Contrast Security (Contrast), a leader in code security that empowers developers to secure-as-they code, today announced it was named a Major Player in the IDC MarketScape: Worldwide Application Security Testing, Code Analytics, and Software Composition Analysis 2022 Vendor Assessment — Coordinating Security and Quality for Resilience and DevSecOps (doc #US47097521, March 2022).
The IDC MarketScape discussed how the company’s technology “leverages binary instrumentation in which sensors are embedded within application servers, runtime and user libraries, and other components for vulnerability and attack detection. Contrast Security’s hybrid approach (combining IAST, SAST, DAST, SCA, and runtime application self-protection [RASP]) enables contextualization, improving execution and the ability for developers to remediate issues while helping decrease the percentage of false positives (according to users with whom IDC has spoken),” according to Melinda-Carol Ballou, research director at IDC. In addition, during the Log4Shell crisis, the collective product capabilities supported Contrast users.
“Contrast’s Access solution identified the underlying log-injection vulnerability while Contrast SCA started reporting vulnerable Log4J versions and Contrast Protect helped prevent harmful behaviors that attackers used to exploit Log4Shell, including untrusted deserialization and expression language injection,” said Ballou in the report. “These combined AST, SCA and RASP efforts helped developers respond quickly.”
Contrast works with global enterprises and their developers to build secure code through the software development process. Contrast takes a unique approach by combining static application security testing (SAST), dynamic application security testing (DAST), interactive application security testing (IAST), and run-time application self protection (RASP) with Software Composition Analysis (SCA). This provides enables contextualization, improving execution and the ability for developers to remediate issues while helping decrease the percentage of false positives.
“We are nowhere near the end of seeing major attacks like Log4J and Spring4Shell,” said Jeff Williams, Co-founder and Chief Technology Officer at Contrast Security. “Hackers will continue to target common open source and free software libraries so enterprises need to invest and leverage Runtime Protection solutions, such as Contrast Protect, to identify weaknesses within their code and defend immediately without patching now.”
IDC MarketScape’s rigorous research methodology looks beyond market share and provides a clear framework comparing the product and service offerings, capabilities and strategies, and current and future market success factors for each vendor. The framework also provides technology buyers with a 360-degree assessment of the strengths and weaknesses of current and prospective vendors. An excerpt of the IDC MarketScape report can be downloaded here.
For more such updates and perspectives around Digital Innovation, IoT, Data Infrastructure, AI & Cybersecurity, go to AI-Techpark.com.