Loading product reviews...

application-security-testing contrast-security All Markets > Application Security Testing

Contrast Security

4.5 out of 5.0 (8 ratings)

Reviews Distribution

5 Stars
4 Stars
3 Stars
2 Stars
1 Star
We don't have any qualitative reviews for this vendor yet


View other vendors in this market
We have aggregated ratings data on Contrast Security but all of our reviewers have opted out of sharing their qualitative review feedback. In certain cases we allow reviewers to withhold their qualitative review feedback from public view, in order to protect their confidentiality.
  • 4 out of 5.0, Reviewed

    Product(s): Contrast Assess IAST, Contrast Protect RASP

    Solid, just don't expect a refined features like integrations w/ JIRA

    Overall Comment

    Core RASP functionality seems to work well. LDAP and JIRA intergrations seems limited right now, but understandable for a relatively new product.


  • 4 out of 5.0, Reviewed

    Product(s): Contrast Assess IAST

    Implemenation was seamless.

    Overall Comment

    Very responsive to support tickets

    What one piece of advice would you give other prospective customers?

    There will be extra set up effort if your applications have unusual configurations

    What do you like most about the product or service?

    Great tool, wealth of information.

    What do you dislike most about the product?

    Issues setting up out of the ordinary application configuration. Agent causes performance issues in some cases.

    What one thing do you wish the vendor did differently?

    I wish support was more inclined to get on a call to resolve issues, instead of emai

    If you could start over, what would your organization do differently?

    Have a training session immediately after set up in Contrast


  • 5 out of 5.0, Reviewed

    Product(s): Contrast Assess IAST, Contrast Protect RASP

    Fast configuration, fast results, and lots of quick wins along the way

    Overall Comment

    Contrast has been easy to work with and very forthcoming with their ability to take suggestions and implement quickly.

    What one piece of advice would you give other prospective customers?

    Talk technical early. All software works great at a marketing level, but when judging different products, get in the weeds. We found too many problems with other software once we took a deep dive. Other products failed the second we realized that scalability and configuration didn't exist. Contrast had an architecture that allows us to grow now and in the future easily.

    What do you like most about the product or service?

    Once configured, it's set and forget. All functional testing is perfect security testing.

    What do you dislike most about the product?

    I wish the product could have a better integration with IDE tooling. This would need to be coupled with a better concept of vulnerabilities found in a master branch of code (the stuff we need to fix immediately) vs vulnerabilities found in a dev branch (stuff we need to fix before merging with master and stuff that AppSec doesn't need to focus on)

    What one thing do you wish the vendor did differently?

    I wish there were other ways to integrate the tool besides as a java agent. This can cause some bad interactions with other java agents that we had to choose between.

    If you could start over, what would your organization do differently?

    Begin with a better understanding of coverage before integrating IAST. we took too long to understand what we were missing with IAST security testing.


  • 4 out of 5.0, Reviewed

    Product(s): Contrast Assess IAST

    Always manage expectations

    Overall Comment

    The vendor was easy to work. I expect issues during rollouts of this type, and this rollout was no different. The ability for the vendor to work us and resolve issues is what drives the willingness to continue with a product. Contrast support staff assisted on some challenging issues while we underwent some underlying technology changes.

    What one piece of advice would you give other prospective customers?

    Understand the deployment model and functionality of the application. We do file processing and as a result have some chatty communication that could be perceived as load testing. Contrast brought this processing to a grind. We also do a lot of JSON processing on the server side and use heavy client side JS. We have very high quality developers (we do security application development). As a result, the findings have been pretty limited. I believe there will still be an ROI of the product by sharing with customers that we have a sound Secure SDLC model.

    What do you like most about the product or service?

    Everyone has been curteous and understanding. I had worked witht the Sales Engineer prevoiusly so I know the quality of people they higher. The product is relatively easy to install and easy to use.

    What do you dislike most about the product?

    Processing the results can be challenging at times.

    What one thing do you wish the vendor did differently?

    I'm pretty happy with the way Contrast has handled things. I wish they would do a slightly better job of asking more detailed architecture questions about the products from a high level. It may have helped us manage expectations for our file processing/authentication. They were open about disabling contrast on load testing machines, but the correlation between load testing and high processing wasn't quite there.

    If you could start over, what would your organization do differently?

    I honestly think we would have held off on the purchase. We had not reached a point internally where we had a grasp of our SDLC deployment methodology and were switching between virtual machine host software as well as creating an internal cloud CI/CD model.

    Integration & Deployment - Overall comment

    We had challenges deploying on-prem. Some was due to our own implementation, others were due to scripts in the installation process. Some of the error messaging was not there.

    1 of 1 peer(s) found this review helpful.


  • 5 out of 5.0, Reviewed

    Product(s): Contrast Assess IAST

    Contrast integrates well with developer tools - provides fast feedback

    Overall Comment

    People we worked with had extensive knowlege of JAVA and OWASP

    What one piece of advice would you give other prospective customers?

    Understand your module configurations.

    What do you like most about the product or service?

    Integration with our developer stack and fast feedback. Also fits well with our our Agile development cycle.

    What one thing do you wish the vendor did differently?

    Some minor feature changes.

    Service & support - overall comment

    Contrast has been very responsive


  • 5 out of 5.0, Reviewed

    Product(s): Contrast Assess IAST

    Great product and great supplier.

    Overall Comment

    Contrast Security is a very hard working customer-focused organization with a superb product. They showed great flexibility to meet the needs of our time zone and processes. The Java IAST product was more accurate and mature than the Node.js product which was very new when we started evaluating it. The Contrast engineers pulled out all the stops to diagnose and resolve issues to get the Node.js product right for us in time.

    What one piece of advice would you give other prospective customers?

    SaaS is quicker and easier to install than on-premises.

    What do you like most about the product or service?

    Speed and accuracy of vulnerability detection right down to the line of code at fault.

    What do you dislike most about the product?

    The version we installed was focused on the application server vulnerabilities only. I'd have liked browser-side vulnerability detection also (for DOM based XSS & HTML5 SQL injection etc.), and believe that is on the near-horizon in the roadmap.

    What one thing do you wish the vendor did differently?

    Stabilized the pricing model.

    If you could start over, what would your organization do differently?

    We should have been quicker in identifying and building environments for the on-premises proof of concept work. There were long delays in gaining official approval to deploy the IAST tool in our estate. This was due to Technical Design Authority concerns about security of the tool which turned out to be unfounded.

    Product capabilities - overall comment

    Within the context of application server-side vulnerability detection, excluding business logic, the product is superb.

    Service & support - overall comment

    Great support every time we asked. We even needed an invoice converted from $ to £ at 4 A.M. USA time and they did it straight away.

    Integration & Deployment - Overall comment

    Initially we had some problems with the Node.js version, but these were resolved within a few days and never troubled us again.


Ratings Overview

1 2 3 4 5
Section
1

Evaluation & Contracting

Overall rating of product evaluation and contract negotiation

(6)
4.8

Ability to understand your organization's needs

(8)
4.3

Timely and complete response to product questions

(8)
4.9

Pricing and contract flexibility (pricing and terms)

(6)
4.5
1 2 3 4 5
Section
1

Integration & Deployment

Overall rating of integration and deployment

(7)
4.1

How long did your deployment take?

0 - 3 months (<3)

I don't know

9 - 12 months (<12)


Availability of quality 3rd-party resources (integrators, service providers, etc.)

(1)
4.0

Ease of integration using standard APIs and tools

(6)
4.0

Quality and availability of end-user training

(3)
3.7

Ease of deployment

(7)
4.3
1 2 3 4 5
Section
1

Service & Support

Overall rating of service and support

(8)
4.6

Did you purchase a support package from the vendor?

Yes

No

I’m unsure


Timeliness of vendor's response

(8)
4.8

Quality of technical support

(8)
4.6

Quality of peer user community

(1)
4.0
1 2 3 4 5
Section
1

Product Capabilities

Overall rating of product capabilities

(7)
4.4

Dynamic AST as a Tool

(2)
4.5

Dynamic AST as a Service

(2)
4.5

Static AST as a Tool

(1)
5.0

Static AST as a Service

(1)
5.0

Interactive AST

(6)
4.7

Enterprise-Class AST

(3)
5.0

Stand-Alone AST

(3)
4.7

WAF/EMM Integration or RASP

(1)
4.0
1 2 3 4 5
Section
1

Additional Context

What was the nature of your involvement?

Application Lead

Rollout and Install

Vendor/Product Selection

Functional Assessment

Technical Assessment

User Training

Vendor Management

Development/Integration

Executive Sponsor

Maintenance and Support

Other...


What other vendors were considered?

Veracode

Checkmarx

Hewlett Packard Enterprise

Immunio

Prevoty

Acunetix

Arxan

Cigital

PortSwigger

Qualys

Synopsys

The Open Web Application Security Project (OWASP)

Virsec

Waratek

Other...


Why did you purchase this product?

Improve compliance & risk management

Create internal/operational efficiencies

Improve business process outcomes

Improve business process agility

Reduce time to market

Drive innovation

Enhance decision making

Cost management

Drive revenue growth


What were the key factors that drove your decision?

Product functionality and performance

Product roadmap and future vision

Strong customer focus

Strong services expertise

Overall cost

Financial/organizational viability

Functional breadth


In which region(s) did your deployment take place?

North America

Europe, Middle East and Africa