Contrast adds SAST support for TypeScript and Vue.js | Contrast Security – Security Boulevard

Posted under Programming, Technology On By James Steward

The Home of the Security Bloggers Network
Home » Security Bloggers Network » Contrast adds SAST support for TypeScript and Vue.js | Contrast Security
By Orlando Villanueva
November 30, 2022


CodeSec

JavaScript

SAST

Contrast Scan

vue.js

TypeScript
JavaScript continues to hold the title as the most utilized programming language by development teams, with a 65% score in this year’s StackOverflow Developer survey. The language is used  by some of the top 100 companies in the world, including Facebook, Google, Microsoft, Paypal, LinkedIn and Walmart, to name a few. These companies rely on JavaScript’s efficient deployment to maintain their online platforms.

A large portion of JavaScript’s success is due to its multiple supporting frameworks and programming languages, which play a vital role in ensuring a seamless user experience for customers. Among frameworks, it supports Angular, React and Vue, which are considered the most popular frameworks across all websites. It also integrates with programming languages such as TypeScript, which provides all the same features of JavaScript plus some added capabilities. This has fueled a meteoric rise for TypeScript since its inception in 2012: It’s now considered the fifth most popular programming language. These modern programming languages and frameworks have features that prevent such vulnerabilities from being exploitable. However, developers don’t have full control over front-end code, since it’s executed on the end user’s browser, so even SPA (single-page web application) frameworks are susceptible to vulnerabilities like cross-site scripting (XSS) or broken access control. Full-stack, front-end and even back-end developers need to have the means to test the code they ship for vulnerabilities affecting their source code.
 
Contrast Scan is expanding its coverage to TypeScript and Vue.JS, offering the same principles as its Java, .NET and JavaScript engines of prioritizing exploitable vulnerabilities while filtering out noise stemming from false positives. Contrast Scan doesn’t flood developers with misleading results but rather focuses only on exploitable findings by performing deep data flow analysis on any vulnerable entry point within an application. Contrast Scan tests applications in a matter of seconds, compared with other legacy commercial Static Application Security Testing (SAST) tools. Contrast SAST capability delivers up to 126x faster scan speeds and a dramatically low false positive rate of 1%. When comparing signal-to-noise ratio (SNR) of other competing legacy and developer focused SAST tools, Contrast SAST ranks first with a 98.5% SNR ratio.  This is because Contrast Scan performs deeper analysis on exploitable data paths and finds significantly more exploitable vulnerabilities than the superficial scanners on the market.



Contrast Scan tests your Java, JavaScript, TypeScript and .NET programming languages with additional support for popular frameworks such as Angular, React, JQuery and Vue.JS. It scans source files, enabling developers to integrate code tests earlier within the development life cycle at the code commit or push stage, as well as later during the build stage within Continuous Integration/Continuous Deployment (CI/CD) workflows. 
 
Test benchmarks are nice, but naturally, Contrast built Contrast Scan to deliver the same level of speed and accuracy in real-world applications. This is why we have released this expansion of Vue and TypeScript support not only for the enterprise version of the Contrast Scan SAST solution, but also for our free-to-use developer security motion, CodeSec. CodeSec’s free command-line interface (CLI) tool is powered by the same SAST engine as the enterprise version of Contrast Scan, so developers can rely on the same level of performance and accuracy as our enterprise customers, directly on their local machine. Whether you’re a front-end developer or a full-stack developer touching every element of the application stack, you have the world’s fastest and most accurate SAST solution at your disposal — for free! 
For more information on how to get started with CodeSec, visit Developer Central 
For more information on how to scale pipeline-native SAST across your enterprise, click here to schedule a demo of Contrast Scan with one of our experts.







Sr.Product Marketing Manager, CodeSec, Contrast Security
7 AppSec predictions for 2023

By subscribing to our blog you will stay on top of all the latest appsec news and devops best practices. You will also be informed of the latest Contrast product news and exciting application security events.


JavaScript continues to hold the title as the most utilized programming language by development teams, with a 65% score in this year’s StackOverflow Developer survey. The language is used  by some of the top 100 companies in the world, including Facebook, Google, Microsoft, Paypal, LinkedIn and Walmart, to name a few. These companies rely on JavaScript’s efficient deployment to maintain their online platforms.

A large portion of JavaScript’s success is due to its multiple supporting frameworks and programming languages, which play a vital role in ensuring a seamless user experience for customers. Among frameworks, it supports Angular, React and Vue, which are considered the most popular frameworks across all websites. It also integrates with programming languages such as TypeScript, which provides all the same features of JavaScript plus some added capabilities. This has fueled a meteoric rise for TypeScript since its inception in 2012: It’s now considered the fifth most popular programming language. These modern programming languages and frameworks have features that prevent such vulnerabilities from being exploitable. However, developers don’t have full control over front-end code, since it’s executed on the end user’s browser, so even SPA (single-page web application) frameworks are susceptible to vulnerabilities like cross-site scripting (XSS) or broken access control. Full-stack, front-end and even back-end developers need to have the means to test the code they ship for vulnerabilities affecting their source code.
 
Contrast Scan is expanding its coverage to TypeScript and Vue.JS, offering the same principles as its Java, .NET and JavaScript engines of prioritizing exploitable vulnerabilities while filtering out noise stemming from false positives. Contrast Scan doesn’t flood developers with misleading results but rather focuses only on exploitable findings by performing deep data flow analysis on any vulnerable entry point within an application. Contrast Scan tests applications in a matter of seconds, compared with other legacy commercial Static Application Security Testing (SAST) tools. Contrast SAST capability delivers up to 126x faster scan speeds and a dramatically low false positive rate of 1%. When comparing signal-to-noise ratio (SNR) of other competing legacy and developer focused SAST tools, Contrast SAST ranks first with a 98.5% SNR ratio.  This is because Contrast Scan performs deeper analysis on exploitable data paths and finds significantly more exploitable vulnerabilities than the superficial scanners on the market.



Contrast Scan tests your Java, JavaScript, TypeScript and .NET programming languages with additional support for popular frameworks such as Angular, React, JQuery and Vue.JS. It scans source files, enabling developers to integrate code tests earlier within the development life cycle at the code commit or push stage, as well as later during the build stage within Continuous Integration/Continuous Deployment (CI/CD) workflows. 
 
Test benchmarks are nice, but naturally, Contrast built Contrast Scan to deliver the same level of speed and accuracy in real-world applications. This is why we have released this expansion of Vue and TypeScript support not only for the enterprise version of the Contrast Scan SAST solution, but also for our free-to-use developer security motion, CodeSec. CodeSec’s free command-line interface (CLI) tool is powered by the same SAST engine as the enterprise version of Contrast Scan, so developers can rely on the same level of performance and accuracy as our enterprise customers, directly on their local machine. Whether you’re a front-end developer or a full-stack developer touching every element of the application stack, you have the world’s fastest and most accurate SAST solution at your disposal — for free! 
For more information on how to get started with CodeSec, visit Developer Central 
For more information on how to scale pipeline-native SAST across your enterprise, click here to schedule a demo of Contrast Scan with one of our experts.

*** This is a Security Bloggers Network syndicated blog from AppSec Observer authored by Orlando Villanueva. Read the original post at: https://www.contrastsecurity.com/security-influencers/contrast-scan-expands-support-to-typescript-and-vue
More Webinars
Security Boulevard Logo White
DMCA

source

Note that any programming tips and code writing requires some knowledge of computer programming. Please, be careful if you do not know what you are doing…

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.