Contrast Security Assess Reviews

Name: Contrast Security Assess
Brand: Contrast Security
Rating: 4.4 (11 reviews)

4.4 out of 5

11 reviews
100% willing to recommend

180 followers

What is Contrast Security Assess?

Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.

Get the Contrast Security Assess Buyer's Guide and find out what your peers are saying about Contrast Security Assess, SonarQube Server (formerly SonarQube), GitLab and more!

Contrast Security Assess is the #22 ranked solution in AST tools and #26 ranked solution in application security solutions. PeerSpot users give Contrast Security Assess an average rating of 8.8 out of 10. Contrast Security Assess is most commonly compared to SonarQube Server (formerly SonarQube): Contrast Security Assess vs SonarQube Server (formerly SonarQube). Contrast Security Assess is popular among the large enterprise segment, accounting for 69% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 25% of all views.

Buyer's Guide

Contrast Security Assess

April 2025

Get the report

Helped 849,686 peers since 2012

Featured Contrast Security Assess reviews

ToddMcAlister

Lead Application and Data Security Engineer at a insurance company with 5,001-10,000 employees

Assess has brought our development time down because it helps create code the first time. Instead of going through the Jenkins process to build an application, they can see right off the bat that if there are errors in the code and fix them before it even goes to build.

Read full review

Mustufa Bhavnagarwala

CyberRisk Solution Advisor at Deloitte

Technical support for the solution should be faster. We have to further analyze what kind of CVEs are in the reported libraries and what part of the code is affected. That analysis can be added to the report that Contrast Security Assess gives. Further analysis should be done of the third-party libraries report that it gives. The solution should provide more details in the section where it shows that third-party libraries have CVEs or some vulnerabilities. The onboarding or the setup of Contrast Security Assess can get a little easier.

Read full review

Ramesh Raja

Senior Security Architect at a tech services company with 5,001-10,000 employees

Contrast Security Assess covers a wide range of applications like .NET Framework, Java, PSP, Node.js, etc. But there are some like Ubuntu and the .NET Core which are not covered. They have it in their roadmap to have these agents. If they have that, we will have complete coverage. Let's say you have .NET Core in an Ubuntu setup. You probably don't have an agent that you could install, at all. If Contrast gets those built up, and provides wide coverage, that will make it a masterpiece. So they should explore more of technologies that they don't support. It should also include some of the newer ones and future technologies. For example, Google is coming up with its own OS. If they can support agent-based or sensor-based technology there, that would really help a lot.

Read full review

Contrast Security Assess mindshare

Product category:

As of May 2025, the mindshare of Contrast Security Assess in the Static Application Security Testing (SAST) category stands at 0.5%, up from 0.4% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Static Application Security Testing (SAST)

PeerResearch reports based on Contrast Security Assess reviews

Type	Title	Date
Category	Static Application Security Testing (SAST)	Apr 30, 2025	Download
Product	Reviews, tips, and advice from real users	Apr 30, 2025	Download
Comparison	Contrast Security Assess vs SonarQube Server (formerly SonarQube)	Apr 30, 2025	Download
Comparison	Contrast Security Assess vs Veracode	Apr 30, 2025	Download
Comparison	Contrast Security Assess vs Checkmarx One	Apr 30, 2025	Download

Title	Rating	Mindshare	Recommending
SonarQube Server (formerly SonarQube)	4.0	25.0%	81%	114 interviews Add to research
GitLab	4.3	2.7%	97%	82 interviews Add to research

Valuable Features

Contrast Security Assess excels in identifying vulnerabilities accurately with minimal false positives, outperforming other tools. It provides real-time vulnerability detection and comprehensive stack trace details, aiding in timely fixes. The tool's integration into the development process enhances efficiency and incorporates security elements seamlessly. It also offers valuable features like third-party library monitoring, PCI compliance reports, and robust automation, significantly reducing the time and effort spent on vulnerability management.

"When we access the application, it continuously monitors and detects vulnerabilities."
"It is a stable solution...Contrast Security Assess is one of the first players in this market, so they have experience and customers, especially abroad. Overall, it's a good product."
"I am impressed with the product's identification of alerts and vulnerabilities."

Room for Improvement

Contrast Security Assess needs improvements in documentation and plugin integration. It lacks support for some technologies like .NET Core on Ubuntu and PHP. Users desire better scanning rules, client-side support, and more intuitive reporting. Technical support speed and onboarding processes could be enhanced. There's a need for better vulnerability fixes and ecosystem flexibility. Updates involve cumbersome downloads, and personalization options for reporting and dashboards could be improved for large organizations.

"The solution should provide more details in the section where it shows that third-party libraries have CVEs or some vulnerabilities."
"The solution needs to improve flexibility...The scalability of the product is a problem in the solution, especially from a commercial perspective."
"The product's retesting part needs improvement. The tool also needs improvement in the suggestions provided for fixing vulnerabilities. It relies more on documentation rather than on quick fixes."

ROI

Several organizations have observed a return on investment with Contrast Security Assess. Contrast aids in securing key revenue-driving applications and reduces the attack surface by identifying vulnerabilities early in development. Continuous scanning allows teams to address software defects before production. Time savings occur for both security and development teams, as they handle fewer false positives and focus on actionable results. Code quality improves through reduced code use and streamlined processes.

Pricing

Contrast Security Assess pricing is straightforward, focusing on per-application licensing without regard to application size, making it ideal for large, monolithic applications. Enterprise buyers note that while pricing is industry-standard, it may not scale well in highly clustered environments. The tiered model allows flexibility with a pay-per-application system, benefitting environments with fewer onboarded applications. Developer licenses are sometimes required, leading to potential additional costs. Overall, the pricing is considered reasonable for its features.

"The solution is expensive."
"The product's pricing is low. I would rate it a two out of ten."
"It's a tiered licensing model. The more you buy, as you cross certain quantity thresholds, the pricing changes. If you have a smaller environment, your licensing costs are going to be different than a larger environment... The licensing is primarily per application. An application can be as many agents as you need. If you've got 10 development servers and 20 production servers and 50 QA servers, all of those agents can be reporting as a single application that utilizes one license."

Popular Use Cases

Contrast Security Assess is primarily used for enhancing security around legacy applications, providing application vulnerability scanning and pen-testing. It integrates into developer workflows for immediate vulnerability identification, supports multiple programming languages, and offers continuous monitoring. It operates on a cloud-hosted platform where data is aggregated, analyzed, and interacted with. Assess has improved visibility for code testing and includes features like secure source code analysis, providing detailed information about web application vulnerabilities and third-party library CVEs.

Service and Support

Contrast Security Assess provides responsive and helpful support, with quick response times and knowledgeable staff. Many users appreciate their enthusiastic and accommodating team, noting rapid responses to inquiries. Some have experienced delays in comprehending custom requests, but most find communication efficient. Despite some challenges with troubleshooting via cumbersome log files, the technical support is generally rated positively, often resolving issues promptly through web or email submissions. Contrast is recognized for its top-tier standard support.

Deployment

Initial setup for Contrast Security Assess is straightforward for many, involving adding the jar file to JVM arguments. Instructions are clear, but deployment varies by organization size and complexity. While some complete setup quickly, larger environments take longer due to multiple teams and applications. Users highlight easy integration with Java, .NET, and PCF, though automation is challenging due to varied applications. Maintenance involves collaboration with different teams, focusing on agent deployment and data management.

Scalability

Contrast Security Assess exhibits strong scalability, integrating well with various applications regardless of complexity. It allows widespread deployment across different environments, both cloud and on-premises. While some challenges exist in automation and technology support, organizations can scale efficiently with a robust change-management strategy. The ability to expand usage across multiple teams is significant, but requires initial setup and familiarization by key personnel. Development teams are gradually adapting to the platform due to its comprehensive application security features.

Stability

Contrast Security Assess exhibits significant stability, with most users experiencing minimal downtime and effective support. Some challenges arise from unsupported applications like ColdFusion and occasional performance impacts on specific applications. However, many find it reliable once deployed, with maintenance and monitoring streamlined. Assess performs well in preproduction and is robust for development sites. Users appreciate its smooth operation, high stability, and efficient handling of traffic.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Contrast Security Assess Buyer's Guide for additional reliable information.