Contrast Security today announced the addition of the Contrast Go agent to the Contrast Application Security Platform — the industry’s most comprehensive DevSecOps platform. Contrast virtually eliminates false positives that plague legacy application security testing that approaches security from the outside-in.
Using instrumentation to embed the agent within software, Contrast dramatically reduces security noise resulting from false positives while empowering developers to easily and quickly fix vulnerabilities themselves.
The Contrast platform delivers the industry’s first interactive application security analyzer for Go language applications. Its release is particularly important for organizations seeking to secure application programming interfaces (APIs).
As building APIs is one of the primary uses of Go (done by 74% of developers), organizations previously had to secure and protect these APIs using legacy application scanning solutions. In addition to generating high rates of false positives, these legacy scanning tools missed unknown threats.
The Contrast Go agent performs software composition analysis (SCA) to locate known vulnerabilities while employing integrated analysis that analyzes API runtime to detect unknown vulnerabilities. Additionally, if a new — previously unknown — vulnerability is discovered at a later date, the Contrast DevSecOps Control Center shows which applications are affected.
Read an exclusive interview: CISOs Leverage Innovative Solutions to Rationalize their Cybersecurity Portfolio with Zane West, VP of Cybersecurity, Carousel Industries,
“Extending Contrast platform coverage to include Go applications makes it possible for organizations to dramatically reduce application risk at both test and runtime in ways that were not previously possible,” said Steve Wilson, Chief Product Officer at Contrast Security. “Contrast eliminates false-positive security alerts that plague legacy application security approaches. These inundate security teams with alerts that pose no risk and bog down development release cycles. For applications in Go, a better alternative did not exist until now. The Contrast Go agent detects only those vulnerabilities that matter while making it simple and fast for developers to remediate vulnerabilities on their own.”
Contrast enables organizations to address vulnerabilities in both custom and open-source code in Go applications. The integrated analysis approach of Contrast weaves sensors into an application to trace data flow and improve the accuracy and quality of vulnerabilities found — for everything from path traversal to injection attacks.
The Contrast Go agent works by source rewriting to add fail-safe entry-exit sensors to different methods based on what they do. The impact to performance is low and only impacts test environments rather than production deployments. At build time, the composition analysis takes only a couple of seconds to surface results.
Contrast’s unique approach supports security testing as well as delivers active protection of applications in production environments with very little performance impact while providing tremendous risk-reduction benefits. The release of Go support in the Contrast Application Security Platform extends Contrast’s already extensive language support that includes Java, .NET, Node.js, Ruby, and Python.