DEVOPSdigest

Contrast Security announced Route Intelligence, a new capability for application security.

Legacy application security testing solutions simply point out potential vulnerabilities in application code and are plagued with false positives. This antiquated approach to application security also squanders valuable time associated with manual vulnerability verification. Route Intelligence from Contrast, which is now available as part of Contrast Assess, is a revolutionary and industry-leading solution that combines continuous and accurate assessment with instrumentation-based vulnerability assessment capabilities. When compared to traditional application security approaches, Route Intelligence saves security teams and application development teams massive amounts of time while reducing costs—namely, development teams know exactly what parts of each application have been tested for critical security flaws.

Routes in software are like roads in cities, enabling data to reach the correct destination and powering business logic in the application. Using traditional approaches to application security testing, development teams are unable to determine how much of their application attack surface—that is, how many routes—have been assessed for vulnerabilities. With Route Intelligence, development teams know the full extent of their entire application security posture. Route Intelligence also automates vulnerability remediation verification, obviating a time-consuming, manual process whereby development teams had to engage with multiple teams to verify vulnerability remediation. This saves development teams significant time and resources.

“Security and development leaders want high speed and secure DevOps and digital transformation. A core principle of going fast is finding and fixing important functionality and security flaws early,” said Alan P. Naumann, Chairman of the Board, President, and CEO of Contrast Security. “With Route Intelligence, which is now part of Contrast Assess, our customers can immediately see a comprehensive picture of the entire application attack surface, allowing overstretched development teams to save time and focus their valuable resources. In addition, development and security teams can work from a shared and accurate view, saving hundreds of hours required for vulnerability remediation verification. Route Intelligence is one more game-changer in the application security revolution that Contrast Security is spearheading.”

Because development teams do not have full visibility of the application attack surface when they employ traditional static application security testing (SAST) and dynamic application security testing (DAST) tools, inherent risks reside within the application development and testing environments. Leveraging Route Intelligence, Contrast Assess displaces legacy SAST and DAST tools with a modern platform that combines SAST, DAST, and interactive application security testing (IAST) into one solution. This delivers comprehensive visibility over the entire application attack surface. In addition, traditional approaches to application security testing incur hundreds of development staff hours on manual vulnerability verification. This slows continuous integration/continuous deployment (CI/CD) life cycles.

- Unwavering Confidence. Unlike traditional application security testing approaches that build and scan hypothetical models of source code repositories and result in incomplete attack surface and vulnerability models, Contrast Assess uses patented instrumentation to directly interrogate application frameworks to determine all possible application routes to provide full visibility of the entire application attack surface. In addition, alerts in Contrast eliminate false positives that can hide real problems and hinder remediation activities. Security and development teams, as a result, have full assurances of the thoroughness of the security assessment powered by Contrast Assess.

- Better Visibility. Because of the discovery approach employed by Contrast Assess, developers have a full and complete picture of their entire application attack surface, how much of it has been tested, and what areas require remediation based on identified vulnerabilities. This virtually eliminates vulnerability risk associated with the deployment of compromised application code.

- Additional Automation. Traditional SAST and DAST tools try to solve the problem of coverage and verification of remediation using different techniques but are highly ineffective. Their findings are also extremely inaccurate and peppered with false positives, turning vulnerability verification into a game of Whack-A-Mole. Static scans no longer reflect the true nature of an application’s security posture, as more and more of the application is being loaded dynamically at runtime. By utilizing the application’s runtime behavior, Route Intelligence enables users of Contrast Assess to compare successive security assessment results for each application route to ensure that the vulnerability originally discovered on a route is no longer present. This automated vulnerability remediation verification approach dramatically improves application risk posture while giving back hundreds of hours to development and security teams.