Contrast Security is a very agile security service product provider, they listen to customers and react quickly to customer's feedback, and release often to address issues. Support is excellent to work with when issue comes up.
Contrast security platform enables realtime security testing with quick turn around on vulnerability findings, it is also capable of doing WAF functions to protect application in real-time. Review collected by and hosted on G2.com.
Not much negtive things could be said regarding Contrast Security as a whole. There are still some security risk categories are not comvered under Assess evaluation process, it could be mainly due to that it is installed behind firewall. Also the Protect module does not cover certains type of attacks. As they continue to enhance/improve they product, will expect more to be covered. Review collected by and hosted on G2.com.
48 out of 49 Total Reviews for Contrast Security
Overall Review Sentiment for Contrast Security
Log in to view review sentiment.
Contrast allows us to test an application during the run-time, which reduces the number of false positives we have to deal with in traditional SAST scans. The IAST testing combines SAST and DAST into one while identifying the issues in open-source libraries and custom code. The Integrations are easy and don't consume more system resources to run the agent. The Sales, TAM, management, and Support team has the customer-first approach; their support is amazing they cater to your needs. Review collected by and hosted on G2.com.
Language Support in IAST is a bit slow and manageable, but handling legacy applications is tough without having to scan some old versions of programming languages if they could expand their language support and have backward compatibility, that would be great. Review collected by and hosted on G2.com.
Contrast makes understanding vulnerabilities easy. For every vulnerability found in custom code, there is an answer to what the vulnerability is, why it is a risk, and how to fix the vulnerability. It is also great at identifying libraries used within the application and the potential vulnerabilites for each library. Review collected by and hosted on G2.com.
Although Contrast is great at identitfying libraries, the default scoring for the libraries can be very particular. It can make developers feel discouraged seeing an F score because the library is a version behind. There is a way to change the scoring to only look at associated vulnerabilities, but there is still a benefit to seeing libraries that are behind on updates. Review collected by and hosted on G2.com.
It has a great product portfolio, besides the backend code analysis there's also a front end analysis for popular frameworks such as react or angular. Also it has a configuration for the pipelines, a lot of products doesn't have all in one Review collected by and hosted on G2.com.
It will be really useful to get some kind of log for the vulnerabilities that were closed as remediated/fixed/not a problem to know why contrast reopened them as resported status Review collected by and hosted on G2.com.
Automation options and accuracy of vulnerabilities, easy to integrate with all of our dev ops tools, and amazing level of support documentation and knowledge. The team is always willing to help when we are stuck on any issues impacting our service. Review collected by and hosted on G2.com.
Some SCA options are weakly implemented. I also dislike the fact that contrast does not have a SAST option for my front end UI code available. Contrast can also benefit from some strong analystics options built into Team center UI for my team to glean better insights into our application security program. Review collected by and hosted on G2.com.
The default scoring, for libraries sometimes be discouraging. There are some security risk categories that are not covered I have noticed that the product keeps improving. There is room for improvement in terms of SCA options and UI functionalities. Review collected by and hosted on G2.com.
The absence of alerts also limits our ability to proactively solve security threats. Navigating through the interface is difficult for users. Review collected by and hosted on G2.com.
The most helpful features of contrast security would be real time protection and its accuracy. Our company really benefits from the continuous security monitoring and protection during runtime as well as the high accuracy rate of detecting vulnerablities Review collected by and hosted on G2.com.
The only downside I can think of is the amount of false positive/negatives. Review collected by and hosted on G2.com.
Contrast has a great breadth of technologies on offer. The insights that the tools provides are in depth, but also explain everything simply. When looking at vulnerabilities that were found, it is very easy to trace what has happened. Review collected by and hosted on G2.com.
Contrast is a bit hard to implement in our environment. We were forced to use a deprecated package due to our environment being a bit outdated. The licensing with the RASP solution is not what we initially thought when purchasing the product. Review collected by and hosted on G2.com.
Best service from the support team and tool is accurate enough to hand over to any dev team Review collected by and hosted on G2.com.
UI functionalities are little bit on the down side Review collected by and hosted on G2.com.
Ease of use. Customer service. The Contarst Dashboard provides a good view of security posture for your organization. Review collected by and hosted on G2.com.
Contrast Scan tool needs to be improved. The scan has limited language and framework support. Review collected by and hosted on G2.com.
I like that it is very easy to implement and use, they are always looking for improvements to their platform. Sales and support staff always have a great sense of support. Review collected by and hosted on G2.com.
over the last year we had one or two web service outages.They can improve the documentation of the products, how to solve problems, integrations, route coverage. Review collected by and hosted on G2.com.
