• Steve Wilson , Chief Product Officer at Contrast Security


• 14.06.2021 04:00 pm
security

This week, Contrast Security announced the release of ‘Contrast Scan’, the DevSecOps platform revolutionising static application security testing (SAST) with pipeline-native static analysis to analyse code and detect vulnerabilities early on in the software development life cycle (SDLC). The launch comes at a time where 98% of financial services companies say they have experienced at least three successful application exploits in the past year, according to Contrast Security’s The State of Application Security in Financial Services report.

The release of Contrast Scan extends the DevSecOps capabilities of the Contrast Application Security Platform to the entire SDLC, empowering security teams to run scans up to 10x faster and remediate vulnerabilities up to 45x faster while meeting compliance requirements of an organization's security policy. This is crucial considering the majority of respondents in The State of Application Security in Financial Services report said that on average each vulnerability currently takes 10 hours of security team time and 10 hours of developer time to remediate. 

Incumbent legacy static approaches employ noisy rule sets to look for code quality issues. This outside-in approach generates immense volumes of security findings that become increasingly more time- and resource-intensive to manage. This is exacerbated due to the number of distracting false-positive alerts that kill productivity—upwards of 85% in many instances. For newer developer-friendly code scanning tools, application security shifts left too far, exacerbating the problem of false positives and leaving developers with no context on prioritization or how-to-fix guidance. In response, two-thirds of practitioners who rely on legacy static scanning indicate they are looking for a different approach to application security. 

Contrast Scan aims to solve these challenges with a pipeline-native approach that achieves dramatic improvements in speed, accuracy, and developer experience, accelerating digital transformation by removing inefficiencies and roadblocks that slow release cycles. Though only 15% of those surveyed in Contrast Security’s Financial Services report application security and development tools are fully integrated, onboarding with Contrast Scan is quick and easy—requiring zero configuration and literally three clicks to get findings. Further, as Contrast Scan is integrated as part of the Contrast Application Security Platform, organizations have a unified, developer-friendly view of vulnerabilities and attacks with harmonized security profiles across SAST, interactive application security testing (IAST), runtime protection and observability, and software composition analysis (SCA), all in one DevSecOps platform. 

Today’s organizations should not be forced to choose between speed and security. With the addition of Contrast Scan, the Contrast Application Security Platform now offers a path to DevSecOps that allows organizations to secure any application anywhere—from a developer’s desktop, at a release gate, or in instances of production. The Contrast platform was purpose-built to deliver true DevSecOps with SCA, application security testing (AST), and exploit prevention capabilities using instrumentation across the entire SDLC.  

Contrast Scan is a game changer for both application security and application development teams as it allows teams to get unprecedented observability into their applications’ threat landscape early in the development life cycle—without all the noise of traditional static scanning tools. This means organizations’ applications will remain more secure while enabling them to maintain the agility of their development teams.