Coming October 25: PeerSpot Awards will be announced! Learn more
2020-05-05T10:37:00Z
Julia Frohwein - PeerSpot reviewer
Senior Director of Delivery at PeerSpot (formerly IT Central Station)
  • 0
  • 7

What do you like most about Contrast Security Assess?

Hi Everyone,

What do you like most about Contrast Security Assess?

Thanks for sharing your thoughts with the community!

7
PeerSpot user
7 Answers
SW
Senior Customer Success Manager at a tech company with 201-500 employees
Real User
Top 5
2021-02-17T23:07:51Z
17 February 21

By far, the thing that was able to provide value was the immediate response while testing ahead of release, in real-time.

Search for a product comparison
Aggelos Karonis - PeerSpot reviewer
Technical Information Security Team Lead at Kaizen Gaming
Real User
2020-09-14T06:48:00Z
14 September 20

In our most critical applications, we have a deep dive in the code evaluation, which was something we usually did with periodic vulnerability assessments, code reviews, etc. Now, we have real time access to it. It's something that has greatly enhanced our code's quality. We have actually embedded a KPI in regards to the improvement of our code shell. For example, Contrast provides a baseline where libraries and the usability of the code are evaluated, and they produce a score. We always aim to improve that score. On a quarterly basis, we have added this to our KPIs.

TS
Manager at Deloitte
Real User
2020-07-07T11:18:00Z
07 July 20

The most valuable feature is the continuous monitoring aspect: the fact that we don't have to wait for scans to complete for the tool to identify vulnerabilities. They're automatically identified through developers' business-as-usual processes.

HK
Product Security Engineer at Salesforce
Real User
2020-07-02T10:06:00Z
02 July 20

No other tool does the runtime scanning like Contrast does. Other static analysis tools do static scanning, but Contrast is runtime analysis, when the routes are exercised. That's when the scan happens. This is a tool that has a very unique capability compared to other tools. That's what I like most about Contrast, that it's runtime.

Ramesh Raja - PeerSpot reviewer
Senior Security Architect at a tech services company with 5,001-10,000 employees
Real User
2020-06-07T09:09:00Z
07 June 20

We use the Contrast OSS feature that allows us to look at third-party, open-source software libraries, because it has a cool interface where you can look at all the different libraries. It has some really cool additional features where it gives us how many instances in which something has been used... It tells us it has been used 10 times out of 20 workloads, for example. Then we know for sure that OSS is being used.

TM
Director of Innovation at a tech services company with 1-10 employees
Real User
2020-06-02T08:40:00Z
02 June 20

The accuracy of the solution in identifying vulnerabilities is better than any other product we've used, far and away. In our internal comparisons among different tools, Contrast consistently finds more impactful vulnerabilities, and also identifies vulnerabilities that are nearly guaranteed to be there, meaning that the chance of false positives is very low.

Find out what your peers are saying about Contrast Security, Veracode, HCL and others in Application Security Tools. Updated: October 2022.
635,987 professionals have used our research since 2012.
C. Ray Mallory - PeerSpot reviewer
Lead Application Security Engineer at FEPOC
Real User
2020-05-05T10:37:00Z
05 May 20

What I find most valuable is the fact that we can install the agents onto the web server and then it does the automatic scanning. Every day when I come in, I log into Contrast and I can see the agent reports, real-time, on the vulnerabilities. I can see my list of security vulnerabilities that are immediately reported on a daily basis.

Related Questions
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
Aug 01, 2022
How do you or your organization use this solution? Please share with us so that your peers can learn from your experiences. Thank you!
2 out of 8 answers
TM
Director of Innovation at a tech services company with 1-10 employees
02 June 20
It is used primarily to help put a layer of security around some of our legacy applications that were built quite some time ago. It's also used to provide better quality assessments on the vulnerabilities of some of these applications, compared to some of the other tools that we've been using. We're using the SaaS platform.
Ramesh Raja - PeerSpot reviewer
Senior Security Architect at a tech services company with 5,001-10,000 employees
07 June 20
We use the solution for application vulnerability scanning and pen-testing. We have a workflow where we use a Contrast agent and deploy it to apps from our development team. Contrast continuously monitors the apps. When any development team comes to us and asks, "Hey, can you take care of the Assess, run a pen test and do vulnerability scanning for our application?" We have a workflow and deploy a Contrast agent to their app. Because Contrast continuously monitors the app, when we have notifications from Contrast and they go to the developers who are responsible for fixing that piece of the code. As soon as they see a notification, and especially when it's a higher, critical one, they go back into Contrast, look at how to fix it, and make changes to their code. It's quite easy to then go back to Contrast and say, "Hey, just consider this as fixed and if you see it come back again, report it to us." Since Contrast continuously looks at the app, if the finding doesn't come back in the next two days, then we say, "Yeah, that's fixed." It's been working out well in our model so far. We have pre-production environments where dedicated developers look at it. We also have some of these solutions in production, so that way we can switch back. It's hosted in their cloud and we just use it to aggregate all of our vulnerabilities there.
Julia Frohwein - PeerSpot reviewer
Senior Director of Delivery at PeerSpot (formerly IT Central Station)
Aug 01, 2022
Hi, We all know it's really hard to get good pricing and cost information. Please share what you can so you can help your peers.
2 out of 7 answers
TM
Director of Innovation at a tech services company with 1-10 employees
02 June 20
If you know your needs upfront, and if you're more concerned about vulnerabilities and you already have a web application firewall that you're happy with, then focus on the Assess component of it, because the Assess component has a very straightforward licensing strategy. If you need the web application firewall and you have a highly clustered environment, then you will be paying that license cost per server. Unfortunately, that does not scale as well for us. It helps to understand what your use case is upfront and apply that with Contrast, knowing whether or not you need it per application or per server.
Ramesh Raja - PeerSpot reviewer
Senior Security Architect at a tech services company with 5,001-10,000 employees
07 June 20
I like the per-application licensing model, but there are reasons why some solutions want to do per KLOC. For us, especially because it's per app, it's really easy. We just license the app and we look at different vulnerabilities on that app and we remediate within the app. It's simpler. If you have to go to somebody, like a Dev manager and ask him, "Hey, how many thousands of lines of code does your application have?" he will be taken aback. He'll probably say, "I don't know." It's difficult to cost-segregate and price things in that kind of model. But if, like with Contrast, they say, "Hey, your entire application — however big it is, we don't care. We're just going to use one license," that is simpler. This type of license model works better for us.
Download Free Report
Download our free Application Security Tools Report and find out what your peers are saying about Contrast Security, Veracode, HCL, and more! Updated: October 2022.
DOWNLOAD NOW
635,987 professionals have used our research since 2012.