should be done of the third-party libraries report that it gives. The solution should provide more details in the section where it shows that third-party libraries have CVEs or some vulnerabilities.
The onboarding or the setup of Contrast Security Assess can get a little easier.
For how long have I used the solution?
I have been using Contrast Security Assess for five years.
What do I think about the stability of the solution?
Contrast Security Assess is a very stable solution.
What do I think about the scalability of the solution?
Contrast Security Assess is a scalable solution. More than 200 employees were using Contrast Security Assess in my previous organization.
How are customer service and support?
Many tickets have been raised to understand some functionality or issues in what the solution reports. We can customize the issues that Contrast Security Assess gives. A ticket was raised to the support team for the customization we wanted. They took some time to understand the customization we actually wanted. It would have been better if their response was more quick.
How would you rate customer service and support?
Positive
How was the initial setup?
The solution’s initial setup was easy.
What other advice do I have?
Contrast Security Assess is deployed on-cloud in our organization.
I would recommend Contrast Security Assess to other users. It's a really good tool. It provides lots of details on web-based vulnerabilities, source code reviews, and third-party library issues.
Overall, I rate Contrast Security Assess an eight out of ten.
AggelosKaronis
A cost-effective solution that is easy to implement and detects vulnerabilities within minutes of launch
Reviewed on May 02, 2023
Review provided by PeerSpot
What is our primary use case?
We use the tool to evaluate our customer-facing apps. We analyze the request, identify the weak parts of the code, and remediate them.Â
How has it helped my organization?
The product has helped us identify vulnerabilities.Â
What is most valuable?
I am impressed with the product's identification of alerts and vulnerabilities.Â
What needs improvement?
The product's retesting part needs improvement. The tool also needs improvement in the suggestions provided for fixing vulnerabilities. It relies more on documentation rather than on quick fixes.Â
For how long have I used the solution?
I have been using the tool for four years.Â
What do I think about the stability of the solution?
The tool has high stability. I would rate it a ten out of ten.Â
What do I think about the scalability of the solution?
I would rate the product's scalability an eight out of ten. My company has 32 users for the tool.Â
How are customer service and support?
The solution's support is very helpful and fast. They offer quality support.Â
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have used SonarQube and GitLab Premium before. We decided to go with Contrast because it has the best price model since it takes into accord only the number of applications. It also finds vulnerabilities within minutes of its launch. The product is also developer-friendly.
How was the initial setup?
The product's setup is easy. I would rate it a ten out of ten. The tool's deployment took one day to complete. The engineers from Contrast did an analysis and submitted a report post which we initiated the tool's installation.Â
What about the implementation team?
We did the product's deployment in-house.Â
What was our ROI?
We have seen ROI with the product's use since it has improved the quality of our codes.Â
What's my experience with pricing, setup cost, and licensing?
The product's pricing is low. I would rate it a two out of ten.Â
What other advice do I have?
I would rate the solution a ten out of ten. It is a cost-effective solution that is easy to implement. You need to try the solution over POC.
Which deployment model are you using for this solution?
On-premises
Paolo Da Ros
An overall stable solution that has significant experience in the market
Reviewed on May 02, 2023
Review provided by PeerSpot
What is most valuable?
Contrast Security Assess is one of the first players in this market, so they have experience and customers, especially abroad. Overall, it's a good product. But, again, if you are commercially weak, you remain a single supplier. In any given market with only one supplier, the market cannot function. It is important to have competition, and one should gain market share through flexibility. It will be too late in two years, as many companies claim to be doing IAST. It's like selling there's no Desktop antivirus versus traditional antivirus. Everybody shall do signature-less virus detection. Otherwise, you're out of the market. This scenario is very similar here, especially in the forward applications.
What needs improvement?
The solution needs to improve flexibility and provide a complete ecosystem like its competitor named, Synopsys. An ecosystem could appeal to their large customers because they are looking for a complete solution, not just a best-in-class solution, but something which integrates into the rest of the development framework.
For how long have I used the solution?
I have been using Contrast Security Assess since 2017.
What do I think about the stability of the solution?
It is a stable solution.
What do I think about the scalability of the solution?
The scalability of the product is a problem in the solution, especially from a commercial perspective.
There must be an integration with the ecosystem and application development landscape. So once the solution is integrated with many tools, it is scalable. It's different from the product, which is scalable because the product is one of the steps within a complex process.
To complete the process, you must integrate the solution with other tools.
How was the initial setup?
I have no direct experience with the initial setup, but I needed a couple of proofs of concept for comparing Contrast with one of its Spanish competitors.
What's my experience with pricing, setup cost, and licensing?
The solution is expensive.
What other advice do I have?
The IAST adoption in Italy, at least, is slow. My customers' feedback is that their commercial aptitude could be more flexible. It needs to be more flexible. They need to understand that they have an opportunity window that will last only a few years. And they are selling to win market share now, wherein in the next two years, everybody will be doing IAST. Whether it is good or bad, more or less, everybody will be doing that because the proposition is unbeatable.
I recommend others to try the solution because it is the most rewarding investment you can make in security access, apart from end-user training and user-awareness training.
But my bad side is that I think three, four years in advance. For example, I made a marketing campaign on VPNs in nineteen ninety-eight. Because VPNs were unbeatable, and it took another ten years before the market took off.
So I'm sure it will happen. Especially in the Italian market, there are market specifics because, in Italy, most of the development is outsourced, and very little development is done in-house.
So the big customers usually do not make the investment. The company which generates the code should be tailored to be bought by the leading company, which then uses the product to assess the work. Technology vendors usually focus on technology, and companies focus on organizational processes. So I was trying to sell outlets, which now are IBM source good edition, Upscaler. I was selling outlets to telecoms and proposing ounce levels as portfolio management. So that they have thousands of applications and you have a tool that assesses any given application's security. And the problem was that the guys in charge of the portfolio were not supposed to have access to the code.
So there was an additional problem stopping the customer from buying a perfect technological solution. They could manage the security, but the guys managing the application portfolio were not supposed to add access to the source code. And so they were not the proper organization for the thing to happen. And this is a problem which in large customers is quite frequent. But, again, you should see any market, a single customer, the needs, the processes, the power struggle, and data on a power struggle; it's more complicated though it can be done.
I would give Synopsys a nine because no one is at ten today.
I have ranked Contrast just below Synopsys because Synopsys has the size and the scope, and they have an internal vertically integrated solution apart from all the partnerships you could have. Since Contrast is a much smaller company, they should enter into some partnerships.
I rate the overall solution an eight out of ten.