No more typing reviews! Try our Samantha, our new voice AI agent.
Contrast Security Assess Logo

Contrast Security Assess Reviews

Vendor: Contrast Security
4.4 out of 5
Leave a review

What is Contrast Security Assess?

Contrast Security Assess is an IAST platform known for accurate vulnerability detection. It integrates into development workflows, offering real-time insights into security issues with minimal false positives, supporting legacy applications and enhancing code security visibility.

Get the Contrast Security Assess Buyer's Guide and find out what your peers are saying about Contrast Security Assess, SonarQube, Snyk and more!
Contrast Security Assess is the #26 ranked solution in AST tools and #32 ranked solution in application security solutions. PeerSpot users give Contrast Security Assess an average rating of 8.8 out of 10. Contrast Security Assess is most commonly compared to SonarQube: Contrast Security Assess vs SonarQube. Contrast Security Assess is popular among the large enterprise segment, accounting for 47% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 17% of all views.
Buyer's Guide
Contrast Security Assess
May 2026
Get the report
Helped 893,164 peers since 2012

Featured Contrast Security Assess reviews

Read more reviews

Contrast Security Assess mindshare

Product category:
Static Application Security Testing (...
As of May 2026, the mindshare of Contrast Security Assess in the Static Application Security Testing (SAST) category stands at 1.2%, up from 0.5% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Static Application Security Testing (SAST) Mindshare Distribution
ProductMindshare (%)
Contrast Security Assess1.2%
SonarQube15.3%
Checkmarx One9.7%
Other73.8%
Static Application Security Testing (SAST)

PeerResearch reports based on Contrast Security Assess reviews

TypeTitleDate
CategoryStatic Application Security Testing (SAST)May 9, 2026Download
ProductReviews, tips, and advice from real usersMay 9, 2026Download
ComparisonContrast Security Assess vs SonarQubeMay 9, 2026Download
ComparisonContrast Security Assess vs Checkmarx OneMay 9, 2026Download
ComparisonContrast Security Assess vs VeracodeMay 9, 2026Download
Suggested products
TitleRatingMindshareRecommending
SonarQube4.015.3%84%136 interviewsAdd to research
Snyk4.15.9%100%51 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

Contrast Security Assess excels in identifying vulnerabilities accurately with minimal false positives, outperforming other tools. It provides real-time vulnerability detection and comprehensive stack trace details, aiding in timely fixes. The tool's integration into the development process enhances efficiency and incorporates security elements seamlessly. It also offers valuable features like third-party library monitoring, PCI compliance reports, and robust automation, significantly reducing the time and effort spent on vulnerability management.
  • "Contrast was a very complete solution; it met all of our technical requirements and it was really the only IAST product that felt like a real product."
  • "Overall, the product is strong and improving, support is responsive and effective, and supported integrations work for many customers."
  • "Assess has brought our development time down because it helps create code the first time."

Room for Improvement

Contrast Security Assess needs improvements in documentation and plugin integration. It lacks support for some technologies like .NET Core on Ubuntu and PHP. Users desire better scanning rules, client-side support, and more intuitive reporting. Technical support speed and onboarding processes could be enhanced. There's a need for better vulnerability fixes and ecosystem flexibility. Updates involve cumbersome downloads, and personalization options for reporting and dashboards could be improved for large organizations.
  • "My primary hurdle is that it doesn't support all of the technologies that we use."
  • "I think there was activity underway to support the centralized configuration control. There are ways to do it, but I think they were productizing more of that."
  • "The out-of-the-box reporting could be improved. We need to write our own APIs to make the reporting more robust."

ROI

Several organizations have observed a return on investment with Contrast Security Assess. Contrast aids in securing key revenue-driving applications and reduces the attack surface by identifying vulnerabilities early in development. Continuous scanning allows teams to address software defects before production. Time savings occur for both security and development teams, as they handle fewer false positives and focus on actionable results. Code quality improves through reduced code use and streamlined processes.

Pricing

Contrast Security Assess pricing is straightforward, focusing on per-application licensing without regard to application size, making it ideal for large, monolithic applications. Enterprise buyers note that while pricing is industry-standard, it may not scale well in highly clustered environments. The tiered model allows flexibility with a pay-per-application system, benefitting environments with fewer onboarded applications. Developer licenses are sometimes required, leading to potential additional costs. Overall, the pricing is considered reasonable for its features.
  • "The solution is expensive."
  • "The product's pricing is low. I would rate it a two out of ten."
  • "It's a tiered licensing model. The more you buy, as you cross certain quantity thresholds, the pricing changes. If you have a smaller environment, your licensing costs are going to be different than a larger environment... The licensing is primarily per application. An application can be as many agents as you need. If you've got 10 development servers and 20 production servers and 50 QA servers, all of those agents can be reporting as a single application that utilizes one license."

Popular Use Cases

Contrast Security Assess is primarily used for enhancing security around legacy applications, providing application vulnerability scanning and pen-testing. It integrates into developer workflows for immediate vulnerability identification, supports multiple programming languages, and offers continuous monitoring. It operates on a cloud-hosted platform where data is aggregated, analyzed, and interacted with. Assess has improved visibility for code testing and includes features like secure source code analysis, providing detailed information about web application vulnerabilities and third-party library CVEs.

Service and Support

Contrast Security Assess provides responsive and helpful support, with quick response times and knowledgeable staff. Many users appreciate their enthusiastic and accommodating team, noting rapid responses to inquiries. Some have experienced delays in comprehending custom requests, but most find communication efficient. Despite some challenges with troubleshooting via cumbersome log files, the technical support is generally rated positively, often resolving issues promptly through web or email submissions. Contrast is recognized for its top-tier standard support.

Deployment

Initial setup for Contrast Security Assess is straightforward for many, involving adding the jar file to JVM arguments. Instructions are clear, but deployment varies by organization size and complexity. While some complete setup quickly, larger environments take longer due to multiple teams and applications. Users highlight easy integration with Java, .NET, and PCF, though automation is challenging due to varied applications. Maintenance involves collaboration with different teams, focusing on agent deployment and data management.

Scalability

Contrast Security Assess exhibits strong scalability, integrating well with various applications regardless of complexity. It allows widespread deployment across different environments, both cloud and on-premises. While some challenges exist in automation and technology support, organizations can scale efficiently with a robust change-management strategy. The ability to expand usage across multiple teams is significant, but requires initial setup and familiarization by key personnel. Development teams are gradually adapting to the platform due to its comprehensive application security features.

Stability

Contrast Security Assess exhibits significant stability, with most users experiencing minimal downtime and effective support. Some challenges arise from unsupported applications like ColdFusion and occasional performance impacts on specific applications. However, many find it reliable once deployed, with maintenance and monitoring streamlined. Assess performs well in preproduction and is robust for development sites. Users appreciate its smooth operation, high stability, and efficient handling of traffic.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Contrast Security Assess Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business2
Midsize Enterprise3
Large Enterprise6
By reviewers
By visitors reading reviews
Company SizeCount
Small Business49
Midsize Enterprise35
Large Enterprise75
By visitors reading reviews

Top industries

By visitors reading reviews
Financial Services Firm
17%
Manufacturing Company
11%
Comms Service Provider
8%
Computer Software Company
6%
Construction Company
6%
Healthcare Company
5%
University
4%
Insurance Company
4%
Performing Arts
4%
Energy/Utilities Company
4%
Retailer
3%
Wholesaler/Distributor
2%
Government
2%
Educational Organization
2%
Marketing Services Firm
2%
Media Company
2%
Outsourcing Company
2%
Wellness & Fitness Company
2%
Real Estate/Law Firm
1%
Transportation Company
1%
Pharma/Biotech Company
1%
Hospitality Company
1%
Consumer Goods Company
1%
Leisure / Travel Company
1%
Non Profit
1%
Museum Or Institution
1%
Philanthropy
1%
Recreational Facilities/Services Company
1%
Religious Institution
1%
Logistics Company
1%
Legal Firm
1%

Compare Contrast Security Assess with alternative products

Go!

Learn more about Contrast Security Assess

Designed to integrate seamlessly into DevOps workflows, Contrast Security Assess automates real-time vulnerability detection and reduces false positives through its powerful IAST features. By continuously monitoring vulnerabilities, it provides a robust option for securing legacy applications and identifying vulnerabilities without lengthy scans. This cloud-hosted platform supports numerous programming languages, making it versatile for security testing across enterprise environments. Users benefit from detailed reports that pinpoint exact code locations requiring remediation, enhancing speed and efficiency in addressing security concerns.

What are the key features of Contrast Security Assess?
  • IAST Technology: Delivers accurate vulnerability detection with reduced false positives.
  • Seamless Integration: Integrates into development processes, supporting real-time vulnerability detection.
  • Open Source Security: Analyzes third-party libraries for vulnerabilities.
  • Continuous Monitoring: Provides valuable insights with real-time security feedback for developers.
  • API Interface: Enhances operational efficiency and streamlining with minimal false positives.
What benefits should users look for in reviews?
  • Enhanced Security Visibility: Offers comprehensive insights across application environments.
  • Speed and Efficiency: Quick identification and remediation of vulnerabilities accelerate development.
  • Operational Streamlining: Seamless integration into DevOps workflows improves productivity.
  • Legacy Application Support: Effective for securing existing applications with ongoing monitoring.

Companies in industries requiring high levels of application security, such as finance and healthcare, implement Contrast Security Assess for its ability to enhance visibility and detect vulnerabilities early in the development lifecycle. Its seamless integration with DevOps processes makes it ideal for environments that prioritize agility while maintaining stringent security standards.

Contrast Security Assess was previously known as Contrast Assess.

Contrast Security Assess customers

Williams-Sonoma, Autodesk, HUAWEI, Chromeriver, RingCentral, Demandware.

Related questions

  • 296
What Application Security Solution Do You Use That Is DevOps Friendly?
  • 41
Which is the most comprehensive open source Web Security Testing tool?
  • 63
What is the best Application Security Testing platform?
  • 54
When evaluating Application Security Testing, what aspect do you think is the most important to look for?
  • 92
SAST vs. DAST: Which is better for application security testing?
  • 66
What tools do you rely on for building a DevSecOps pipeline?
  • 151
What does the Log4j/Log4Shell vulnerability mean for your company?
  • 92
Checkmarx or Veracode. Which should we choose?
  • 180
What are your recommended automated penetration testing tools?
  • 76
What are the OWASP top 10 in 2020?

Product Categories

Product Categories
Static Application Security Testing (SAST)
Application Security Tools

Popular Comparisons

Popular Comparisons
SonarQube vs Contrast Security Assess Logo
SonarQube vs Contrast Security Assess
Snyk vs Contrast Security Assess Logo
Snyk vs Contrast Security Assess
Checkmarx One vs Contrast Security Assess Logo
Checkmarx One vs Contrast Security Assess
GitLab vs Contrast Security Assess Logo
GitLab vs Contrast Security Assess
Veracode vs Contrast Security Assess Logo
Veracode vs Contrast Security Assess
CrowdStrike Falcon Cloud Security vs Contrast Security Assess Logo
CrowdStrike Falcon Cloud Security vs Contrast Security Assess
Coverity Static vs Contrast Security Assess Logo
Coverity Static vs Contrast Security Assess
Acunetix vs Contrast Security Assess Logo
Acunetix vs Contrast Security Assess
PortSwigger Burp Suite Professional vs Contrast Security Assess Logo
PortSwigger Burp Suite Professional vs Contrast Security Assess
Mend.io vs Contrast Security Assess Logo
Mend.io vs Contrast Security Assess
OpenText Core Application Security vs Contrast Security Assess Logo
OpenText Core Application Security vs Contrast Security Assess
Sonatype Lifecycle vs Contrast Security Assess Logo
Sonatype Lifecycle vs Contrast Security Assess
GitHub Advanced Security vs Contrast Security Assess Logo
GitHub Advanced Security vs Contrast Security Assess
OWASP Zap vs Contrast Security Assess Logo
OWASP Zap vs Contrast Security Assess
GitGuardian Platform vs Contrast Security Assess Logo
GitGuardian Platform vs Contrast Security Assess
See all alternatives
 
Contrast Security Assess Reviews Summary
Author infoRatingReview Summary
Lead Application and Data Security Engineer at a insurance company with 5,001-10,000 employees4.0I found Contrast Security Assess to be a solid, easy-to-deploy platform that significantly reduces development time with its excellent API. Although the out-of-the-box reporting needs improvement, I rate it 8.5/10.
Director of Threat and Vulnerability Management at a consultancy with 10,001+ employees4.0I find Contrast Assess highly accurate for real-time vulnerability detection, identifying more issues than legacy tools. It greatly improves our security posture, but limited technology support and developer adoption challenges are significant hurdles I face.
CyberRisk Solution Advisor at a consultancy with 10,001+ employees4.0I find Contrast Security Assess effective for detailed vulnerability insights, especially in web applications and third-party libraries. It identifies issues by file and line but needs faster support and more detailed CVE analysis. Initial setup could also be simplified.
Senior Manager of Information Security at Kaizen Gaming5.0We use Contrast Security Assess to evaluate our customer-facing apps, identifying vulnerabilities and improving code quality. Though the retesting and vulnerability fix suggestions need enhancement, the tool's quick detection and developer-friendly pricing led us to choose it over others.
Senior Security Architect at a tech services company with 5,001-10,000 employees4.5I rely on Contrast for continuous, accurate vulnerability scanning, integrating with pen-testing. It reduces false positives and saves time. I value its IAST and OSS features, though I hope for broader coverage for technologies like .NET Core on Ubuntu.
Technical Information Security Team Lead at Kaizen Gaming4.5Contrast provides us with clear, real-time code visibility, significantly enhancing our security and quality. Its effective automation and excellent support save us time and money, proving to be a highly valuable solution despite minor customization suggestions.
Manager at a consultancy with 10,001+ employees4.0I found Contrast Security Assess highly effective for continuous, automated vulnerability identification and improved SCA, saving significant time. However, its lack of client-side support and deployment automation challenges are notable drawbacks.
Director of Innovation at a tech services company with 1-10 employees4.0I rely on Contrast Security for highly accurate vulnerability assessments with few false positives, far surpassing other tools and improving remediation. While agent upgrades are cumbersome, requiring robust change management, I see significant ROI from its use.