Contrast Serverless Application Security
A cloud-native solution for securing serverless applications in AWS and Azure environments.
| Category | Serverless Security |
|---|---|
| Last page update | 19 days ago |
| Pricing Details | Contact for pricing details. |
| Target Audience | Developers and security teams managing serverless applications. |
Contrast Serverless Application Security manages securing serverless applications in cloud environments, particularly those built on AWS Lambda and Microsoft Azure Functions. This solution leverages a cloud-native architecture to map all resources within the environment, automatically validating and prioritizing security findings to eliminate false positives and alert fatigue.
Technically, Contrast connects to your AWS or Azure account with read-only access, deploying a Cloud Agent (a Lambda function) within the monitored environment. This agent performs code analysis, sends metadata back to Contrast, and executes dynamic security assessments based on OWASP Top Ten benchmarks, such as SQL injection and code injection. The solution uses context-based static and dynamic engines to analyze code, dependencies, and configuration risks, including vulnerabilities in custom code, open-source libraries, and over-permissive function policies.
Operationally, Contrast integrates into the development process without requiring significant changes. It offers a three-click installation process with zero configuration, making it developer-friendly and efficient. The platform continuously monitors the environment, updating its attack profile as changes occur, and provides real-time vulnerability detection and remediation guidance. This approach ensures that security vulnerabilities are identified and addressed early in the development phase, reducing the risk of exploits in production.
Key technical details include the use of Amazon EventBridge with a shared secret for secure data communication, encryption of data in transit and at rest, and the ability to simulate tailored dynamic attacks without modifying the application code. The solution also provides a visual representation of function and service relationships, helping teams understand the attack surface and prioritize vulnerabilities effectively. However, it's important to note that while the solution is highly automated, it may require occasional adjustments to scan settings and configurations to optimize its performance and accuracy.