Contrast Security has announced the addition of the Contrast Go agent to the Contrast Application Security Platform. Contrast virtually eliminates false positives that plague legacy application security testing that approaches security from the outside-in.
Using instrumentation to embed the agent within software, Contrast reduces security noise resulting from false positives while empowering developers to easily and quickly fix vulnerabilities themselves.
According to the company, the Contrast platform delivers the industry’s first interactive application security analyzer for Go language applications. Its release is particularly important for organizations seeking to secure application programming interfaces (APIs). The Contrast Go agent performs software composition analysis (SCA) to locate known vulnerabilities while employing integrated analysis that analyzes API runtime to detect unknown vulnerabilities.
Additionally, if a new—previously unknown—vulnerability is discovered at a later date, the Contrast DevSecOps Control Center shows which applications are affected.
Contrast enables organizations to address vulnerabilities in both custom and open-source code in Go applications. The integrated analysis approach of Contrast weaves sensors into an application to trace data flow and improve the accuracy and quality of vulnerabilities found—for everything from path traversal to injection attacks.
The release of Go support in the Contrast Application Security Platform extends Contrast’s already extensive language support that includes Java, .NET, Node.js, Ruby, and Python.