Contrast Security expands serverless support with Microsoft Azure to uncover security vulnerabilities within multi-cloud deployments

Feb. 24, 2023
Leading code security provider helps enterprises adopt cloud-native application development, reduce security gaps and protect against potential lost revenue, damaged brand and costly fees

LOS ALTOS, Calif., Feb. 23, 2023 /PRNewswire/ -- Contrast Security (Contrast), the code security platform built for developers and trusted by security, has announced the expansion of its Contrast Serverless Application Security (Contrast Serverless) offering to support Microsoft Azure Functions and enable customers to quickly scan for security vulnerabilities on multi-cloud environments.

Organizations are rapidly adopting serverless and cloud-native development due to their inherent benefits. However, companies struggle to understand what applications are fully secured due to public cloud providers' "shared responsibility security model," especially if they're leveraging multi-cloud IT strategies. According to the Forrester Avoid The Security Inconsistency Pitfalls Transitioning To Serverless 2022 report, "data shows 74% of infrastructure decision-makers at firms that are adopting public cloud use two or more public clouds and 17% are using five or more. Therefore, it's no surprise that 82% of cloud users have experienced security events due to confusion over shared responsibility security models." Contrast Serverless meets the demands of organizations requiring a new security tooling purposely built to evaluate serverless risks while protecting against common vulnerabilities (CVEs), detecting misconfigurations and uncovering user privilege issues within a single interface.

With the addition of Microsoft Azure Functions support, organizations will be able to evaluate their serverless application risk on both Amazon Web Services (AWS) and Microsoft platforms from a single offering, as well as other benefits including:

  • Complete visibility of cloud-native serverless functions within the application to enable AppSec team to monitor the organization's serverless posture at all times.
  • Statically scan for vulnerabilities in open-source dependencies used within applications and custom code.
  • Detect misconfigurations.
  • Uncover least privilege issues based on Microsoft Azure function policy roles and active directory configurations.
  • Generate a contextual Microsoft Azure Functions risk score based on the above methods enabling teams to address the highest risk issues first.
  • Ability to apply remediation on function code both in AWS and/or Microsoft Azure environments.

"The ability to analyze access permissions, evaluate the security posture of open source components and identify attack surfaces together provides organizations with the context and precision needed to assess serverless application security risks. This combined with the added benefit of uncovering high-priority issues during the development process - and not after the fact when the application has already been made publicly available - is a unique value delivered by Contrast," said Steven Phillips, Vice President of Product Marketing at Contrast Security. "Developers can now efficiently secure cloud-native applications and take advantage of best-of-breed offerings from multiple hyper-scale cloud providers."

Contrast Serverless for Microsoft Azure Functions is available now with initial language support for Python, Node.js, Java and .NET core. To learn more about Contrast Serverless, please visit or attend a live demo at 9 am PST on Friday, February 24.

About Contrast Security (Contrast):

A world-leading code security platform company purposely built for developers to get secure code moving swiftly and trusted by security teams to protect business applications. Developers, security and operations teams quickly secure code across the complete software development life cycle (SDLC) with Contrast to protect against today's targeted application security (AppSec) attacks. Contrast also makes security testing available to all developers for free with CodeSec.

Founded in 2014 by cybersecurity industry veterans, Contrast was established to replace legacy AppSec solutions that cannot protect modern enterprises. With today's pressures to develop business applications at increasingly rapid paces, the Contrast Secure Code Platform defends and protects against full classes of common vulnerabilities and exposures (CVEs). This allows security teams to avoid spending time on focusing false positives and remediate true vulnerabilities faster. Contrast's platform solutions for code assessment, testing, protection, serverless, supply chain, APIs and languages help enterprises achieve true DevSecOps transformation and compliance.

Contrast protects against major cybersecurity attacks for its customer base which represents some of the largest brand-name companies in the world, including BMW, AXA, Zurich, NTT, SOMPO Japan and American Red Cross, as well as numerous other leading global Fortune 500 enterprises. Contrast partners with global organizations such as AWS, Microsoft, IBM Cloud, Guidepoint Security, Trace3, Deloitte and Carahsoft, to seamlessly integrate and achieve the highest level of security for customers.

The growing demand for the world's only platform for code security has landed the company on some of the most prestigious lists including the Inc. 5000 List of America's Fastest Growing Companies and has designated Contrast as one of the fastest growing companies on the Deloitte Technology Fast 500 List.

Learn more: