Contrast Security Assess Other Solutions Considered

C. Ray Mallory
Lead Application Security Engineer at FEPOC
Before a tool is brought into the FEPOC, there are a bunch of criteria that it has to meet. It went through our review board. We looked at SonarQube, Checkmarx, and a few others. Most of them were static tools. Contrast was the only IAST tool. I don't recall if any DAST tools were on the list, but we wanted something that did not have a steep learning curve. We wanted something that was easy to set up and get running fairly quickly without causing an impact to our release cycles. We really weren't keen on code freezes and having to scan the code. And then, while we would be parsing through the reports, the developers would still be building code and by the time we would get the reports to them, it might be outdated. We really weren't looking forward to that type of methodology. Contrast gave us an ultimate methodology that worked with some of our goals and objectives. View full review »
Find out what your peers are saying about Contrast Security, HCL, Veracode and others in Application Security Testing (AST). Updated: May 2020.
420,062 professionals have used our research since 2012.