Releases Route Intelligence for App Security
March 18, 2020
Intelligence is a major new capability for application security. Legacy
application security testing solutions simply point out potential
vulnerabilities in application code and are plagued with false
positives. This antiquated approach to application security also
squanders valuable time associated with manual vulnerability
verification. Route Intelligence from Contrast, which is now available
as part of Contrast Assess, is a revolutionary and industry-leading
solution that combines continuous and accurate assessment with
instrumentation-based vulnerability assessment capabilities. When
compared to traditional application security approaches, Route
Intelligence saves security teams and application development teams
massive amounts of time while reducing costs—namely, development teams
know exactly what parts of each application have been tested for
critical security flaws.
Routes in software are like roads in cities, enabling data to reach the
correct destination and powering business logic in the application.
Using traditional approaches to application security testing,
development teams are unable to determine how much of their application
attack surface—that is, how many routes—has been assessed for
vulnerabilities. With Route Intelligence, development teams know the
full extent of their entire application security posture. Route
Intelligence also automates vulnerability remediation verification,
obviating a time-consuming, manual process whereby development teams had
to engage with multiple teams to verify vulnerability remediation. This
saves development teams significant time and resources.
"Security and development leaders want high speed and secure DevOps and
digital transformation. A core principle of going fast is finding and
fixing important functionality and security flaws early," said Alan P.
Naumann, Chairman of the Board, President, and CEO of Contrast Security.
"With Route Intelligence, which is now part of Contrast Assess, our
customers can immediately see a comprehensive picture of the entire
application attack surface, allowing overstretched development teams to
save time and focus their valuable resources. In addition, development
and security teams can work from a shared and accurate view, saving
hundreds of hours required for vulnerability remediation verification.
Route Intelligence is one more game-changer in the application security
revolution that Contrast Security is spearheading."
Because development teams do not have full visibility of the application
attack surface when they employ traditional static application security
testing (SAST) and dynamic application security testing (DAST) tools,
inherent risks reside within the application development and testing
environments. Leveraging Route Intelligence, Contrast Assess displaces
legacy SAST and DAST tools with a modern platform that combines SAST,
DAST, and interactive application security testing (IAST) into one
solution. This delivers comprehensive visibility over the entire
application attack surface. In addition, traditional approaches to
application security testing incur hundreds of development staff hours
on manual vulnerability verification. This slows continuous
integration/continuous deployment (CI/CD) life cycles.
Contrast Assess, powered by Route Intelligence, completely changes
the application security testing model in three ways:
Unwavering Confidence. Unlike traditional application security
testing approaches that build and scan hypothetical models of source
code repositories and result in incomplete attack surface and
vulnerability models, Contrast Assess uses patented instrumentation to
directly interrogate application frameworks to determine all possible
application routes to provide full visibility of the entire application
attack surface. In addition, alerts in Contrast eliminate false
positives that can hide real problems and hinder remediation activities.
Security and development teams, as a result, have full assurances of the
thoroughness of the security assessment powered by Contrast Assess.
Better Visibility. Because of the discovery approach employed by
Contrast Assess, developers have a full and complete picture of their
entire application attack surface, how much of it has been tested, and
what areas require remediation based on identified vulnerabilities. This
virtually eliminates vulnerability risk associated with the deployment
of compromised application code.
Automation. Traditional SAST and DAST tools try to solve the problem of
coverage and verification of remediation using different techniques but
are highly ineffective. Their findings are also extremely inaccurate and
peppered with false positives, turning vulnerability verification into a
game of Whack-A-Mole. Static scans no longer reflect the true nature of
an application's security posture, as more and more of the application
is being loaded dynamically at runtime. By utilizing the application's
runtime behavior, Route Intelligence enables users of Contrast Assess to
compare successive security assessment results for each application
route to ensure that the vulnerability originally discovered on a route
is no longer present. This automated vulnerability remediation
verification approach dramatically improves application risk posture
while giving back hundreds of hours to development and security teams.
"Our research shows growing interest on the part of security teams to
automate application vulnerability discovery and verification of
remediation at development speed," said Doug Cahill, VP and Group
Director of Cybersecurity at ESG. "Transparent visibility across the
entire application development and runtime attack surface is a critical
linchpin for organizations seeking to manage risk effectively."
Route Intelligence is currently available to customers of Contrast