How-tos

Detecting security vulnerabilities with Contrast Security

Share this post:

Contrast Security is a revolutionary product that instruments your applications with sensors to detect security vulnerabilities in your code and protect your applications against attacks.

Contrast Security LogoApplications on Bluemix that use the liberty-for-java buildpack can now use the Contrast Security build-pack to secure their applications. The build-pack utilizes the Contrast Security agent to instrument applications with sensors and monitor data flow in the application.

To view the results of the agent, customers will need Contrast Security’s central reporting console known as the TeamServer. This is provided both as a service (SaaS) and as an on-premises offering. If you are new to Contrast Security and need to get set up with an account, reach out to our support team before getting started with the Bluemix tile.

Once your Contrast Security account has been setup (note that this is outside of Bluemix), you can proceed with the steps below to instrument your application with the Contrast agent and onboard an application.

  1. If you do not have a Bluemix account, you can register for a 30-day free trial using the button below.
  2. Login to the Bluemix console and browse the Bluemix Catalog.Bluemix Catalog
  3. Search for Contrast Security. You’ll see it listed in the DevOps category.Screen shot of Contrast Security listed in the DevOps category of Bluemix Catalog
  4. Fill in your Contrast TeamServer URL, API Key, Service Key, and Username. These can be obtained from your TeamServer account under Organization Settings and then API. Bind the Contrast Security service to your application and hit the Create button.Contrast Security service page on Bluemix
  5. Contrast technology uses instrumentation to insert sensors into an application. Therefore, restart the application so that the agent instruments the application and sends over information to TeamServer.

To view results on Contrast TeamServer, login to your Contrast Security account and navigate to Applications. You will now be able to see your new Bluemix application reporting (as shown below). Contrast Security can now report vulnerabilities and block attacks on your applications directly.Bluemix/Contrast Security Console

Now it is your turn to try these steps! Feel free to post comments at the bottom of this blog article or you can tweet us @contrastsec.

More How-tos stories
April 11, 2019

How to Automate TLS Certificate Rotation to Avoid Outages

In this post, we'll share how you can make sure you have end-to-end protection for data in transit without running into any TLS certificate expiry issues.

Continue reading

April 5, 2019

Node.js 502 Bad Gateway Issues and How To Resolve Them

In December of 2018, many Node.js users noticed that their applications randomly returned an HTTP status code 502 "Bad Gateway" error. In this post, we'll show you how to resolve this issue if you have been affected.

Continue reading

April 3, 2019

Managing IBM Cloud Resources with a Service ID Through the Command Line Interface

We are excited to announce that you can now log into IBM Cloud with a service ID in v0.15.0 of the IBM Cloud CLI. This enables users to manage IBM Cloud resources with a service ID created within an account through the command line interface.

Continue reading