Contrast Application Security Testing (AST)

Contrast Application Security Testing (AST) is a suite of application security tools that identifies vulnerabilities by monitoring code execution at runtime. The platform uses an agent-based approach to instrument code from within applications, analyzing data flows and control paths to detect security issues such as SQL injection, cross-site scripting, and insecure configurations. The solution includes three main components: Assess for interactive application security testing (IAST), SCA for software composition analysis of third-party libraries and dependencies, and Scan for additional security testing capabilities. The runtime agent provides security insights directly from inside the application, eliminating the need for separate scanning environments. Contrast AST integrates into development workflows and CI/CD pipelines, delivering actionable feedback at each stage of development. The platform maps data flows within applications to accurately identify exploits by analyzing code paths during execution. It provides developers with precise alerts that pinpoint vulnerable lines of code and data flows. The solution includes AI-powered capabilities to auto-generate fixes for critical vulnerabilities. It supports multiple programming languages including Java, .NET, and Python. The platform provides full-stack security assessment covering custom code, third-party applications, and all dependencies. Contrast AST is built on the Contrast Graph, which provides runtime intelligence to build a unified, real-time security model across the application and API security ecosystem. The solution includes automated issue tracking and reporting capabilities to support compliance requirements.