# Contrast Security Reviews **Vendor:** Contrast Security **Category:** [Interactive Application Security Testing (IAST) Software](https://www.g2.com/categories/interactive-application-security-testing-iast) **Average Rating:** 4.5/5.0 **Total Reviews:** 49 ## About Contrast Security Contrast Security is the global leader in Application Detection and Response (ADR), empowering organizations to see and stop attacks on applications and APIs in real time. Contrast embeds patented threat sensors directly into the software, delivering unmatched visibility and protection. With continuous, real-time defense, Contrast uncovers hidden application layer risks that traditional solutions miss. Contrast’s powerful Runtime Security technology equips developers, AppSec teams and SecOps with one platform that proactively protects and defends applications and APIs against evolving threats. ## Contrast Security Pros & Cons **What users like:** - Users value the **accuracy of findings** from Contrast Security, ensuring greater precision in identifying vulnerabilities. (2 reviews) - Users value the **accuracy of results** from Contrast Security, benefiting from precise vulnerability monitoring and analysis. (2 reviews) - Users commend the **real-time vulnerability detection** of Contrast Security, appreciating its quick feedback and agile support. (2 reviews) - Automated Scanning (1 reviews) - Automation (1 reviews) - Automation Testing (1 reviews) - Customer Support (1 reviews) - Users commend the **real-time vulnerability detection** of Contrast Security, appreciating its quick turnaround and excellent support. (1 reviews) - Ease of Use (1 reviews) - Insightful Analysis (1 reviews) **What users dislike:** - Complex Setup (1 reviews) - Difficult Setup (1 reviews) - Users experienced **performance issues** with Contrast Security, particularly with Java applications, but found support helpful in resolving them. (1 reviews) - Problematic Updates (1 reviews) - Setup Complexity (1 reviews) - Setup Difficulty (1 reviews) - Slow Performance (1 reviews) - Update Issues (1 reviews) ## Contrast Security Reviews ### 1. Shift-Smart with Contrast **Rating:** 5.0/5.0 stars **Reviewed by:** Kiran S. | Enterprise (> 1000 emp.) **Reviewed Date:** August 17, 2023 **What do you like best about Contrast Security?** Contrast allows us to test an application during the run-time, which reduces the number of false positives we have to deal with in traditional SAST scans. The IAST testing combines SAST and DAST into one while identifying the issues in open-source libraries and custom code. The Integrations are easy and don't consume more system resources to run the agent. The Sales, TAM, management, and Support team has the customer-first approach; their support is amazing they cater to your needs. **What do you dislike about Contrast Security?** Language Support in IAST is a bit slow and manageable, but handling legacy applications is tough without having to scan some old versions of programming languages if they could expand their language support and have backward compatibility, that would be great. **What problems is Contrast Security solving and how is that benefiting you?** Securing our application in Run-time is a huge advantage, while developers can remediate the vulnerabilities during the development phases. Their platform provides us the 360 visibility and security for our application, which is a key business problem for any fin-tech company. ### 2. Contrast Security makes application security simple **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Higher Education | Mid-Market (51-1000 emp.) **Reviewed Date:** August 23, 2023 **What do you like best about Contrast Security?** Contrast makes understanding vulnerabilities easy. For every vulnerability found in custom code, there is an answer to what the vulnerability is, why it is a risk, and how to fix the vulnerability. It is also great at identifying libraries used within the application and the potential vulnerabilites for each library. **What do you dislike about Contrast Security?** Although Contrast is great at identitfying libraries, the default scoring for the libraries can be very particular. It can make developers feel discouraged seeing an F score because the library is a version behind. There is a way to change the scoring to only look at associated vulnerabilities, but there is still a benefit to seeing libraries that are behind on updates. **What problems is Contrast Security solving and how is that benefiting you?** With Contrast's IAST product we are able to see vulnerabilities at runtime and it reduces the amount of false positives that we see with other tools. Communication with development teams has improved because the breakdown of vulnerabilities is so clear. ### 3. A complete and useful security tool **Rating:** 5.0/5.0 stars **Reviewed by:** Natasha M. | Enterprise (> 1000 emp.) **Reviewed Date:** August 10, 2023 **What do you like best about Contrast Security?** It has a great product portfolio, besides the backend code analysis there's also a front end analysis for popular frameworks such as react or angular. Also it has a configuration for the pipelines, a lot of products doesn't have all in one **What do you dislike about Contrast Security?** It will be really useful to get some kind of log for the vulnerabilities that were closed as remediated/fixed/not a problem to know why contrast reopened them as resported status **What problems is Contrast Security solving and how is that benefiting you?** Contrast is helping us to go deeper on the pentesting activities, to find vulnerabilities that cannot be seen by just assesing the front end, it helps us to find CVEs on the application libraries and insecure code in the back end ### 4. Contrast Security Testing in Real-Time **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Logistics and Supply Chain | Enterprise (> 1000 emp.) **Reviewed Date:** August 08, 2023 **What do you like best about Contrast Security?** Contrast Security is a very agile security service product provider, they listen to customers and react quickly to customer's feedback, and release often to address issues. Support is excellent to work with when issue comes up. Contrast security platform enables realtime security testing with quick turn around on vulnerability findings, it is also capable of doing WAF functions to protect application in real-time. **What do you dislike about Contrast Security?** Not much negtive things could be said regarding Contrast Security as a whole. There are still some security risk categories are not comvered under Assess evaluation process, it could be mainly due to that it is installed behind firewall. Also the Protect module does not cover certains type of attacks. As they continue to enhance/improve they product, will expect more to be covered. **What problems is Contrast Security solving and how is that benefiting you?** Security testing via real-time traffic will be accurate in security evaluation, the Assess has good visibilities to vulnerabilites on application side. Also protection could block attacks as requests come in. ### 5. Dev Focused IAST Tool that helps you shift left in your security testing **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Medical Devices | Enterprise (> 1000 emp.) **Reviewed Date:** August 04, 2023 **What do you like best about Contrast Security?** Automation options and accuracy of vulnerabilities, easy to integrate with all of our dev ops tools, and amazing level of support documentation and knowledge. The team is always willing to help when we are stuck on any issues impacting our service. **What do you dislike about Contrast Security?** Some SCA options are weakly implemented. I also dislike the fact that contrast does not have a SAST option for my front end UI code available. Contrast can also benefit from some strong analystics options built into Team center UI for my team to glean better insights into our application security program. **What problems is Contrast Security solving and how is that benefiting you?** We are able to reduce our time to discover and remediate new security bugs in our code. The SCA feature allows us to better assess the true risk of a CVE by telling us if the method is called and the code is actually being used in third party libraries. This reduces our need to patch everything immediately upon discovery of new CVEs. We are able to empower our devs to resolve all issues quickly without too much hand holding by the security team. ### 6. Contrast Security is manageable **Rating:** 5.0/5.0 stars **Reviewed by:** Slobodan O. | Advisor, Food & Beverages, Enterprise (> 1000 emp.) **Reviewed Date:** October 20, 2023 **What do you like best about Contrast Security?** The default scoring, for libraries sometimes be discouraging. There are some security risk categories that are not covered I have noticed that the product keeps improving. There is room for improvement in terms of SCA options and UI functionalities. **What do you dislike about Contrast Security?** The absence of alerts also limits our ability to proactively solve security threats. Navigating through the interface is difficult for users. **What problems is Contrast Security solving and how is that benefiting you?** Contrast Security has transformed our cybersecurity approach. It continuously monitors our applications in time and identifies vulnerabilities promptly. It automates security testing and removes the necessity, for code reviews. ### 7. Effective Tool **Rating:** 5.0/5.0 stars **Reviewed by:** Danielle H. | Enterprise (> 1000 emp.) **Reviewed Date:** August 14, 2023 **What do you like best about Contrast Security?** The most helpful features of contrast security would be real time protection and its accuracy. Our company really benefits from the continuous security monitoring and protection during runtime as well as the high accuracy rate of detecting vulnerablities **What do you dislike about Contrast Security?** The only downside I can think of is the amount of false positive/negatives. **What problems is Contrast Security solving and how is that benefiting you?** Hybrid testing... monitor our applications inner working. Accessing HTTP requests/responses and call stacks. Contrast Protect.. runtime protection is very important to the security of our applications ### 8. Contrast is a powerful tool. **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Insurance | Enterprise (> 1000 emp.) **Reviewed Date:** August 11, 2023 **What do you like best about Contrast Security?** Contrast has a great breadth of technologies on offer. The insights that the tools provides are in depth, but also explain everything simply. When looking at vulnerabilities that were found, it is very easy to trace what has happened. **What do you dislike about Contrast Security?** Contrast is a bit hard to implement in our environment. We were forced to use a deprecated package due to our environment being a bit outdated. The licensing with the RASP solution is not what we initially thought when purchasing the product. **What problems is Contrast Security solving and how is that benefiting you?** Contrast is helping us identify vulnerabilities that are presenting themselves during the running of an application through IAST, while RASP is helping us to block attacks, and see what avenues attacks are coming through. ### 9. Great Tool for Application Vulnerabilities **Rating:** 4.0/5.0 stars **Reviewed by:** Tharindu M. | Mid-Market (51-1000 emp.) **Reviewed Date:** August 09, 2023 **What do you like best about Contrast Security?** Best service from the support team and tool is accurate enough to hand over to any dev team **What do you dislike about Contrast Security?** UI functionalities are little bit on the down side **What problems is Contrast Security solving and how is that benefiting you?** RASP products help to protect our legacy applications, and IAST provides a better overview of the application vulnerabilities. SCA is also a good way of identifying libraries. ### 10. Contrast Assess and Protect **Rating:** 4.5/5.0 stars **Reviewed by:** Anirudha B. | Enterprise (> 1000 emp.) **Reviewed Date:** August 09, 2023 **What do you like best about Contrast Security?** Ease of use. Customer service. The Contarst Dashboard provides a good view of security posture for your organization. **What do you dislike about Contrast Security?** Contrast Scan tool needs to be improved. The scan has limited language and framework support. **What problems is Contrast Security solving and how is that benefiting you?** Contrast Security allows us to control the quality of software getting deployed to Production from a Security view point. ### 11. Great Experience with Contrast Products **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Food & Beverages | Mid-Market (51-1000 emp.) **Reviewed Date:** August 11, 2023 **What do you like best about Contrast Security?** I like that it is very easy to implement and use, they are always looking for improvements to their platform. Sales and support staff always have a great sense of support. **What do you dislike about Contrast Security?** over the last year we had one or two web service outages.They can improve the documentation of the products, how to solve problems, integrations, route coverage. **What problems is Contrast Security solving and how is that benefiting you?** The need to acquire Contrast was to improve the security of our CICD for web applications. Contrast has added great value to the security of our applications in the company. ### 12. Security and compliance of our applications **Rating:** 5.0/5.0 stars **Reviewed by:** Sibila D. | Consulting, Small-Business (50 or fewer emp.) **Reviewed Date:** October 09, 2023 **What do you like best about Contrast Security?** Contrast Security provide language support is a bit slow, on occasion.It is customized to prioritize vulnerability detection. **What do you dislike about Contrast Security?** The interface of Contrast Security sometimes is cluttered making it difficult to navigate and locate information. This platform improves from a intuitive design that enhances user experience. **What problems is Contrast Security solving and how is that benefiting you?** They have solved our application security difficulties by providing vulnerability detection and protection. ### 13. Contrast does a great job in finding Code and Open Source Vulnerabilities during runtime, **Rating:** 3.0/5.0 stars **Reviewed by:** Pankaj K. | Enterprise (> 1000 emp.) **Reviewed Date:** August 08, 2023 **What do you like best about Contrast Security?** Contrast does a great job in finding Code and Open Source Vulnerabilities during runtime, Contrast automatically reduces false positives **What do you dislike about Contrast Security?** Contrast Reporting features and Protect Configuration Performance Issues being reported. **What problems is Contrast Security solving and how is that benefiting you?** Primarily to find application Vulnerabilities at runtime and integrating it with Development process ### 14. Contrast Security RASP Tool **Rating:** 5.0/5.0 stars **Reviewed by:** Neil K. | Enterprise (> 1000 emp.) **Reviewed Date:** August 09, 2023 **What do you like best about Contrast Security?** Customer Support and Assistance. Also the Product **What do you dislike about Contrast Security?** Still there's nothing to dislike about the product **What problems is Contrast Security solving and how is that benefiting you?** Identify Legacy system vulneraiblties and remetiate the vulnerabilties. Also to support the developers with more insight on the thier applications and code basee ### 15. Contrast Assess (IAST) has provided us with valuable findings that complement SAST results. **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Medical Devices | Enterprise (> 1000 emp.) **Reviewed Date:** August 07, 2023 **What do you like best about Contrast Security?** Constant analysis which provides real-time feedback on deployed code changes during testing. The stack trace on vulnerabilities. SCA findings are thorough. Developers can set their own notifications when vulnerabilities are found. **What do you dislike about Contrast Security?** Reporting is not quite as robust as desired. Deploy agent updates requires constant attention. **What problems is Contrast Security solving and how is that benefiting you?** Contrast Assess identifies vulnerabilities that might be overlooked by SAST alone. It serves as an excellent complement to SAST and offers an extra layer of assurance in the quality of released code. ### 16. Best bang for your buck as it is better at many various types of security tools. **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Insurance | Enterprise (> 1000 emp.) **Reviewed Date:** August 02, 2023 **What do you like best about Contrast Security?** Innovative as it finds more accurate findings and helps automate remediation. It also has a RASP that is a lot better than getting stuck with an "O day". **What do you dislike about Contrast Security?** Needs to continue to innovate and stay on the cutting edge. **What problems is Contrast Security solving and how is that benefiting you?** Accuracy, way ahead of the pack. Ability to integrate to the pipeline Ability to do multi area focus (serverless, SCA, SAST) on top of initial primary focus. And it does them well. ### 17. The ultimate solution for securing your application **Rating:** 4.0/5.0 stars **Reviewed by:** Arik B. | VP Finance & Operations, Mid-Market (51-1000 emp.) **Reviewed Date:** March 13, 2023 **What do you like best about Contrast Security?** My favorite features of Contrast Security are its convenient interface and how quickly it spots possible security hazards in my code. The platform's capacity to be scaled for projects of any size is something else I value. **What do you dislike about Contrast Security?** The biggest problem I have with Contrast Security is that it doesn't integrate with some of the software applications I frequently use. The platform can be challenging to use at times, despite its effectiveness in spotting possible security risks. **What problems is Contrast Security solving and how is that benefiting you?** The peace of mind I get from using it and understanding that my tasks are secure is one of the primary advantages. The platform's convenient interface makes it simple to use in my daily routine, and it is extremely effective at spotting possible security risks. ### 18. Contrast is a good product and good service **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Insurance | Enterprise (> 1000 emp.) **Reviewed Date:** August 06, 2023 **What do you like best about Contrast Security?** Contrast designed to work directly with Engineer/Developer **What do you dislike about Contrast Security?** Open vulnerabilities auto disappear from Contrast Dashboard after a period of time (90 days or so) although the vulnerability is not fixed yet **What problems is Contrast Security solving and how is that benefiting you?** Detect external facing application vulnerabilities ### 19. Broad Support For Multiple Technologies **Rating:** 5.0/5.0 stars **Reviewed by:** Efrain R. | Global Enterprise Architect , Enterprise (> 1000 emp.) **Reviewed Date:** March 02, 2023 **What do you like best about Contrast Security?** Feature complete with growing support for most industry used lenguages. Very low false positives & Guidance on how to fix the vunerabilities. **What do you dislike about Contrast Security?** License structure seems to be very clear on contract but inside the tool you have to deal with different entitlements. **What problems is Contrast Security solving and how is that benefiting you?** We needed low false positive solution that allowed our develepers to step up their secure dev practices. Now they can get early alerts on real stuff that needs to be fixed. ### 20. Contrast is a Very good Application **Rating:** 4.5/5.0 stars **Reviewed by:** Anthony C. | Enterprise (> 1000 emp.) **Reviewed Date:** August 08, 2023 **What do you like best about Contrast Security?** UI Vulnerability IDentification Applications Support **What do you dislike about Contrast Security?** Reporting, Reporting, Reporting, Reporting pieces **What problems is Contrast Security solving and how is that benefiting you?** We have several tools, but Contrast provides another view to see vulnerabilites and the different paths provided. ### 21. Contrast Security works great for SAST and DAST security scanning **Rating:** 4.5/5.0 stars **Reviewed by:** Willie H. | Lead Network Automation Architect/Developer, Small-Business (50 or fewer emp.) **Reviewed Date:** February 28, 2023 **What do you like best about Contrast Security?** Contrast integrated well with our CI/CD pipeline using Travis. It was also great for scanning libraries used by our code. The reports from the scan were very informative. And you could even get email reports about any new attacks or vulnerabilities. **What do you dislike about Contrast Security?** The contrast agent has to be added to your application. This initially caused performance issues, especially on Java applications. Thankfully, we worked with Contrast to address those issues. **What problems is Contrast Security solving and how is that benefiting you?** Scanning stale libraries for vulnerabilities, detecting any security attacks, and static code analysis to improve the security of our code. ### 22. Review of Contract Security **Rating:** 4.0/5.0 stars **Reviewed by:** Sriranga Narasimha Gandhi A. | Fortress of Security - Strategic Architecture Leader, Small-Business (50 or fewer emp.) **Reviewed Date:** February 28, 2023 **What do you like best about Contrast Security?** Contract Security protects both perimeter controls such as DDoS, Intrusions and malicious behaviour from perimeter, secures end point via its scanning engine, whitelists the allowed countries. **What do you dislike about Contrast Security?** Nothing much as such but the build process needs a bit of stabilization. Also the customer service needs to be improved. Overall the process needs to be optimised. **What problems is Contrast Security solving and how is that benefiting you?** All application related security challenges of the code such as static code tests or dynamic code reviews will be solved by Contrast Security. It helps both static code analysys and dynamic code analysis ### 23. Contrast Works well once it is configured well **Rating:** 3.5/5.0 stars **Reviewed by:** Patrick V. | Enterprise (> 1000 emp.) **Reviewed Date:** February 28, 2023 **What do you like best about Contrast Security?** Contrast's detection's of vulns are the best because they can point to exactly the line of code without having the count of false positives of other tools. **What do you dislike about Contrast Security?** Contrast's licensing and inventory system can be clunky if your application has micro-services **What problems is Contrast Security solving and how is that benefiting you?** Vulnerability testing that is managed by devs ### 24. Shift Smart with Contrast **Rating:** 5.0/5.0 stars **Reviewed by:** Vinod N. | Mid-Market (51-1000 emp.) **Reviewed Date:** February 28, 2023 **What do you like best about Contrast Security?** Detect and block run-time attacks on known and unknown code vulnerabilities with greater precision Resolve security vulnerabilities on multi-cloud serverless functions platforms Test and protect third party, open-source code moving through your software supply chain **What do you dislike about Contrast Security?** no as of now, I need for Java, Python and scala it supporting all. **What problems is Contrast Security solving and how is that benefiting you?** Harden your stack against zero-day exploits like Log4j2 and Text4Shell without developer interruption. Find and fix in real-time the vulnerabilities that matter in your code with the lowest false positive rate in the industry ### 25. Contrast support you in achieving product value **Rating:** 4.5/5.0 stars **Reviewed by:** Ian T. | Enterprise (> 1000 emp.) **Reviewed Date:** February 28, 2023 **What do you like best about Contrast Security?** They have a great product, backed by a strong team who will work with you to get the maximum value **What do you dislike about Contrast Security?** No complaints! I've encountered zero issues **What problems is Contrast Security solving and how is that benefiting you?** Giving our developers a tool that helps team to build secure applications from the get go ### 26. Great Service and Product **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.) **Reviewed Date:** August 09, 2023 **What do you like best about Contrast Security?** Contrast let's us monitor vulnerability accurately by application and also gives serverity of related vulnerabilities. **What do you dislike about Contrast Security?** There isn't anything I dislike about Contrast Security. **What problems is Contrast Security solving and how is that benefiting you?** Keeping track of the vulnerabilities and providing us with alerts of attacks. ### 27. My experience with Contrast Security **Rating:** 4.5/5.0 stars **Reviewed by:** Sri Harsha G. | Small-Business (50 or fewer emp.) **Reviewed Date:** March 02, 2023 **What do you like best about Contrast Security?** It help organizations identify and remediate vulnerabilities in their software applications, thereby improving their overall security posture. Some of the key features of their solutions include real-time vulnerability detection, precise attack visibility, and seamless integration with DevOps processes. These features can be useful for organizations that prioritize security in their software development lifecycle. **What do you dislike about Contrast Security?** Nothing much. Everything was good but the accuracy can further be improved. **What problems is Contrast Security solving and how is that benefiting you?** Application security testing ### 28. Engineering Manager , I have full visibility across cybersecurity, vulnerability, devices protection **Rating:** 4.0/5.0 stars **Reviewed by:** Rushi N. | Small-Business (50 or fewer emp.) **Reviewed Date:** March 29, 2023 **What do you like best about Contrast Security?** learning to understand the PROS/CONS but contrast security had some goodies for enteprise companies like us . **What do you dislike about Contrast Security?** Need to run POC to identify the product details **What problems is Contrast Security solving and how is that benefiting you?** runtime application security layer 01, layer 02 (code scan/code approvals) ### 29. Contrast Review **Rating:** 3.5/5.0 stars **Reviewed by:** Idan A. | Enterprise (> 1000 emp.) **Reviewed Date:** March 02, 2023 **What do you like best about Contrast Security?** Good findings, relatively to other SAST/DAST solutions has lower false positive alerts **What do you dislike about Contrast Security?** Although it has relatively to SAST/DAST solutions lower number of false positive alerts, it is still a lot of false positives **What problems is Contrast Security solving and how is that benefiting you?** It helps me to scan services that I don't have the capacity to test manually ### 30. It was easy to use **Rating:** 4.5/5.0 stars **Reviewed by:** Mohan K. | Mid-Market (51-1000 emp.) **Reviewed Date:** March 02, 2023 **What do you like best about Contrast Security?** I like how it is easily integrated to our system **What do you dislike about Contrast Security?** I would like to be able to have more control during deployment phase **What problems is Contrast Security solving and how is that benefiting you?** Contrast security helped to track down any vulnerabilities that we may have in code ### 31. best IAST of the market **Rating:** 4.0/5.0 stars **Reviewed by:** MATTHIEU M. | Mid-Market (51-1000 emp.) **Reviewed Date:** March 02, 2023 **What do you like best about Contrast Security?** the IAST and the flow map part to trigger seurity bugs **What do you dislike about Contrast Security?** To add a taint analysis and solution for route coverage **What problems is Contrast Security solving and how is that benefiting you?** The IAST that we use is to complete the coverage scan with our SAST and DAST ### 32. great tool with a little bit of false positives **Rating:** 3.5/5.0 stars **Reviewed by:** Tomer P. | Application Security engineer, Enterprise (> 1000 emp.) **Reviewed Date:** March 01, 2023 **What do you like best about Contrast Security?** easy integration the support is very responsive **What do you dislike about Contrast Security?** false positives support in ruby/scala isnt the best getting logs is a bit annoying **What problems is Contrast Security solving and how is that benefiting you?** we are using contrast as an IAST and began with coverage for all our repos ### 33. Full secured feeling **Rating:** 5.0/5.0 stars **Reviewed by:** Rameshwar K. | Senior Technical Lead, Small-Business (50 or fewer emp.) **Reviewed Date:** March 02, 2023 **What do you like best about Contrast Security?** All the security features which makes me more productive. **What do you dislike about Contrast Security?** It sometimes makes the system very slow but that is ok. **What problems is Contrast Security solving and how is that benefiting you?** Application runtime security is what I am least bothered. ### 34. Best and fast security scanner **Rating:** 4.0/5.0 stars **Reviewed by:** D Santhosh K. | Data Engineer, Retail, Enterprise (> 1000 emp.) **Reviewed Date:** March 02, 2023 **What do you like best about Contrast Security?** It's free to some extent Fast then most security scanners **What do you dislike about Contrast Security?** Nothing other than the learning and usage curve **What problems is Contrast Security solving and how is that benefiting you?** No intervention in the GitHub Actiosn CI/CD pipeline ### 35. IAST tool that will boost your Application Security Programme **Rating:** 4.5/5.0 stars **Reviewed by:** Aggelos K. | Technical Security Manager, Enterprise (> 1000 emp.) **Reviewed Date:** November 19, 2021 **What do you like best about Contrast Security?** The tool is straightforward to use; alerts and errors do not overpower developers during the Coding phase. The experience of Security Analyst, Developer, and Management is very positive. The reports against Standards (OWASP Top 10 and PCI) are very convenient for audits allowing for better efficiency. **What do you dislike about Contrast Security?** I have not been able to identify a feature that does not help the organization achieve the results aimed when implementing the solution. The features on the roadmap, along with the ones already in place, offer a complete suite that leaves no room for disliking. **Recommendations to others considering Contrast Security:** Try Contrast out! Easy setup for a PoC and very flexible to adjust to your environment to get a quick glimpse and results **What problems is Contrast Security solving and how is that benefiting you?** Our main Customer-facing applications are checked for vulnerabilities against widespread threats (OWASP Top 10). Checking the production version of our applications allows for identifying and resolving actual exploitable vulnerabilities in our Environment. Additionally, due to the level of detail on how to fix section, we train our Software Engineers boosting the security by design culture we have in mind. ### 36. Solid option for IAST scanning within certain languages & public clouds **Rating:** 3.0/5.0 stars **Reviewed by:** Verified User in Hospital & Health Care | Enterprise (> 1000 emp.) **Reviewed Date:** November 24, 2021 **What do you like best about Contrast Security?** Simple UI with solid IAST & SCA scans built into Contrast Assess/OSS product. **What do you dislike about Contrast Security?** Less robust features for .NET-based workloads: Azure functions/serverless not available (only app services), Azure DevOps integrations work but are not intensive, Contrast support are generally less-knowledgeable on .NET environments (optimized for Java & AWS environments). **Recommendations to others considering Contrast Security:** Contrast is easy to use once integrated, but it depends on your development stack. Contrast is heavily-optimized towards Java and AWS workloads/environments but are creating more and more in the .NET and Azure fields as well. Unfortunately for my client, they are heavily .NET and Azure-based so some features are not available at the time of this review. If you are looking for an IAST, SCA, RASP option, Contrast is solid. **What problems is Contrast Security solving and how is that benefiting you?** Implementing DevSecOps initiatives for a large health care client. Building Assess & OSS into pipelines & app service scans are helpful feedback loops for our dev teams. This project is the first time our client has prioritized this sort of work and the client is very excited to have security more baked-in to the development lifecycle. ### 37. Application Security Testing at scale. **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.) **Reviewed Date:** September 30, 2021 **What do you like best about Contrast Security?** The tool helps find high-quality security vulnerabilities at the speed of DevOps. "Fail fast, fail often" at the requirement of daily changes to the application landscape. Traditional SAST and DAST tools struggle to keep up with the rate of change and cause more noise than acceptable. Contrast Security helped us reach our goal of coverage without the hassle of the terrible signal-to-noise ratio common to other application security tools. **What do you dislike about Contrast Security?** The main struggle that is inherit with this style of tool is the agent. However, it's unclear how you could have the best of both worlds without it. **What problems is Contrast Security solving and how is that benefiting you?** see "What do you like best?" ### 38. Less Noise, More Security, Room to Improve **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Hospital & Health Care | Enterprise (> 1000 emp.) **Reviewed Date:** October 05, 2021 **What do you like best about Contrast Security?** I like the proprietary way in which it scans for vulnerabilities compared to some of the traditional application scanning tools we use/used. Noise is the number one issue we hear from our engineers, and Contrast is really good at reducing the noise and focusing on actual vulnerabilities. The team we have been working with at Contrast has also been very helpful and responsive. It comes with a really good reporting solution out of the box, even though we use our own vulnerability aggregation solution. **What do you dislike about Contrast Security?** The biggest thing we are dealing with on Contrast is code coverage. We currently his a much smaller code coverage than what you would see with a traditional SAST or SA scanning solution. We need to figure out a better way to increase that coverage to reduce the amount of risk that we are trying to employ with these new security test methods. **What problems is Contrast Security solving and how is that benefiting you?** The problems we are solving is stated above in what I like about the solution. We are reducing the noise that is a part of traditional security scanning solutions and offering actual vulnerabilities for development teams to focus on. With less noise, this allows our team to work closer with our Engineers on being security analysts and not tool administrators. We are still in the process of rolling out at a larger scale, so some of the benefits are still being measured. ### 39. "Gives the guidance and learning to developers to improve security of application" **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Telecommunications | Enterprise (> 1000 emp.) **Reviewed Date:** October 04, 2021 **What do you like best about Contrast Security?** -Technology used to detect the vulnerabilities, the way it's presented along with complete tracing, guidance for teams to learn about the vulnerability and associated risk are plus. -Another great advantage is giving visibility into route coverage which helps to identify the route's that not exercised or having high number of vulnerabilities, but please note that it's not supported for all Java frameworks. -Ease of implementation, works great for both SDLC/DevOps model. **What do you dislike about Contrast Security?** - Log collection could be improved, for any troubleshooting/debugging require coordination with application teams to set required configuration to collected required logs. Heard that they are changing this approach, looking forward to same. - Integration with systems like JIRA and other ticketing systems have issues. Again in roadmap to fix. - Some of the updates require configuration change at the app end, which is hard to implement as it requires coordination with app teams - very hard to adopt to new enhancements. - Technical support could be improved, slowly seeing the quality of support going down. - For certain frameworks and app servers, vulnerabilities within commercial app server/framework is getting reported - kind of mess if it's one of the unsupported framework. **What problems is Contrast Security solving and how is that benefiting you?** Application Security Testing, visibility into vulnerabilities in both custom code and libraries. ### 40. Great Tool - Easy to setup - Great Support **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Financial Services | Mid-Market (51-1000 emp.) **Reviewed Date:** September 30, 2021 **What do you like best about Contrast Security?** As an administrator, the tool being saas, I do not have to worry about the server and I just need to take care of the agents. Installation is easy and the configuration is not much harder. The documentation is well written and you will usually find what you need. For the maintenance, on some machines, I periodically update the agent, which is as simple as executing the installer. In the CI build, with docker image, I always fetch the latest version. For the developer, they get a warning in our security slack channel when something in their code needs to be "improved". Support has always been stellar when I needed them for clarification. **What do you dislike about Contrast Security?** There is nothing I dislike about that tool. It does the job we bought it for, in the background, with minimal maintenance. **Recommendations to others considering Contrast Security:** Ask them for a demo, try it out on your product. You will be surprised how good it is. **What problems is Contrast Security solving and how is that benefiting you?** The developers get feedback on their code quickly, and they can fix it while it is fresh in their memory. You end up with a better, more secure application. ### 41. No more OWASP errors, it can be done! **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Telecommunications | Mid-Market (51-1000 emp.) **Reviewed Date:** August 11, 2021 **What do you like best about Contrast Security?** Easy to deploy for both cloud and on-prem. Excellent support. Plenty of integration options works with pretty much every development method. Great support team. Real-time overview of CODE quality. **What do you dislike about Contrast Security?** The contrast licensing model has a direct relation with "applications". Every application needs to have a license. However, this model does not fit our organization very well. We develop many microservices within their current licensing setup that requires a lot of licenses, thus could be more expensive than other solutions. During development, our containers tripled in memory size while using Contrast. **Recommendations to others considering Contrast Security:** Please get in contact with your local salesperson and have them set up a proof of concept. **What problems is Contrast Security solving and how is that benefiting you?** The product has an integration with our code development. Testing of the code done during development. Real-time overview of found vulnerabilities Multiple programming languages are supported. ### 42. Innovation in a security product that delivers real change in ways all other products hope for **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Insurance | Enterprise (> 1000 emp.) **Reviewed Date:** August 11, 2021 **What do you like best about Contrast Security?** Contrast delivers easy and fast vulnerability data about our applications (IDE environments) that continues through production with the RASP functionality. **What do you dislike about Contrast Security?** Initial installation is easy and fast, but the integration to the pipeline takes coordination in a large enterprise. **Recommendations to others considering Contrast Security:** Take into consideration the total cost of ownership and all the value available by contrast. **What problems is Contrast Security solving and how is that benefiting you?** Contrast delivers better application telemetry (data flow even, unique) in addition to accurate and verified vulnerability data that includes how to fix code and the line number of the issues. This can be sent to the IDE or to Jira bug tracking queues. We can get this needed info as fast as a developer's sprint operates and there is no more waiting for the security to push the product out to production. With defects or backlogs of old issues, the RASP can neutralize these allowing more time to address them, essentially like giving aireal coverage. ### 43. Great IAST Tool! **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Insurance | Enterprise (> 1000 emp.) **Reviewed Date:** January 13, 2022 **What do you like best about Contrast Security?** I love the API granularity and the passive nature of the scans. Accuracy is also key. Support is great! **What do you dislike about Contrast Security?** Added performance impact when agent is active. **Recommendations to others considering Contrast Security:** Consider a way to abstract UI from Developers **What problems is Contrast Security solving and how is that benefiting you?** We're filling an area of code detection that is critical for accuracy and agility. The benefit is the accuracy and a fortified enviroment. ### 44. Security with DevOps in mind **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Insurance | Enterprise (> 1000 emp.) **Reviewed Date:** August 10, 2021 **What do you like best about Contrast Security?** Contrast Assess provides a clean and intuitive UI for viewing your organization's overall security posture while giving developers continuos real-time vulnerability details for their custom code and libraries, as well as how-to-fix remediation advice. No more packaging and uploading of code or outdated point-in-time scans. Great for letting you know what application routes are vulnerable or those that still need testing. If your app is running, Contrast is testing it. **What do you dislike about Contrast Security?** Like any agent its takes coordination sometimes to install within a corporate framework **What problems is Contrast Security solving and how is that benefiting you?** Because it's in the pipeline, we are discovering and remediating vulnerabilities long before they reach Production. ### 45. Contrast Rocks **Rating:** 4.5/5.0 stars **Reviewed by:** Javier G. | Director of Product Security, Enterprise (> 1000 emp.) **Reviewed Date:** August 11, 2021 **What do you like best about Contrast Security?** It is easy to get useful security information out of Contrast quickly. Easy to onboard and get to exactly where security defects exist in applicaitons. **What do you dislike about Contrast Security?** It can be a little pricey but worth the money. **What problems is Contrast Security solving and how is that benefiting you?** Contrast fills the gap of dynamic analysis in our SDLC. ### 46. Contrast Security for developers **Rating:** 5.0/5.0 stars **Reviewed by:** Jason M. | Directory, Technology & Architecture, Mid-Market (51-1000 emp.) **Reviewed Date:** September 30, 2021 **What do you like best about Contrast Security?** We find the best part of Contrast Security to be the IDE features for developers in real time **What do you dislike about Contrast Security?** No disliked items or issues to report here. **What problems is Contrast Security solving and how is that benefiting you?** Real-time code recommendations to developers ### 47. Contrast ASSESS meets our requirements. **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Automotive | Enterprise (> 1000 emp.) **Reviewed Date:** October 07, 2021 **What do you like best about Contrast Security?** Very detailed information about findings in team server. **What do you dislike about Contrast Security?** nothing, everything is good. we are very satisfied **What problems is Contrast Security solving and how is that benefiting you?** Scanning and analysis of security vulnerabilities of web applications ### 48. Awesome continuous scanning tool with great support **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.) **Reviewed Date:** August 09, 2021 **What do you like best about Contrast Security?** It's a continuous scanning tool. There is no start/end time to pentest and vulnerability management. The security posture of the application is real-time **What do you dislike about Contrast Security?** In my opinion and for my company needs, we don't have a downside **What problems is Contrast Security solving and how is that benefiting you?** Improving the security posture of the application and implementing DevSecOps within the company ### 49. Exceptional IAST product **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Consumer Electronics | Enterprise (> 1000 emp.) **Reviewed Date:** August 09, 2021 **What do you like best about Contrast Security?** The product is amazingly fast as compared to traditional scanning tools. The overall process is straightforward to understand and has tons of integrations to support. **What do you dislike about Contrast Security?** I want Contrast Security to scan the artifacts sitting inside the repositories to help us understand what's going inside the application. **What problems is Contrast Security solving and how is that benefiting you?** It's a big problem to find security vulnerabilities in a complex application. Contrast security makes this job so much easy for us. The whole platform is straightforward as we don't need different products for our security needs. ## Contrast Security Discussions - [What is contrast protect?](https://www.g2.com/discussions/what-is-contrast-protect) - [Is Contrast security SaaS?](https://www.g2.com/discussions/is-contrast-security-saas) - [What is Contrast security tool?](https://www.g2.com/discussions/what-is-contrast-security-tool) - [What does contrast security do?](https://www.g2.com/discussions/what-does-contrast-security-do) - [View Contrast Security pricing details and edition comparison](https://www.g2.com/products/contrast-security-contrast-security/reviews?section=pricing&secure%5Bexpires_at%5D=2026-05-17+07%3A04%3A09+-0500&secure%5Bsession_id%5D=008bfda3-ad37-47f8-94cd-e42e68d71518&secure%5Btoken%5D=5f19bfb89443a1696e2c933d0fa3c39a3ffaade2dc1cbb5eefce83371ce63f95&format=llm_user) ## Contrast Security Features **Administration** - API / Integrations - Extensibility **Administration** - API / Integrations - Extensibility **Performance** - Issue Tracking - Detection Rate - False Positives - Automated Scans **Functionality - Software Composition Analysis ** - Language Support - Integration - Transparency **Threat Detection & Response - Runtime Application Self-Protection (RASP)** - Threat Remediation - Threat Detection - Application Behavior Monitoring - Intelligence and Reporting **Analysis** - Reporting and Analytics - Issue Tracking - Static Code Analysis - Code Analysis **Analysis** - Reporting and Analytics - Issue Tracking - Static Code Analysis - Vulnerability Scan - Code Analysis **Network** - Compliance Testing - Perimeter Scanning - Configuration Monitoring **Effectiveness - Software Composition Analysis** - Remediation Suggestions - Continuous Monitoring - Thorough Detection **Testing** - Command-Line Tools - Manual Testing - Test Automation - Compliance Testing - Black-Box Scanning - Detection Rate - False Positives **Testing** - Manual Testing - Test Automation - Compliance Testing - Black-Box Scanning - Detection Rate - False Positives **Application** - Manual Application Testing - Static Code Analysis - Black Box Testing **Agentic AI - Interactive Application Security Testing (IAST)** - Autonomous Task Execution **Agentic AI - Vulnerability Scanner** - Autonomous Task Execution - Proactive Assistance **Agentic AI - Static Application Security Testing (SAST)** - Autonomous Task Execution ## Top Contrast Security Alternatives - [SonarQube](https://www.g2.com/products/sonarqube/reviews) - 4.4/5.0 (139 reviews) - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) - 4.7/5.0 (773 reviews) - [Dynatrace](https://www.g2.com/products/dynatrace/reviews) - 4.5/5.0 (1,231 reviews)