Reseñas y detalles del producto de Contrast Security

el IAST y la parte del mapa de flujo para activar errores de seguridad Reseña recopilada por y alojada en G2.com.

un análisis de contaminación y una solución para la cobertura de rutas Reseña recopilada por y alojada en G2.com.

fácil integración

el soporte es muy receptivo Reseña recopilada por y alojada en G2.com.

falsos positivos

el soporte en ruby/scala no es el mejor

obtener registros es un poco molesto Reseña recopilada por y alojada en G2.com.

Todas las características de seguridad que me hacen más productivo. Reseña recopilada por y alojada en G2.com.

A veces hace que el sistema sea muy lento, pero está bien. Reseña recopilada por y alojada en G2.com.

Es gratis hasta cierto punto

Más rápido que la mayoría de los escáneres de seguridad Reseña recopilada por y alojada en G2.com.

Nada más que la curva de aprendizaje y uso. Reseña recopilada por y alojada en G2.com.

La herramienta es fácil de usar; las alertas y errores no abruman a los desarrolladores durante la fase de codificación. La experiencia del Analista de Seguridad, el Desarrollador y la Gerencia es muy positiva. Los informes contra los Estándares (OWASP Top 10 y PCI) son muy convenientes para las auditorías, permitiendo una mejor eficiencia. Reseña recopilada por y alojada en G2.com.

No he podido identificar una característica que no ayude a la organización a lograr los resultados deseados al implementar la solución. Las características en la hoja de ruta, junto con las que ya están en su lugar, ofrecen un conjunto completo que no deja espacio para el desagrado. Reseña recopilada por y alojada en G2.com.

Simple UI with solid IAST & SCA scans built into Contrast Assess/OSS product. Reseña recopilada por y alojada en G2.com.

Less robust features for .NET-based workloads: Azure functions/serverless not available (only app services), Azure DevOps integrations work but are not intensive, Contrast support are generally less-knowledgeable on .NET environments (optimized for Java & AWS environments). Reseña recopilada por y alojada en G2.com.

The tool helps find high-quality security vulnerabilities at the speed of DevOps. "Fail fast, fail often" at the requirement of daily changes to the application landscape. Traditional SAST and DAST tools struggle to keep up with the rate of change and cause more noise than acceptable. Contrast Security helped us reach our goal of coverage without the hassle of the terrible signal-to-noise ratio common to other application security tools. Reseña recopilada por y alojada en G2.com.

The main struggle that is inherit with this style of tool is the agent. However, it's unclear how you could have the best of both worlds without it. Reseña recopilada por y alojada en G2.com.

I like the proprietary way in which it scans for vulnerabilities compared to some of the traditional application scanning tools we use/used. Noise is the number one issue we hear from our engineers, and Contrast is really good at reducing the noise and focusing on actual vulnerabilities. The team we have been working with at Contrast has also been very helpful and responsive. It comes with a really good reporting solution out of the box, even though we use our own vulnerability aggregation solution. Reseña recopilada por y alojada en G2.com.

The biggest thing we are dealing with on Contrast is code coverage. We currently his a much smaller code coverage than what you would see with a traditional SAST or SA scanning solution. We need to figure out a better way to increase that coverage to reduce the amount of risk that we are trying to employ with these new security test methods. Reseña recopilada por y alojada en G2.com.

-Technology used to detect the vulnerabilities, the way it's presented along with complete tracing, guidance for teams to learn about the vulnerability and associated risk are plus.

-Another great advantage is giving visibility into route coverage which helps to identify the route's that not exercised or having high number of vulnerabilities, but please note that it's not supported for all Java frameworks.

-Ease of implementation, works great for both SDLC/DevOps model. Reseña recopilada por y alojada en G2.com.

- Log collection could be improved, for any troubleshooting/debugging require coordination with application teams to set required configuration to collected required logs. Heard that they are changing this approach, looking forward to same.

- Integration with systems like JIRA and other ticketing systems have issues. Again in roadmap to fix.

- Some of the updates require configuration change at the app end, which is hard to implement as it requires coordination with app teams - very hard to adopt to new enhancements.

- Technical support could be improved, slowly seeing the quality of support going down.

- For certain frameworks and app servers, vulnerabilities within commercial app server/framework is getting reported - kind of mess if it's one of the unsupported framework. Reseña recopilada por y alojada en G2.com.

As an administrator, the tool being saas, I do not have to worry about the server and I just need to take care of the agents. Installation is easy and the configuration is not much harder. The documentation is well written and you will usually find what you need. For the maintenance, on some machines, I periodically update the agent, which is as simple as executing the installer. In the CI build, with docker image, I always fetch the latest version.

For the developer, they get a warning in our security slack channel when something in their code needs to be "improved".

Support has always been stellar when I needed them for clarification. Reseña recopilada por y alojada en G2.com.

There is nothing I dislike about that tool. It does the job we bought it for, in the background, with minimal maintenance. Reseña recopilada por y alojada en G2.com.