Contrast Security Assess Pros and Cons

Contrast Security Assess Pros

C. Ray Mallory
Lead Application Security Engineer at FEPOC
What I find most valuable is the fact that we can install the agents onto the web server and then it does the automatic scanning. Every day when I come in, I log into Contrast and I can see the agent reports, real-time, on the vulnerabilities. I can see my list of security vulnerabilities that are immediately reported on a daily basis.
In terms of the costs saved, we had something like 2,000 vulnerabilities — some critical and some high — and I don't even know how to put a price on that. Sometimes a vulnerability can end up costing 100 times what it would cost to fix in a development environment. So you can start to calculate what that cost would be, per vulnerability.
View full review »

Contrast Security Assess Cons

C. Ray Mallory
Lead Application Security Engineer at FEPOC
There is room for improvement in the reporting. We're looking for a dashboard. One of the things that I have to do right now is export to Excel spreadsheets to get the management-level view that I need to present to the leadership team. We can do a report on applications within the tool, but as far as management goes, they want to see a high-level view of all the applications.
View full review »
Find out what your peers are saying about Contrast Security, HCL, Veracode and others in Application Security Testing (AST). Updated: May 2020.
419,214 professionals have used our research since 2012.