Contrast security plugin invisibly monitors applications during testing

Get a copy of the upcoming book "Secure Operations Technology"

Aspect Security announced Contrast, an application security service that creates a real-time dashboard of intelligence and vulnerabilities.


Contrast is an IAST solution, integrating the best aspects of static application security testing (SAST) and dynamic application security testing (DAST) and applies them from inside the application server while it is running. It catalogs the application portfolio and automatically gathers information about each application’s size, libraries, architecture, backend connections, sitemap, and test coverage.

“We love software, and it frustrates us to see criminals abuse it to do harm to others,” said Jeff Williams, CEO of Aspect Security and a founding member of the Open Web Application Security Project (OWASP). “Application security technology doesn’t work unless it’s simple enough for anyone to use, is accurate enough so developers don’t waste time, and is scalable across an entire application portfolio. As development and operations iterate faster and faster, application security challenges demand the use of instrumentation and real-time analysis like Contrast.”

Patent-pending technology allows Contrast to instrument each application with a network of passive sensors that reveal both control and data flow through the code. While the application runs, Contrast pinpoints the exact location of security issues in the code, as well as the full HTTP request that caused that code to execute.

The detailed traces include real data, enabling developers to identify the specific security problem and implement the necessary remediation.

Anyone can use Contrast Intelligence Edition for free. Contrast Pro, Business and Enterprise editions are offered on a per-application-per-month basis, starting at just $199.