6/2/2018 Gartner Reprint
https://www.gartner.com/doc/reprints?id=1-4RBB1XO&ct=180216&st=sb 5/23
RASP with its Contrast Protect product, which can be licensed independently or jointly with Assess. Contrast also offers a
central management console, the Contrast TeamServer, which can be delivered as a service or on-premises. Testing does
not require attack data to identify vulnerabilities; rather, it is driven by application test activity, such as QA, executed
automatically or manually.
During the past 12 months, Contrast Security improved its native integration with development and bug-tracking
environments, and added support for additional languages and platform as a service (PaaS). Contrast Security also added
vulnerability autoremediation capabilities.
Contrast is a good fit for organizations pursuing a DevOps methodology and looking for approaches to insert automated,
continuous security testing that's transparent to developers and testers.
Strengths
Cautions
IBM
IBM is a global vendor of IT services and products based in the U.S. IBM provides SAST and DAST desktop tools,
including IBM Security AppScan Source, IBM Security AppScan Standard and an enterprise platform (AppScan
Enterprise). This includes a centralized management console that enables users to import findings from third-party tools.
IBM's cloud services for SAST and DAST (IBM Security Application Security on Cloud). IAST is delivered via the Glassbox
agent in AppScan (AppScan Standard, Enterprise and Cloud), which is free to DAST customers, mobile AST (MAST; IBM
Mobile Analyzer) and SCA offerings (IBM Security Open Source Analyzer [OSA]). For SCA, they license vulnerability and
remediation databases from WhiteSource. IBM also has a partnership with Prevoty for RASP.
Contrast's testing approach is transparent to developers and security specialists, and does not require stand-alone
testing or training. The solution does not require security specialists to run dedicated security tests; instead, the agent
can identify vulnerabilities through normal application execution.
■
Contrast Assess is one of the most broadly adopted IAST solutions and regularly competes in IAST shortlists.■
Clients highly rate the ease of use of the tool and the vendor's support.■
Contrast provides virtual patches of some identified vulnerabilities when licensed with Contrast Protect, for both in-
house and third-party code, until the vulnerability is remediated in underlying code or server configuration.
■
Contrast's solution enables customers to leverage the instrumentation agent to add or enhance security logging,
delivering security analytics for production applications.
■
Contrast Security does not provide traditional SAST or DAST tools or services.■
Even though Contrast Security has expanded its language support, it still offers a limited spectrum, compared with
other AST solutions.
■
Contrast Security does not observe and analyze client-side logic executed in the browser only (for example, JavaScript
or Java applets); therefore, it cannot identify client-side vulnerabilities, such as JavaScript-based Document Object
Model (DOM) XSS.
■
Contrast Security does not provide any human augmentation options, and the passive testing model means that proof
of exploitation is not an option.
■
Contrast can test mobile application back ends, but not the client-side code of the mobile app and does not conduct
behavioral analysis.
■
剩余22页未读,继续阅读
cuanci
- 粉丝: 0
- 资源: 3
我的内容管理
展开
最新资源
- 多模态联合稀疏表示在视频目标跟踪中的应用
- Kubernetes资源管控与Gardener开源软件实践解析
- MPI集群监控与负载平衡策略
- 自动化PHP安全漏洞检测:静态代码分析与数据流方法
- 青苔数据CEO程永:技术生态与阿里云开放创新
- 制造业转型: HyperX引领企业上云策略
- 赵维五分享:航空工业电子采购上云实战与运维策略
- 单片机控制的LED点阵显示屏设计及其实现
- 驻云科技李俊涛:AI驱动的云上服务新趋势与挑战
- 6LoWPAN物联网边界路由器:设计与实现
- 猩便利工程师仲小玉:Terraform云资源管理最佳实践与团队协作
- 类差分度改进的互信息特征选择提升文本分类性能
- VERITAS与阿里云合作的混合云转型与数据保护方案
- 云制造中的生产线仿真模型设计与虚拟化研究
- 汪洋在PostgresChina2018分享:高可用 PostgreSQL 工具与架构设计
- 2018 PostgresChina大会:阿里云时空引擎Ganos在PostgreSQL中的创新应用与多模型存储
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
