Leading AppSec provider combines vulnerability testing for custom and third-party code in build, test, production and cloud-native environments
Los Altos, California, March 15, 2022 — Contrast Security (Contrast), the leader in code security that empowers developers to secure as they code, today announced that its Secure Code platform now incorporates blockchain security. software provisioning throughout the development lifecycle, from the developer’s desktop to production systems. The new integration makes Contrast the first platform on the market that enables companies to identify and defend against the biggest risks in their supply chain.
In direct response to the 2021 ransomware attack that shut down the Colonial Pipeline, President Joe Biden’s Cybersecurity Executive Order imposes strict standards for any software sold to federal agencies. More recent zero-day events, such as the log injection vulnerability built into the popular Java Log4j library, have also forced private sector companies to reassess the security of software imported, created, and consumed by developers.
“Together, open source and custom code are the ingredients of the apps that companies build, buy and ship,” said Jeff Williams, co-founder and CTO of Contrast Security. “Testing these software ingredients separately lacks context and leads to both false positives and false negatives. To accurately identify vulnerabilities, organizations must perform security testing on the entire application or integrated API, which reveals how custom code and open source interact.
Contrast integrates Software Composition Analysis (SCA) into each of its security protection and testing solutions, including its Interactive Application Security Testing (IAST), Runtime Application Self-Protection ( RASP) and serverless application security. Integration with Contrast’s Static Application Security Testing (SAST) solution is coming soon. The Contrast Secure Code platform helps companies close security gaps in their software supply chain by:
- Simultaneously test custom and third-party code vulnerabilities in native CI/CD pipelines and cloud-native environments.
- Produce a comprehensive Software Bill of Materials (SBOM) to help benchmark software supply chain risks and respond to regulatory and compliance requests.
- Removed the need to search for fixes for inactive libraries checked out from code repositories by reporting which libraries are actually called at runtime.
- Check for third-party security issues in cloud-native workloads such as serverless functions (e.g. AWS Lambda)
- Protect production applications and APIs from targeted attacks with no patching or code changes required.
Contrast Co-Founder and CTO Jeff Williams is set to participate in a virtual fireside chat with Melinda Marks, Principal Analyst at ESG Research, at 2:00 p.m. EST on Tuesday, April 6, 2022 to discuss how recent events like Log4j have prioritized software supply chain security, the role of SBOMs, and other techniques companies should consider to incorporate secure coding practices for third-party components. To register for the next joint ESG Research and Contrast webinar, please visit https://www.contrastsecurity.com/webinar-esg.
About Contrast Safety
Contrast Security secures the code that global enterprises rely on. It is the most modern and comprehensive code security platform in the industry, removing inefficiencies from security barriers and enabling enterprise developers to write and release code faster. secure app. Integrating code analysis and attack prevention directly into software with instrumentation, the Contrast platform automatically detects vulnerabilities as developers write code, eliminates false positives, and provides context-specific remediation guidance for a easy and fast fixing of vulnerabilities. This enables application and development teams to collaborate more effectively and innovate faster while accelerating digital transformation initiatives. That’s why a growing number of the world’s largest private and public sector organizations trust Contrast to secure their applications in development and extend protection to cloud and on-premises applications in production.