informa
3 MIN READ
Products & Releases

Contrast Security Launches Expanded Security Testing Tools for JavaScript and Popular Angular, React, and jQuery Frameworks

New language and framework support empowers developers to analyze front-end code for vulnerabilities throughout the development lifecycle.

Los Altos, CA —October 5, 2022 — Contrast Security (Contrast), the leader in code security that empowers developers to secure as they code, today announced the expansion of its Secure Code Platform’s static application security testing (SAST) capabilities to include JavaScript language support along with support for Angular, React and jQuery frameworks, which will allow developers to quickly find and fix security defects in their client-side code. With this new Contrast Scan addition, application security and development teams leveraging the Contrast Secure Code Platform can scale security across the entire application stack, from client-side to server-side, with industry-leading speed and accuracy.

JavaScript is the most popular coding language in the world with modern frameworks such as Angular, React and jQuery being ubiquitous in web development. However, since JavaScript is executed on the user’s browser, this exposes sensitive application data on the client-side, leaving JavaScript applications susceptible to vulnerabilities like cross-site scripting (XSS) or Broken Access Control. Contrast prioritizes real, exploitable vulnerabilities in client-side code by performing analysis on vulnerable entry points within the application, allowing developers to rely on accurate scans that take just seconds.

Contrast’s extended capabilities help DevSecOps organizations achieve the following benefits:

  • Early detection of client-side vulnerabilities. This is achieved through analyzing client-side source code within routine development pipelines, complemented by easy-to-follow remediation guidance directly within the developers’ pipeline environment.
  • Full visibility into client-side code risk. Contrast’s pipeline-native SAST engine coupled with security rules tailored for JavaScript finds up to 63% more exploitable vulnerabilities than superficial tests run within the IDE.
  • False positive rates as low as 1%. A significant reduction in false positive rates compared to leading commercial SAST tools.
  • Ability to safeguard each layer of the software stack. Contrast Scan works in tandem with Contrast’s runtime code security solution to secure front-end code and back-end code within a centrally managed platform

"A growing concern for AppSec and Development Managers is how to embed security within the development pipeline. Regardless of whether you specialize in front-end, back-end, or full-stack development, we want to help enable developers to deliver secure code from the start," said Steven Phillips, Vice President of Product Marketing at Contrast Security. “Fortunately, with the new expansion of our Secure Code Platform language coverage to include client-side JavaScript with Angular, React and jQuery, AppSec and Development managers and their teams can now find and fix security defects in their client-side code with industry-leading speed and accuracy. This is a testament to Contrast’s mission to further invest in tools that allow customers to embed code security testing through each stage of the SDLC [software development lifecycle].”

Client-side JavaScript support is now available to enterprise customers through existing Contrast Scan subscriptions. Individual developers can also immediately start analyzing code for vulnerabilities with just a few clicks for free with CodeSec. To learn more about Contrast Scan’s new language and framework coverage, please visithttps://www.contrastsecurity.com/contrast-scan or watch a recorded demo here.

About Contrast Security

Contrast Security secures the code that global business relies on. It is the industry's most modern and comprehensive code security platform, removing security roadblock inefficiencies and empowering enterprise developers to write and release secure application code faster. Embedding code analysis and attack prevention directly into software with instrumentation, the Contrast platform automatically detects vulnerabilities while developers write code, eliminates false positives, and provides context-specific how-to-fix guidance for easy and fast vulnerability remediation. Doing so enables application and development teams to collaborate more effectively and to innovate faster while accelerating digital transformation initiatives. This is why a growing number of the world's largest private and public sector organizations rely on Contrast to secure their applications in development and extend protection to cloud and on-premise applications in production.