Contrast Security’s Application Security Platform Evolves to Support the Rapidly Expanding Reach of the OWASP Top Ten


LOS ALTOS, California, September 24, 2021 / PRNewswire / – Contrast Security, a leader in application security modernization, today announced that its Contrast Application Security Platform continues to enable organizations to keep up with the rapidly expanding reach of the 2021 Open Web Application Security Project (OWASP) categories Top Ten.

The OWASP Top Ten was developed in 2003 to raise awareness of the greatest application security risks organizations face. It has since become one of the leading tools used around the world to help organizations prioritize their application security efforts, and it is now used to measure and manage application risk in many organizations. For this year’s Top Ten, there are three new categories, which reflect real emerging threats to applications that organizations should be aware of. The three new categories include:

  • Insecure design. This risk reflects the realization that the underlying architecture of an application has a significant impact on its security. Many organizations talk about “shifting to the left,” but that usually doesn’t mean they are shifting until coding begins. On the other hand, this new category encourages development teams to take the time to model threats and design new applications with architectures that encourage the use of strong, simple and effective defenses.
  • Software and data integrity. This risk focuses on protecting software integrity throughout the software development lifecycle (SDLC), from the integrated development environment (IDE) to production. This category also covers issues related to data corruption and encourages the use of data integrity techniques.
  • Server-side request forgery (SSRF). SSRF risks arise whenever a web application retrieves a remote resource without validating the URL provided by the user. It allows an attacker to coerce the application to send a specially crafted request to an unexpected destination, often bypassing the protections of a firewall, VPN, or other type of access control list. network (ACL).

“OWASP has done an outstanding job with the research behind the new Top Ten. This was a massive study of over 500,000 applications using telemetry data provided by 13 application security vendors, including Contrast, ”said Jeff williams, CTO and co-founder of Contrast Security. “This release is a big expansion from previous years, and organizations need to review their programs to make sure they keep pace. Contrast Application Security Platform is the fastest, most cost-effective way to ensure that you have responded to the OWASP Top Ten across your entire application and API portfolio. “

With the release of three new 2021 categories and significant changes to some of the existing categories, organizations can take advantage of the new Top Ten to determine if their application security solution can scale to support the rapidly expanding reach. With the creation of a separate category for insecure design, organizations must consider the underlying architecture of their applications. The Contrast platform is particularly useful here, generating architecture diagrams based on what a running application is doing, which security and application development teams, in turn, can use to assess their architecture. application for an optimal secure design. The updated Top Ten also includes an increased focus on software supply chain security, which is warranted given the growing increase in software supply chain attacks. In addition, the Contrast platform includes custom policy rules for the software supply chain, such as dependency confusion, and unlike most other application security approaches, it extends the security and protections of the software. development to production.

The Contrast platform is particularly well suited for enabling organizations to manage the risks associated with each of the ten main categories. Basic capabilities include:

  • First automated application security tests for developers in the OWASP Top Ten and many other risks.
  • Comprehensive open source security testing for the top ten vulnerabilities, including runtime exploitability analysis.
  • Execution protection to create visibility of production and protect the top ten vulnerabilities in production from exploitation.
  • Dozens of integrations to ensure development and operations teams receive Top Ten security information through the tools they already use.
  • Automated compliance and reporting across many different standards, including the OWASP Top Ten.

To learn more about how Contrast provides out-of-the-box policy rules and reports for the OWASP Top Ten, please visit Contraste Security 2021 OWASP Top Ten.

About contrast security:

Contrast Security provides the industry’s most modern and comprehensive application security platform, removing inefficiencies from security barriers and enabling organizations to write and publish secure application code faster. Integrating code analysis and attack prevention directly into software with instrumentation, the Contrast platform automatically detects vulnerabilities as developers write code, eliminates false positives, and provides context-specific remediation advice for quick and easy remediation of vulnerabilities. This enables application and development teams to collaborate more effectively and innovate faster while accelerating digital transformation initiatives. That’s why a growing number of the world’s largest private and public sector organizations trust Contrast to secure their developing applications and extend protection into production.


Contrast Security
Jacklyn Kellick
[email protected]

SOURCE Contrast Security

Related links


Leave A Reply