Contrast Scan empowers developers to analyze front-end code for vulnerabilities

Contrast Security announced the expansion of its Secure Code Platform’s static application security testing (SAST) capabilities to include JavaScript language support along with support for Angular, React and jQuery frameworks, which will allow developers to find and fix security defects in their client-side code.

With this new Contrast Scan addition, application security and development teams leveraging the Contrast Secure Code Platform can scale security across the entire application stack, from client-side to server-side, with speed and accuracy.

JavaScript is the most popular coding language in the world with modern frameworks such as Angular, React and jQuery being ubiquitous in web development. However, since JavaScript is executed on the user’s browser, this exposes sensitive application data on the client-side, leaving JavaScript applications susceptible to vulnerabilities like cross-site scripting (XSS) or Broken Access Control.

Contrast prioritizes real, exploitable vulnerabilities in client-side code by performing analysis on vulnerable entry points within the application, allowing developers to rely on accurate scans that take just seconds.

Contrast’s extended capabilities help DevSecOps organizations achieve the following benefits:

• Early detection of client-side vulnerabilities. This is achieved through analyzing client-side source code within routine development pipelines, complemented by easy-to-follow remediation guidance directly within the developers’ pipeline environment.
• Full visibility into client-side code risk. Contrast’s pipeline-native SAST engine coupled with security rules tailored for JavaScript finds up to 63% more exploitable vulnerabilities than superficial tests run within the IDE.
• False positive rates as low as 1%. A significant reduction in false positive rates compared to leading commercial SAST tools.
• Ability to safeguard each layer of the software stack. Contrast Scan works in tandem with Contrast’s runtime code security solution to secure front-end code and back-end code within a centrally managed platform

“A growing concern for AppSec and Development Managers is how to embed security within the development pipeline. Regardless of whether you specialize in front-end, back-end, or full-stack development, we want to help enable developers to deliver secure code from the start,” said Steven Phillips, Vice President of Product Marketing at Contrast Security.

“Fortunately, with the new expansion of our Secure Code Platform language coverage to include client-side JavaScript with Angular, React and jQuery, AppSec and Development managers and their teams can now find and fix security defects in their client-side code with industry-leading speed and accuracy. This is a testament to Contrast’s mission to further invest in tools that allow customers to embed code security testing through each stage of the SDLC [software development lifecycle].”

Client-side JavaScript support is now available to enterprise customers through existing Contrast Scan subscriptions.