The Contrast Application Security Platform is comprised of: 

• Contrast Assess agents monitor code and report from inside the application—enabling developers to find and fix vulnerabilities without involving security experts and without specialized security expertise. 

• Contrast OSS provides critical versioning and usage information and triggers alerts when risks and policy violations are detected. 

• Contrast Protect continuously detects and prevents both known threats and zero-day attacks by leveraging multi-technique precision sensors and dynamic control over the runtime. It offers an instrumentation-based approach that simplifies security deployment and scalability. 

• Contrast Scan utilizes a pipeline-native approach to static analysis application security testing (AST) that eliminates the inefficiencies that delay release cycles. It delivers the fastest, most accurate static scanner available today. 

• Contrast Serverless Application Security delivers developer-friendly security testing that is purpose-built for serverless application development environments.

Key Platform Capabilities 

The Contrast Application Security Platform continuously identifies application vulnerabilities in custom and opensource code—from left in development through release to production. 

ONE DEPLOYMENT 

The Contrast platform offers vulnerability testing as well as protection against attacks in production through a single deployment. It can therefore present a full-stack view of application risk posture. With a single integration point, the Contrast platform delivers true DevSecOps with software composition analysis (SCA), AST, and exploit prevention capabilities using instrumentation across the entire software development life cycle (SDLC). 

DEVSECOPS CONTROL CENTER 

Only Contrast provides a true DevSecOps view of an application (or portfolio of applications) from development to production—including open-source components. Through instrumentation, the Contrast platform provides comprehensive visibility and control of software risk at every level—from a single application or microservice up to team, business unit, or even enterprisewide levels.

 • Policy Assurance and Orchestration allows for enterprisewide reporting, assurance, and benchmarking of application security risk posture. It also helps security teams enforce consistent security policies across the enterprise, on a business unit, on a specific team, or across a portfolio of applications. 

• Runtime Informed Risk Posture affords more accurate and effective vulnerability fixes, without correlating with other systems or requiring security expertise. 

ZERO-DAY DEFENSE 

In production, Contrast monitors runtime data flows to detect the exact moment an attack reaches an application vulnerability. Then, before a breach can occur, it instantly blocks any exploitable runtime events without affecting the application. This includes unknown threats, new variants, and zero-day attacks that often slip past perimeter defenses (e.g., web application firewalls), directly exposing internal application stacks to exploitation.

Contrast’s runtime protection capabilities offer two critical benefits. First, it provides “air-cover” protection against a vulnerability in the application until a patch is released or developers can fix the issue. Second, it discovers and defends against open-source and zero-day exploits that do not have a patch or fix.