How-tos

Detecting security vulnerabilities with Contrast Security

Share this post:

Contrast Security is a revolutionary product that instruments your applications with sensors to detect security vulnerabilities in your code and protect your applications against attacks.

Contrast Security LogoApplications on Bluemix that use the liberty-for-java buildpack can now use the Contrast Security build-pack to secure their applications. The build-pack utilizes the Contrast Security agent to instrument applications with sensors and monitor data flow in the application.

To view the results of the agent, customers will need Contrast Security’s central reporting console known as the TeamServer. This is provided both as a service (SaaS) and as an on-premises offering. If you are new to Contrast Security and need to get set up with an account, reach out to our support team before getting started with the Bluemix tile.

Once your Contrast Security account has been setup (note that this is outside of Bluemix), you can proceed with the steps below to instrument your application with the Contrast agent and onboard an application.

  1. If you do not have a Bluemix account, you can register for a 30-day free trial using the button below.
  2. Login to the Bluemix console and browse the Bluemix Catalog.Bluemix Catalog
  3. Search for Contrast Security. You’ll see it listed in the DevOps category.Screen shot of Contrast Security listed in the DevOps category of Bluemix Catalog
  4. Fill in your Contrast TeamServer URL, API Key, Service Key, and Username. These can be obtained from your TeamServer account under Organization Settings and then API. Bind the Contrast Security service to your application and hit the Create button.Contrast Security service page on Bluemix
  5. Contrast technology uses instrumentation to insert sensors into an application. Therefore, restart the application so that the agent instruments the application and sends over information to TeamServer.

To view results on Contrast TeamServer, login to your Contrast Security account and navigate to Applications. You will now be able to see your new Bluemix application reporting (as shown below). Contrast Security can now report vulnerabilities and block attacks on your applications directly.Bluemix/Contrast Security Console

Now it is your turn to try these steps! Feel free to post comments at the bottom of this blog article or you can tweet us @contrastsec.

More How-tos stories
May 6, 2019

Use IBM Cloud Certificate Manager to Obtain Let’s Encrypt TLS Certificates for Your Public Domains

IBM Cloud Certificate Manager now lets you obtain TLS certificates signed by Let’s Encrypt. Let’s Encrypt is an automated, ACME-protocol-based CA that issues free certificates valid for 90 days.

Continue reading

April 30, 2019

Introducing IBM Analytics Engine v1.2 and Announcing the Deprecation of IBM Analytics Engine v1.0

We are excited to inform you about the new version of IBM Analytics Engine v1.2 that will be available starting May 15, 2019. Along with this release, Analytics Engine v1.0 will be retired.

Continue reading

April 23, 2019

Announcing the Deprecation of the Watson Machine Learning JSON Token Authentication Service

We’d like to inform you about the deprecation of the Watson Machine Learning JSON Token Authentication service. This method of authentication will be retired on May 30, 2019.

Continue reading