Contrast Security Announces Revolutionary Solution for Serverless Application Security

Contrast Expands Application Security Platform with Contrast Serverless Application Security which will initially support AWS Lambda, as survey reveals two-thirds of respondents say security is critical or very important to their strategy serverless application.

Posted: October 19, 2021 at 9:00 a.m. EDT|Update: 1 hour ago

LOS ALTOS, California, October 19, 2021 / PRNewswire / – Contrast Security, the leader in next-generation software security, today announced the upcoming release of Contrast Serverless Application Security, a revolutionary application security solution designed specifically for serverless application development that will initially support AWS Lambda. The new purpose-built security solution taps into a global serverless architecture market that will reach a reported $ 25.49 billion by 2026.

The revolutionary addition to the Contrast application security platform enables developers to automatically detect security vulnerabilities directly in serverless environments and validate and prioritize alert test results for resolution. By using context-based static and dynamic engines, Contrast can improve the operational efficiency of serverless security by 50% while accelerating development cycles.

Rapid growth of native and serverless cloud

Based on the new version of Contrast Serverless Application Security Status Report, serverless computing is the next step in the two-decade process of removing friction from the software development lifecycle (SDLC) to improve the speed, scalability, and profitability of software development. With serverless computing becoming mainstream during the COVID-19 pandemic, the survey found that more than 70% of respondents say 6 or more of their development teams are now working on serverless applications.

Survey results also show that businesses are concerned about application security, especially the security of their serverless applications, with two-thirds of respondents saying serverless security is critical or very important to their strategy. cloud native. However, 54% said they failed an audit, indicating that they did not have full observability of their organization’s serverless security. In addition, nearly 60% of those surveyed admit that the lack of specially designed security tools is a major problem.

The main reason is that serverless security issues are fundamentally different from web applications. Specifically, serverless risks go beyond code-level vulnerabilities, as each serverless function is self-contained with its own scope and permissions. Combined with a large number of functions typically used in applications, the attack service is broad. Traditional application security tools were designed for web applications and ignore these key risks specific to serverless applications.

“We’ve seen a few startups focus on protecting serverless environments at run time, but Contrast appears to be the first vendor to come up with securing serverless in the development pipeline, an equally important requirement, but one that so far has hardly been satisfied. ,” noted Rick turner, Senior Cybersecurity Analyst at Omdia. “The fact that it also tracks the use of least privilege is another key feature.”

Contrast’s Serverless Application Security Approach
The Contrast State of Serverless Application Security Report also found that almost all organizations use the top four cloud container services, although those offered by Amazon are the most prominent in most organizations. On that note, half of those surveyed report that the typical app has more than 10 AWS Lambda functions. Unfortunately, security has not kept pace with the rapid pace of innovation in serverless technologies. Recognizing that many developers are adopting AWS Lambda for application deployments, the new Contrast Serverless Application Security solution initially supports AWS Lambda deployments and only takes a few minutes to get up and running.

The complementary solution specifically designed for serverless application security ensures that security and development teams get the testing and protection capabilities they need without the legacy inefficiencies that delay release cycles. Contrast’s solution harnesses the power and data of serverless architectures to map all resources in the environment, perform static code analysis, and simulate custom dynamic attacks. It automatically validates and prioritizes test results with an accuracy that eliminates false positives and alert fatigue that plague traditional approaches to application security, with over 85% of alerts turning out to be false positives.

Three-click installation, zero configuration, and automated operations all support developer-friendly deployment. The functionality of the solution includes:

  • Dynamic environment analysis. Automatically initiates dynamic and personalized security assessments based on any specific updates introduced to the real-time test environment. This greatly improves the ease of testing compared to manual approaches. Dynamic analyzes are based on the interpretation of OWASP Top Ten benchmarks, including SQL injection, code injection, command injection, and local file inclusion.
  • Resource mapping. Automatically discovers all resources (eg, S3 bucket, API Gateway, DynamoDB) and their relationships within tested environments within minutes per session.
  • Code scanning. Automatically runs relevant code and configuration assessments to discover new vulnerabilities in near real time with context-rich remediation tips recommended. The types of vulnerabilities covered include:

“Traditional approaches to application security weren’t designed for serverless applications,” said Steve wilson, product manager at Contrast Security. “Our new serverless security capabilities allow developers to easily and quickly find and remediate critical security vulnerabilities. This unlocks the full potential of the cloud and serverless while dramatically reducing the risk of vulnerabilities in these environments.

Related details can be found on Contrast Serverless Application Security Web page and in the following resources:

REPORT: Serverless Application Security Status Report

PODCASTS: Key takeaways from a new serverless application security report

New serverless application security solution is a transformative breakthrough

WHITE PAPER: Contrast Serverless Application Security White Paper

About contrast security:
Contrast Security provides the industry’s most modern and comprehensive application security platform, removing inefficiencies from security barriers and enabling organizations to write and publish secure application code faster. Integrating code analysis and attack prevention directly into software with instrumentation, the Contrast platform automatically detects vulnerabilities as developers write code, eliminates false positives, and provides context-specific remediation advice. for quick and easy remediation of vulnerabilities. This enables application and development teams to collaborate more effectively and innovate faster while accelerating digital transformation initiatives. That’s why a growing number of the world’s largest private and public sector organizations trust Contrast to secure their developing applications and extend protection into production.

Contrast Security
Jacklyn Kellick

Show original content:

SOURCE Contrast Security

The above press release has been provided courtesy of PRNewswire. The views, opinions and statements contained in the press release are not endorsed by Gray Media Group and do not necessarily state or reflect those of Gray Media Group, Inc.

Leave a Comment