Contrast Security Assess has a really good UI and gives the details in more depth. It gives more information about web application vulnerabilities. If third-party libraries, JS files, and JAR files have any CVEs in them, the solution reports that and gives a grade from A to E. It gives good information about vulnerabilities. It does the secure source code review, and the vulnerability it reports gives the file name and the line numbers indicating the issue and where it is.
Contrast Security- The Secure Code Platform
Contrast SecurityReviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
52 reviews
from
and
External reviews are not included in the AWS star rating for the product.
A stable solution that provides lots of details on web-based vulnerabilities and source code reviews
What is our primary use case?
What is most valuable?
When we access the application, it continuously monitors and detects vulnerabilities. Contrast Security Assess detects, even at runtime and in the code part, which file or line of code has the vulnerability.
What needs improvement?
Technical support for the solution should be faster.
We have to further analyze what kind of CVEs are in the reported libraries and what part of the code is affected. That analysis can be added to the report that Contrast Security Assess gives. Further analysis should be done of the third-party libraries report that it gives. The solution should provide more details in the section where it shows that third-party libraries have CVEs or some vulnerabilities.
The onboarding or the setup of Contrast Security Assess can get a little easier.
For how long have I used the solution?
I have been using Contrast Security Assess for five years.
What do I think about the stability of the solution?
Contrast Security Assess is a very stable solution.
What do I think about the scalability of the solution?
Contrast Security Assess is a scalable solution. More than 200 employees were using Contrast Security Assess in my previous organization.
How are customer service and support?
Many tickets have been raised to understand some functionality or issues in what the solution reports. We can customize the issues that Contrast Security Assess gives. A ticket was raised to the support team for the customization we wanted. They took some time to understand the customization we actually wanted. It would have been better if their response was more quick.
How would you rate customer service and support?
Positive
How was the initial setup?
The solution’s initial setup was easy.
What other advice do I have?
Contrast Security Assess is deployed on-cloud in our organization.
I would recommend Contrast Security Assess to other users. It's a really good tool. It provides lots of details on web-based vulnerabilities, source code reviews, and third-party library issues.
Overall, I rate Contrast Security Assess an eight out of ten.
Contrast Security is manageable
What do you like best about the product?
The default scoring, for libraries sometimes be discouraging. There are some security risk categories that are not covered I have noticed that the product keeps improving. There is room for improvement in terms of SCA options and UI functionalities.
What do you dislike about the product?
The absence of alerts also limits our ability to proactively solve security threats. Navigating through the interface is difficult for users.
What problems is the product solving and how is that benefiting you?
Contrast Security has transformed our cybersecurity approach. It continuously monitors our applications in time and identifies vulnerabilities promptly. It automates security testing and removes the necessity, for code reviews.
Security and compliance of our applications
What do you like best about the product?
Contrast Security provide language support is a bit slow, on occasion.It is customized to prioritize vulnerability detection.
What do you dislike about the product?
The interface of Contrast Security sometimes is cluttered making it difficult to navigate and locate information. This platform improves from a intuitive design that enhances user experience.
What problems is the product solving and how is that benefiting you?
They have solved our application security difficulties by providing vulnerability detection and protection.
Contrast Security makes application security simple
What do you like best about the product?
Contrast makes understanding vulnerabilities easy. For every vulnerability found in custom code, there is an answer to what the vulnerability is, why it is a risk, and how to fix the vulnerability. It is also great at identifying libraries used within the application and the potential vulnerabilites for each library.
What do you dislike about the product?
Although Contrast is great at identitfying libraries, the default scoring for the libraries can be very particular. It can make developers feel discouraged seeing an F score because the library is a version behind. There is a way to change the scoring to only look at associated vulnerabilities, but there is still a benefit to seeing libraries that are behind on updates.
What problems is the product solving and how is that benefiting you?
With Contrast's IAST product we are able to see vulnerabilities at runtime and it reduces the amount of false positives that we see with other tools. Communication with development teams has improved because the breakdown of vulnerabilities is so clear.
Shift-Smart with Contrast
What do you like best about the product?
Contrast allows us to test an application during the run-time, which reduces the number of false positives we have to deal with in traditional SAST scans. The IAST testing combines SAST and DAST into one while identifying the issues in open-source libraries and custom code. The Integrations are easy and don't consume more system resources to run the agent. The Sales, TAM, management, and Support team has the customer-first approach; their support is amazing they cater to your needs.
What do you dislike about the product?
Language Support in IAST is a bit slow and manageable, but handling legacy applications is tough without having to scan some old versions of programming languages if they could expand their language support and have backward compatibility, that would be great.
What problems is the product solving and how is that benefiting you?
Securing our application in Run-time is a huge advantage, while developers can remediate the vulnerabilities during the development phases. Their platform provides us the 360 visibility and security for our application, which is a key business problem for any fin-tech company.
Effective Tool
What do you like best about the product?
The most helpful features of contrast security would be real time protection and its accuracy. Our company really benefits from the continuous security monitoring and protection during runtime as well as the high accuracy rate of detecting vulnerablities
What do you dislike about the product?
The only downside I can think of is the amount of false positive/negatives.
What problems is the product solving and how is that benefiting you?
Hybrid testing... monitor our applications inner working. Accessing HTTP requests/responses and call stacks. Contrast Protect.. runtime protection is very important to the security of our applications
Great Experience with Contrast Products
What do you like best about the product?
I like that it is very easy to implement and use, they are always looking for improvements to their platform. Sales and support staff always have a great sense of support.
What do you dislike about the product?
over the last year we had one or two web service outages.They can improve the documentation of the products, how to solve problems, integrations, route coverage.
What problems is the product solving and how is that benefiting you?
The need to acquire Contrast was to improve the security of our CICD for web applications. Contrast has added great value to the security of our applications in the company.
Contrast is a powerful tool.
What do you like best about the product?
Contrast has a great breadth of technologies on offer. The insights that the tools provides are in depth, but also explain everything simply. When looking at vulnerabilities that were found, it is very easy to trace what has happened.
What do you dislike about the product?
Contrast is a bit hard to implement in our environment. We were forced to use a deprecated package due to our environment being a bit outdated. The licensing with the RASP solution is not what we initially thought when purchasing the product.
What problems is the product solving and how is that benefiting you?
Contrast is helping us identify vulnerabilities that are presenting themselves during the running of an application through IAST, while RASP is helping us to block attacks, and see what avenues attacks are coming through.
A complete and useful security tool
What do you like best about the product?
It has a great product portfolio, besides the backend code analysis there's also a front end analysis for popular frameworks such as react or angular. Also it has a configuration for the pipelines, a lot of products doesn't have all in one
What do you dislike about the product?
It will be really useful to get some kind of log for the vulnerabilities that were closed as remediated/fixed/not a problem to know why contrast reopened them as resported status
What problems is the product solving and how is that benefiting you?
Contrast is helping us to go deeper on the pentesting activities, to find vulnerabilities that cannot be seen by just assesing the front end, it helps us to find CVEs on the application libraries and insecure code in the back end
Great Service and Product
What do you like best about the product?
Contrast let's us monitor vulnerability accurately by application and also gives serverity of related vulnerabilities.
What do you dislike about the product?
There isn't anything I dislike about Contrast Security.
What problems is the product solving and how is that benefiting you?
Keeping track of the vulnerabilities and providing us with alerts of attacks.
showing 1 - 10