Contrast’s platform detects and prevents against OWASP Top Ten risks from development to production with out-of-the-box policy rules and automated compliance reporting
Contrast Security, a leader in modernizing application security, today announced its Contrast Application Security Platform continues to enable organizations to keep up with the rapidly expanding scope of the 2021 Open Web Application Security Project (OWASP) Top Ten categories.
The OWASP Top Ten was developed in 2003 to raise awareness around the biggest application security risks that organizations face. It has since become one of the primary tools used around the world to help organizations prioritize their application security efforts, and it is now used to measure and manage application risk at many organizations. For this year’s Top Ten, there are three new categories, which reflect real emerging threats against applications that organizations need to be aware of. The three new categories include:
- Insecure Design. This risk reflects the awareness that the underlying architecture of an application has a big impact on how secure it is. Many organizations talk about “shifting left,” but they usually don’t mean shifting before coding starts. In contrast, this new category encourages development teams to take time to perform threat modeling and design new applications with architectures that encourage the use of strong, simple, and effective defenses.
- Software and Data Integrity. This risk focuses on protecting the integrity of software across the software development life cycle (SDLC), from the integrated development environment (IDE) through production. This category also covers issues related to data corruption and encourages the use of data integrity techniques.
- Server-Side Request Forgery (SSRF). SSRF risks occur whenever a web application is fetching a remote resource without validating the user-supplied URL. It allows an attacker to coerce the application to send a crafted request to an unexpected destination, often bypassing protections of a firewall, VPN, or another type of network access control list (ACL).
“OWASP did an outstanding job with the research behind the new Top Ten. It was a massive study of more than 500,000 applications using telemetry data provided by 13 application security vendors that included Contrast,” said Jeff Williams, CTO and Co-Founder at Contrast Security. “This release is a big expansion from previous years, and organizations should review their programs to ensure they are keeping pace. The Contrast Application Security Platform is the fastest and most cost-effective way to ensure that you’ve addressed the OWASP Top Ten across your entire application and API portfolio.”
With the release of three new 2021 categories, and significant modifications to some of the existing ones, organizations can leverage the new Top Ten to determine if their application security solution can scale to support the rapidly expanding scope. With the creation of a separate category for Insecure Design, organizations need to heed the underlying architecture of their applications. The Contrast platform is especially helpful here, generating architecture diagrams based on what a running application does—which application security and development teams, in turn, can use to assess their application architecture for optimal secure design. The updated Top Ten also includes an increased emphasis on software supply chain security—which is warranted considering the growing increase in software supply chain attacks. Further, the Contrast platform includes custom-built policy rules for software supply chain such as Dependency Confusion, and unlike most other application security approaches, it extends security and protections from development to production.
The Contrast platform is especially well-suited to enable organizations to manage risks associated with each of the Top Ten categories. Core capabilities include:
- Developer-first automated application security testing across the OWASP Top Ten and many more risks.
- Full open-source security testing for Top Ten vulnerabilities, including runtime exploitability analysis.
- Runtime protection to create production visibility and protect Top Ten vulnerabilities in production from being exploited.
- Dozens of integrations to ensure development and operations teams receive security intelligence about the Top Ten through the tools they already use.
- Automated compliance and reporting across many different standards, including the OWASP Top Ten.
For more such updates and perspectives around Digital Innovation, IoT, Data Infrastructure, AI & Cybersecurity, go to AI-Techpark.com.