back to AppSecMap
SCA

Software Composition Analysis (SCA) includes scanning and evaluating of code dependencies (usually open-source) for licensing and known vulnerabilities. This process is applicable to composers and dependency managers such as Docker Compose, Maven, NPM Bazel and pip.

Search in the AppSec Map

AST

AppSec Testing Solutions

The Appsec Testing Tools category includes tools which identify software defects using different techniques.

Static code analysis tools, such as SAST, SCA, and IaC Security identify defects in the code or in the composition recipes of software. Dynamic security testing tools - DAST and IAST which interact with running software to identify software defects and security misconfiguration. Included in these tools are those which combine different techniques and offer additional tests in a specific domain such as MAST. With AST, teams can automate security testing, and identify defects.

Through ASPM, the reports created by these tools are prioritized based on the context of the asset, and then integrated into the remediation backlog. The reports are also used to analyze and visualize present security posture.

Protection

Application Protection Solutions

Application Protection Tools are tools that detect application level intrusion attempts and protect against application level attacks in real time.

The category includes WAF and WaaP solutions which provide perimeter level protection, and RASP which offers advanced detection and protection by being integrated directly into the application. Bot mitigation solutions address a problem of a different nature, and can run in the perimeter or be integrated into the application. CI/CD Security means to detect issues in CI/CD and the processes running in these environments, and protect them from malware in upstream software supply chain.

Protection tools offer centralized improvement of security posture. With ASPM, matrices collected from protection tools are used for asset discovery and classification, as well as to assess the coverage of protection. In many cases, activating protection features can be a quick temporary fix that improves protection - until the software defect is resolved.

Services

AppSec Services

AppSec services offer advanced security testing with Penetration Testing services and Bug Bounty platforms and programs. Some Vendors strive to add protection from the source by educating and training developers to produce software with less security defects.

Human led activities serve an important part of ASPM, as they produce output that can often be easily translated to prioritized tasks, and serve as a benchmark for automated security tests.

SASTAppSec Map Categories include AST, Application proaction tools and AppSec Services.SASTsast / GitGuardianSecure your software development with automated secrets detection & remediation for private or public source code.GitGuardianWAFAppSec Map Categories include AST, Application proaction tools and AppSec Services.WAFwaf / CequenceRuntime API visibility, security risk monitoring, and patented behavioral fingerprinting technology to consistently detect and protect against online attacks.CequencePTAppSec Map Categories include AST, Application proaction tools and AppSec Services.PTpt / bugcrowdBugcrowd helps organizations leverage the expertise of white hat hackers through bug bounty, penetration testing, and vulnerability disclosure programs. See how crowdsourced security can help your team identify risks fasterbugcrowd
sast / Data TheoremData Theorem prevents AppSec data breaches. Our products focus on API Security (RESTful & GraphQL), Cloud (Serverless Apps & CSPM), mobile apps (iOS & Android), and WebApps (Single-Page Apps).Data Theoremsast / SonarQubeSonarQube® is an automatic code review tool to detect bugs, vulnerabilities, and code smells in your code. It can integrate with your existing workflow to enable continuous code inspection across your project branches and pull requests.SonarQubesast / CheckmarxCheckmarx CxSAST is a unique source code analysis solution that provides tools for identifying, tracking, and repairing technical and logical flaws in the source code, such as security vulnerabilities, compliance issues, and business logic problemsCheckmarxwaf / CloudflareCloudflare is a web performance and security company that provides online services to protect and accelerate websites onlineCloudflarewaf / Rapid7 InsightAppSec Total Risk brings Rapid7’s proven Application Security technologyto the Insight platform, combining powerful application crawling and attack capabilities, flexibility in scan scope and scheduling, and accuracy in results with a modern UI, intuitive workflows, and sensible data organization. It’s all delivered via the cloud so that customers can be up and running in minutes, identifying the critical security risks that exist in your application and providing a holistic approach to securing your web apps across your SDLC, from the identification and remediation of vulnerabilities to the detection and prevention of real-time attacks. Rapid7waf / FortinetFortinet delivers high-performance network security solutions that protect your network, users, and data from continually evolving threatsFortinetpt / WhiteHatThe WhiteHat Application Security Platform provides all of the services required to secure the entire software development lifecycle.WhiteHatpt / Rapid7 InsightAppSec Total Risk brings Rapid7’s proven Application Security technologyto the Insight platform, combining powerful application crawling and attack capabilities, flexibility in scan scope and scheduling, and accuracy in results with a modern UI, intuitive workflows, and sensible data organization. It’s all delivered via the cloud so that customers can be up and running in minutes, identifying the critical security risks that exist in your application and providing a holistic approach to securing your web apps across your SDLC, from the identification and remediation of vulnerabilities to the detection and prevention of real-time attacks. Rapid7pt / VeracodeMove your business forward by creating secure software, reducing the risk of breach, and increasing security and dev teams' productivityVeracode
sast / FortifyBuild secure software fast. Our application security platform automates testing throughout the CI/CD pipeline so developers can quickly resolve issues.Fortifysast / WhiteHatThe WhiteHat Application Security Platform provides all of the services required to secure the entire software development lifecycle.WhiteHatsast / pmdPMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forthpmdwaf / AkamaiAkamai Technologies is a global content delivery network (CDN), cybersecurity, and cloud service company, providing web and Internet security servicesAkamaiwaf / radwareRadware is a provider of cybersecurity and application delivery products for physical, cloud and software-defined data centersradwarewaf / BarracudaProtect your websites and applications from advanced cyber-threats.Barracudapt / PortSwiggerPortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilitiesPortSwiggerpt / hackeroneReduce the risk of a security incident by working with the world's largest community of hackers. HackerOne offers bug bounty, VDP, & pentest solutionshackeronept / SynackThe Synack Platform provides comprehensive penetration testing with actionable results and continuous security scaled by the world's most skilled ethical hackers and AI technologySynack
sast / ContrastUnify security and development teams with one DevSecOps platform across the entire SDLC that increases accuracy, improves developer productivity, and scales for comprehensive software coverageContrastsast / VeracodeMove your business forward by creating secure software, reducing the risk of breach, and increasing security and dev teams' productivityVeracodesast / banditBandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a reportbanditwaf / ImpervaImperva is a cyber security software and services company which provides protection to enterprise data and application softwareImpervawaf / F5F5 is a company that specializes in application delivery networking (ADN) and application securityF5pt / SynopsysSynopsys is an American electronic design automation company that focuses on silicon design and verification, silicon intellectual property and software security and qualitySynopsyspt / cobaltCobalt is a PTaaS platform that transforms traditional pentesting into a data-driven vulnerability management engincobaltpt / ImmunityImmunity offers penetration testing, application assessments, vulnerability analysis, reverse engineering, architecture reviews and source code reviews that focus on real levels of exposure.Immunity
sast / SnykSnyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.Snyksast / GitLabIntegrating security into your DevOps lifecycle is easy with GitLab. Security is built-in, out of the box, giving you the visibility and control necessary to protect the integrity of your software supply chain, software factory, and its deliverables.GitLabsast / GitHubSee security issues in your pull requests as part of your code review process. Prevent new vulnerabilities from making it onto main.GitHubpt / NCCgroupNCC Group focuses on identifying, assessing, and mitigating cyber threats internationally. The company offers a range of technical security assessment such as cloud services and penetration testing via an online cyberstore.NCCgrouppt / Include SecurityIncludeSec is an all senior team of 50+ hackers who hack software of all types, from web to OSes they've hacked on 30+ languages since 2011. They offer penetration testing, application assessments, reverse engineering, and source code reviews primarily.Include Securitypt / AppSec LabsAppSec Labs is a boutique application security consultancy, whose mission is a proactive attitude towards application security. The company provides expert application penetration testing services but also can assist clients with application architecture/design reviews, secure code reviews as well as helping organizations improve their internal application security program and build security activities into their software development lifecycles.AppSec Labs
sast / SynopsysSynopsys is an American electronic design automation company that focuses on silicon design and verification, silicon intellectual property and software security and qualitySynopsyssast / SemgrepSemgrep is a fast, open-source, static analysis tool that finds bugs and enforces code standards at editor, commit, and CI timeSemgrepsast / ShiftLeftShiftLeft delivers a new model for protecting cloud or data center hosted softwareShiftLeftWaaPAppSec Map Categories include AST, Application proaction tools and AppSec Services.WaaPwaap / Signal SciencesSignal Sciences' next-gen WAF and RASP protects web applications, APIs and microservicesSignal Sciencespt / BlacklockBlacklock allows you to initiate a penetration test with a click of a button. Simply subscribe, provide the target details, digitally sign an authorization letter, track test progress via dashboard, view or download security test report, manage vulnerabilities from a single pane or request a retest.Blacklockpt / NowSecureNowSecure is the mobile app security and privacy software company trusted by hundreds of the world’s most demanding organizations and most advanced security teams. From mobile-powered digital transformation to mobile-first innovators, NowSecure protects millions of mobile app users across banking, insurance, high tech, IOT, retail, hospitality, transportation, energy and government sectors. NowSecure ensures confidence that your organization is protecting your mobile app users, customers, partners and employees. Only NowSecure delivers fully automated mobile app security, API security and privacy testing software and services with speed, accuracy, and efficiency for enterprise-wide risk management, Agile and DevSecOps programs. Through automated continuous SAST/DAST/IAST/API Security Testing on real Android and iOS devices, NowSecure identifies the broadest array of security threats, compliance gaps and privacy risks. With more than a decade of mobile security expertise, NowSecure is SOC2 certified and was twice recognized as the worldwide leader in 2019 IDC MarketScape reports for Mobile Application Security Testing and named a DevSecOps Transformational leader by Gartner in 2020.NowSecurept / KulkanA boutique penetration testing firm with 20+ years of experience in information security.Kulkan
sast / AppScanPowerful DevSecOps that pinpoints and remediates application vulnerabilities in every phase of the development lifecycle. AppScan delivers best-in-class application security testing tools to ensure your business, and your customers, are not vulnerable to attacks.AppScansast / SyhuntSyhunt Code is a staticapplication security scanner designed for testing Web applications written in avariety of languages. Find the vulnerable portions of the code in minutes before putting a web application in production.Syhuntsast / BridgeCrewBridgecrew scans entire IaC templates for misconfigurations. In runtime, each of the following cloud resource types are counted as a resource. For AWS: EC2, RDS, Redshift, ELB, NAT gateway. For Azure: Virtual Machines, SQL DB, PostgreSQL DB, SQL Managed Instance, Load Balancer. For Google Cloud: GCE, Cloud SQL DB, Load Balancer, Cloud NAT.BridgeCrewwaap / SaltThe Salt API Protection Platform discovers all APIs and their exposed data, stops attackers in their tracks, and provides remediation insights for dev teamsSaltwaap / CequenceRuntime API visibility, security risk monitoring, and patented behavioral fingerprinting technology to consistently detect and protect against online attacks.Cequencewaap / ReblazeReblaze is a cloud-based platform that provides a comprehensive, dynamic, machine-intelligent security and control solution for web platformsReblazept / HackrateHackrate platform helps companies to identify software vulnerabilities in a cost-efficient way. It provides a secure and centralized view of ethical hacking projects for your company. Hackratept / APIsecAPIsec is able to learn an API, create API security tests and run these attack playbooks against any API. Our SaaS product fits into any stage of your API CI/CD Pipeline, uncovering the vulnerabilities that will result in a breach before it ever happens.APIsecpt / we45we45 provides range of customized security solutions which consists of AppSec Security services, Cloud and Kubernetes security solutions, security architecture review services and Threat modeling to name the top ones. Established in 2009 by leading AppSec researcher Abhay Bhargav, it is now serving clients across the globe.we45
sast / GuardRailsGuardRails is a continuous application security verification platform that empowers modern development teams to find, fix and prevent vulnerabilities related to source code, open source libraries, secret management and cloud configuration.GuardRailssast / OxeyeOxeye application security platform contextually detects, analyzes, and prioritizes vulnerabilities in custom code, open-source components, 3rd party binaries, and hard-coded secrets. Oxeye's innovative approach combines static and runtime analysis of all the components and layers of modern applications - code, container, cluster, cloud, and the connections and communications among them. Using this data allows Oxeye to significantly reduce false positives, detect vulnerabilities that span code and infrastructure, generate an exploitable-based risk assessment of all vulnerabilities, and provide a detailed view of potential attack paths in the application from the externally facing API, down to the specific line of code in the inner services. Deploying Oxeye takes less than 2 minutes Oxeyesast / JFrog Advanced securityWe will be happy to set up a call to elaborate on our new capabilities and categories we supportJFrog Advanced securitywaap / NonameThe Noname API Security Platform helps enterprises discover, analyze, remediate, and test all legacy and modern APIsNonamewaap / TraceableActionable insight into your current web application security and API security posture, effectively seeing into the ‘DNA’ of your application and associated APIs.Traceablewaap / Mesh7Mesh7 delivers highly distributed micro API firewall with gateway to secure Cloud-Native Applications and microservicesMesh7pt / KrollProactively assess the security of your data systems and processes with our insider’s view of today’s greatest cyber risks. We translate frontline threat intel from 3,200+ cyber incidents annually into a nuanced view of where gaps may exist in your security and how to prioritize improvements. You can count on Kroll advisors for impartial, technology-agnostic assessments. We deliver breach and attack simulation, red team exercises, a variety of penetration testing solutions, and much more.Krollpt / FaradayFaraday empowers security teams world-wide with most flexible, intuitive and reliable vulnerability management technology to detect and triage issues at speed of business. They also have a boutique-style department delivering security consulting services to cutting-edge companies.Faradaypt / SecunaSecuna's penetration testing service is faster than the normal, cost-efficient with unlimited retesting for 1 month. Secuna's in-house penetration testing team combines the effectivity of automated tools with the creativity and thoroughness of our manual methods to get your apps ready for the next major launch.Secuna
waap / L7 DefenseL7 Defense helps organizations protect their infrastructure, applications, customers, employees, and partners against the growing risk of API-borne attacksL7 Defensewaap / ThreatXWeb Application Protection | API Protection | Bot Management | DDoS MitigationThreatXwaap / NeosecProtect APIs, microservices and applications. Visualize API usage with business and risk context, hunt API-based security threats and remediate vulnerabilities.Neosec
DASTAppSec Map Categories include AST, Application proaction tools and AppSec Services.DASTdast / Data TheoremData Theorem prevents AppSec data breaches. Our products focus on API Security (RESTful & GraphQL), Cloud (Serverless Apps & CSPM), mobile apps (iOS & Android), and WebApps (Single-Page Apps).Data Theoremwaap / Prisma CloudCLOUD WORKLOAD PROTECTION Secure hosts, containers and serverless functions across the application lifecycle. CLOUD CODE SECURITY Secure configurations, scan code, and integrate security with developer tools.Prisma Cloudwaap / TalsecTalsec is a community-driven and academic-based cybersecurity company. We are known by App developers and trusted by known FinTech brands due to our advanced in-app protection and monitoring SDK that is available in freemium mode on GitHub for iOS/Android native and Flutter developers. The company is based in the Faculty of Informatics of Masaryk University in Brno (Czech Republic). Talsec technology has eight years (est. 2014) of evolution and is based on our expertise in mBanking solutions for the top banks on the EU market. Talsecwaap / GuardRailsGuardRails is a continuous application security verification platform that empowers modern development teams to find, fix and prevent vulnerabilities related to source code, open source libraries, secret management and cloud configuration.GuardRailsBug BountyAppSec Map Categories include AST, Application proaction tools and AppSec Services.Bug BountybugBounty / bugcrowdBugcrowd helps organizations leverage the expertise of white hat hackers through bug bounty, penetration testing, and vulnerability disclosure programs. See how crowdsourced security can help your team identify risks fasterbugcrowd
dast / AcunetixAcunetix (by Invicti) is an automated application security testing tool that enables small security teams to tackle huge application security challenges. With fast scanning, comprehensive results, and intelligent automation, Acunetix helps organizations to reduce risk across all types of web applicationsAcunetixdast / DetectifyDetectify is an automated scanner that checks web application for 2000+ vulnerabilities and monitors subdomains for hostile takeovers. They work closely with the ethical hacking community to turn the latest security findings into vulnerability tests and help discover security issues before someone else doesDetectifydast / FortifyBuild secure software fast. Our application security platform automates testing throughout the CI/CD pipeline so developers can quickly resolve issues.Fortifywaap / BLST SecurityBLST Security has a two-pronged strategy: We have an open source offering. Any API developer can upload their Swagger file, and from that Swagger, he can deduce a lot, including a visualization of how his API mesh works. Using our premium service, you will see how your APIs interact with each other, how data flows between them, what happens in the real world and get total visibility. We map how your services interact so you get total understanding and detailed security testing. Test the multi-step hops around the service, the custom business logic workflows like an ecommerce workflow or content editing workflows, and similar. Know exactly how your entire system works.BLST Securitywaap / 42Crunch42Crunch provides continuous API security to protect the digital business. Our unique developer-first API security platform enables developers to build and automate security into their API development pipeline and gives security teams full visibility and control of security policy enforcement throughout the API lifecycle. Deployed by Global 2500 enterprises and over 500,000 developers worldwide, 42Crunch enables a seamless DevSecOps experience to reduce governance costs and accelerate the rollout of secure APIs. 42CrunchbugBounty / YesWeHackYesWeHack offers companies an innovative approach to cybersecurity with bug bountyYesWeHackbugBounty / safehatsSafehats is providing bug bounty and vulnerability disclosure services to enterprisessafehatsbugBounty / hackeroneReduce the risk of a security incident by working with the world's largest community of hackers. HackerOne offers bug bounty, VDP, & pentest solutionshackerone
dast / WhiteHatThe WhiteHat Application Security Platform provides all of the services required to secure the entire software development lifecycle.WhiteHatdast / Rapid7 InsightAppSec Total Risk brings Rapid7’s proven Application Security technologyto the Insight platform, combining powerful application crawling and attack capabilities, flexibility in scan scope and scheduling, and accuracy in results with a modern UI, intuitive workflows, and sensible data organization. It’s all delivered via the cloud so that customers can be up and running in minutes, identifying the critical security risks that exist in your application and providing a holistic approach to securing your web apps across your SDLC, from the identification and remediation of vulnerabilities to the detection and prevention of real-time attacks. Rapid7dast / netsparkerNetsparker is an automated, yet fully configurable, web application security scanner that enables you to scan websites, web applications and web services, and identify security flawsnetsparkerbugBounty / SynackThe Synack Platform provides comprehensive penetration testing with actionable results and continuous security scaled by the world's most skilled ethical hackers and AI technologySynackbugBounty / intigritiIntigriti offers bug bounty and agile penetration testing solutions powered by Europe's #1 leading network of ethical hackersintigritibugBounty / zerocopterZerocopter is a continuous security platform for businesses and security researcherszerocopter
dast / VeracodeMove your business forward by creating secure software, reducing the risk of breach, and increasing security and dev teams' productivityVeracodedast / ProjectDiscoveryProjectDiscovery is a remote-first open-source software company simplifying security operations for hackers and developersProjectDiscoverydast / OWASPOWASP Foundation, the Open Source Foundation for Application Security on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of softwareOWASPRASPAppSec Map Categories include AST, Application proaction tools and AppSec Services.RASPrasp / Signal SciencesSignal Sciences' next-gen WAF and RASP protects web applications, APIs and microservicesSignal SciencesbugBounty / HackrateHackrate platform helps companies to identify software vulnerabilities in a cost-efficient way. It provides a secure and centralized view of ethical hacking projects for your company. Hackrate
dast / PortSwiggerPortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilitiesPortSwiggerdast / GitLabIntegrating security into your DevOps lifecycle is easy with GitLab. Security is built-in, out of the box, giving you the visibility and control necessary to protect the integrity of your software supply chain, software factory, and its deliverables.GitLabdast / SynopsysSynopsys is an American electronic design automation company that focuses on silicon design and verification, silicon intellectual property and software security and qualitySynopsysrasp / Data TheoremData Theorem prevents AppSec data breaches. Our products focus on API Security (RESTful & GraphQL), Cloud (Serverless Apps & CSPM), mobile apps (iOS & Android), and WebApps (Single-Page Apps).Data Theoremrasp / FortifyBuild secure software fast. Our application security platform automates testing throughout the CI/CD pipeline so developers can quickly resolve issues.Fortifyrasp / Rapid7 InsightAppSec Total Risk brings Rapid7’s proven Application Security technologyto the Insight platform, combining powerful application crawling and attack capabilities, flexibility in scan scope and scheduling, and accuracy in results with a modern UI, intuitive workflows, and sensible data organization. It’s all delivered via the cloud so that customers can be up and running in minutes, identifying the critical security risks that exist in your application and providing a holistic approach to securing your web apps across your SDLC, from the identification and remediation of vulnerabilities to the detection and prevention of real-time attacks. Rapid7
dast / AppScanPowerful DevSecOps that pinpoints and remediates application vulnerabilities in every phase of the development lifecycle. AppScan delivers best-in-class application security testing tools to ensure your business, and your customers, are not vulnerable to attacks.AppScandast / SyhuntSyhunt Code is a staticapplication security scanner designed for testing Web applications written in avariety of languages. Find the vulnerable portions of the code in minutes before putting a web application in production.Syhuntdast / StackHawkStackHawk is an automated application and API DAST tool that runs in CI/CD, helping teams find vulnerabilities before they’re pushed into prod. Using StackHawk, developers can run security tests against a running application, no matter what language it is written in, or even test the underlying microservice. Developers are alerted if they are about to introduce a new vulnerability into production, and are equipped with all relevant information to troubleshoot the bug.StackHawkrasp / ContrastUnify security and development teams with one DevSecOps platform across the entire SDLC that increases accuracy, improves developer productivity, and scales for comprehensive software coverageContrastrasp / VeracodeMove your business forward by creating secure software, reducing the risk of breach, and increasing security and dev teams' productivityVeracoderasp / ImpervaImperva is a cyber security software and services company which provides protection to enterprise data and application softwareImpervaTrainingAppSec Map Categories include AST, Application proaction tools and AppSec Services.Trainingtraining / KontraAccelerating Application Security Training and Software Security Education through Interactive LearningKontra
dast / OffensityWhether you know it or not, your company is being attacked every 39 seconds. Will the hackers get in? With an average of 50 new published vulnerabilities per day, it’s impossible for you and your team to keep up on your own, and that’s why Offensity was built. Just enter your domain, and let Offensity do the rest - Offensity automatically suggests additional subdomains, performs regular, automated scans, and gives you crystal clear reports, with vulnerabilities ranked by risk and recommended actions for resolution. Now you can easily understand which risks actually pose a threat and how to fix them to keep your company safe - without needing to decipher complicated reports or spend hours manually testing. Here’s what Offensity does for you: * Discovers unintentionally accessible internal services or open ports, as well as hidden and abusable files or endpoints not intended for the public * Detects outdated and exploitable server software * Uncovers weak employee credentials * Highlights weak security server configurations * Reveals vulnerabilities in your web applications, and reviews and tests new exploits Offensitydast / MayhemWith Mayhem, ForAllSecure delivers an autonomous security testing solution that pushes the boundaries of software. Mayhem maximizes development productivity by integrating layers of dynamic security testing into continuous workflows to deliver timely validated fixes directly to developers. By intelligently automating the testing and maintenance of software, Mayhem allows developers to focus on building new features, new software, and new tomorrows.Mayhemdast / APIsecAPIsec is able to learn an API, create API security tests and run these attack playbooks against any API. Our SaaS product fits into any stage of your API CI/CD Pipeline, uncovering the vulnerabilities that will result in a breach before it ever happens.APIsecrasp / Prisma CloudCLOUD WORKLOAD PROTECTION Secure hosts, containers and serverless functions across the application lifecycle. CLOUD CODE SECURITY Secure configurations, scan code, and integrate security with developer tools.Prisma Cloudrasp / TalsecTalsec is a community-driven and academic-based cybersecurity company. We are known by App developers and trusted by known FinTech brands due to our advanced in-app protection and monitoring SDK that is available in freemium mode on GitHub for iOS/Android native and Flutter developers. The company is based in the Faculty of Informatics of Masaryk University in Brno (Czech Republic). Talsec technology has eight years (est. 2014) of evolution and is based on our expertise in mBanking solutions for the top banks on the EU market. Talsecrasp / K2ioK2 Cyber Security delivers signature-less runtime application protection to secure web applications and container workloads against sophisticated attacks in OWASP Top 10 and provides exploitable vulnerability detection during pre-production. K2’s Platform is deployed on production servers for runtime protection of applications and on pen-testing/pre-production/QA servers for interactive application security testing to identify the location of the vulnerable code. K2’s solution generates virtually no false positives, eliminates breaches due to zero-day attacks, detects attacks missed by traditional security tools like WAFs and host based EDR, finds missed exploitable vulnerabilities and dramatically reduces security cost.K2iotraining / Data TheoremData Theorem prevents AppSec data breaches. Our products focus on API Security (RESTful & GraphQL), Cloud (Serverless Apps & CSPM), mobile apps (iOS & Android), and WebApps (Single-Page Apps).Data Theoremtraining / WhiteHatThe WhiteHat Application Security Platform provides all of the services required to secure the entire software development lifecycle.WhiteHattraining / PortSwiggerPortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilitiesPortSwigger
dast / ProbelyProbely is a web vulnerability scanner for agile teams. It finds vulnerabilities or security issues in web applications & APIs and provides guidance on fixing them. It can be integrated into development processes (SDLC) and continuous integration pipelines (CI/CD) to automate security testing. Probely narrows the gap between development, security, and operations by making security an intrinsic characteristic of the web development life-cycle and achieving fast time-to-market.Probelydast / BrightBright Security is a developer-first Dynamic Application Security Testing (DAST) scanner, enabling you to bake security testing across your development and CI/CD pipelines. Minimize your security and technical debt by scanning early and often, on every build. With NO false positives, there is no need for manual validation of security findings, removing costly and time consuming human bottlenecks that cripple your rapid releases and drain your security team’s limited resources. Bright is easy to use, fast & integrates into your pipelines to test your applications and APIs (SOAP, REST, GraphQL), built for modern technologies and architectures. With automated Business Logic Security Testing, detect more complex vulnerabilities to minimise your reliance on periodic manual testing to be secure by design, with full visibility of your cyber posture to understand your risk and compliment your compliance. Brightdast / Code IntelligenceCode Intelligence offers a CI/CD-agnostic platform for automated software security testing. The platform empowers developers to find and fix vulnerabilities long before they reach production and supports them in achieving reproducible testing results, without false positives.Code Intelligencerasp / LaceworkLacework creates a temporal baseline built from collecting detailed machine/process/users interactions, then uses this to detect anomalies, generate appropriate alerts, and provide details for users to investigate and triage issues.Laceworkrasp / Waratek SecureWaratek is the only Application Security platform that automates the manual process of fixing code vulnerabilities.Waratek Securerasp / AppSealingAppSealing has been working with companies like Bajajfinserv, Kotak, HDFC, Edelweiss, and other companies to ensure their mobile apps and customers' data are safe from reverse engineering, tampering, and other unknown threats. At AppSealing we're helping companies win over millions of customers while we shoulder the responsibility of: - Protecting Resources from Fraud - Stop cheating tools - Preventing Cloning Attempts - Stopping monetary frauds and securing in-app purchases - Ensuring Regulatory Compliance It mobile app threats in runtime that can cause unexpected negative consequences, including: - Customer loss - Revenue loss - Reputational damage - Loss of competitive advantage - Fines and retribution - Incident handling costs - Investor mistrust With AppSealing you never have to worry about security when you are building mobile apps for your customers. Build the apps you and your customers want, the way you want to, and AppSealing will take care of the security!AppSealingtraining / security compassSecurity Compass is a cybersecurity company that offers professional advisory services, training, and balanced development through SD Elementssecurity compasstraining / Secure Code WarriorSecure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their software security skillsSecure Code Warriortraining / Offensive SecurityOffensive Security is an American international company working in information security, penetration testing and digital forensics.Offensive Security
dast / SOOSSCA tools with support for all well-known CI/CDs. License analysis. Governance. Deep dependency tree analysis with advanced introduction path data. SBOM output in Cyclone + SPDX, plus VEX (ingest coming soon). No scan limits. No seat limits. DAST solution includes no scan limits, request/response details, API scanning, authenticated scanning, and reports to same web dashboard as SCA results.SOOSdast / OxeyeOxeye application security platform contextually detects, analyzes, and prioritizes vulnerabilities in custom code, open-source components, 3rd party binaries, and hard-coded secrets. Oxeye's innovative approach combines static and runtime analysis of all the components and layers of modern applications - code, container, cluster, cloud, and the connections and communications among them. Using this data allows Oxeye to significantly reduce false positives, detect vulnerabilities that span code and infrastructure, generate an exploitable-based risk assessment of all vulnerabilities, and provide a detailed view of potential attack paths in the application from the externally facing API, down to the specific line of code in the inner services. Deploying Oxeye takes less than 2 minutes Oxeyedast / QualysRefer to https://www.qualys.com/apps/web-app-scanning/Qualystraining / SANS InstituteFounded in 1989, SANS specializes in information security, cybersecurity training, and certification.SANS Institutetraining / SecureflagSecureFlag provides a powerful yet user-friendly way for enterprises to strengthen their secure coding practices. Developers learn secure coding at their own pace with updated examples and hands-on practice that improves their competency and prepares the organization to confidently achieve its business goals.Secureflagtraining / PentesterLabPentesterLab is an online learning platform dedicated to application security. It covers attacking web applications, API, code review and the latest CVE.PentesterLab
Bot MitigationAppSec Map Categories include AST, Application proaction tools and AppSec Services.Bot MitigationbotMitigation / Signal SciencesSignal Sciences' next-gen WAF and RASP protects web applications, APIs and microservicesSignal Sciencestraining / TryHackMeHand-on cyber security training through real-word scenariosTryHackMetraining / Hack The BoxHack The Box provides a training platform and community designed for advancing skills in penetration testing and cybersecurity.Hack The Boxtraining / AvataoAvatao generates real-life scenarios of security best practices for development and security teams, so that they can improve their secure coding skills and prevent common mistakes.Avatao
SCAAppSec Map Categories include AST, Application proaction tools and AppSec Services.SCAsca / Data TheoremData Theorem prevents AppSec data breaches. Our products focus on API Security (RESTful & GraphQL), Cloud (Serverless Apps & CSPM), mobile apps (iOS & Android), and WebApps (Single-Page Apps).Data TheorembotMitigation / CequenceRuntime API visibility, security risk monitoring, and patented behavioral fingerprinting technology to consistently detect and protect against online attacks.CequencebotMitigation / ReblazeReblaze is a cloud-based platform that provides a comprehensive, dynamic, machine-intelligent security and control solution for web platformsReblazebotMitigation / L7 DefenseL7 Defense helps organizations protect their infrastructure, applications, customers, employees, and partners against the growing risk of API-borne attacksL7 Defensetraining / NowSecureNowSecure is the mobile app security and privacy software company trusted by hundreds of the world’s most demanding organizations and most advanced security teams. From mobile-powered digital transformation to mobile-first innovators, NowSecure protects millions of mobile app users across banking, insurance, high tech, IOT, retail, hospitality, transportation, energy and government sectors. NowSecure ensures confidence that your organization is protecting your mobile app users, customers, partners and employees. Only NowSecure delivers fully automated mobile app security, API security and privacy testing software and services with speed, accuracy, and efficiency for enterprise-wide risk management, Agile and DevSecOps programs. Through automated continuous SAST/DAST/IAST/API Security Testing on real Android and iOS devices, NowSecure identifies the broadest array of security threats, compliance gaps and privacy risks. With more than a decade of mobile security expertise, NowSecure is SOC2 certified and was twice recognized as the worldwide leader in 2019 IDC MarketScape reports for Mobile Application Security Testing and named a DevSecOps Transformational leader by Gartner in 2020.NowSecuretraining / AppSecEngineerAppSecEngineer is an all-in-one training platform for all your application security needs. From Cloud Security to DevSecOps, Threat Modeling to Kubernetes, we've got over 30+ courses for you. What's more, our courses come with 400+ hands-on labs so you get practical, real-world experience with every lesson. Our training team consists of Industry leaders led by Abhay Bhargav.AppSecEngineertraining / we45we45 provides range of customized security solutions which consists of AppSec Security services, Cloud and Kubernetes security solutions, security architecture review services and Threat modeling to name the top ones. Established in 2009 by leading AppSec researcher Abhay Bhargav, it is now serving clients across the globe.we45
sca / CheckmarxCheckmarx CxSAST is a unique source code analysis solution that provides tools for identifying, tracking, and repairing technical and logical flaws in the source code, such as security vulnerabilities, compliance issues, and business logic problemsCheckmarxsca / FortifyBuild secure software fast. Our application security platform automates testing throughout the CI/CD pipeline so developers can quickly resolve issues.Fortifysca / WhiteHatThe WhiteHat Application Security Platform provides all of the services required to secure the entire software development lifecycle.WhiteHatbotMitigation / CloudflareCloudflare is a web performance and security company that provides online services to protect and accelerate websites onlineCloudflarebotMitigation / perimeterXProtect your web apps against account takeover, carding, denial of inventory, scalping, skewed analytics, digital skimming, Magecart, PII harvesting, scrapingperimeterXbotMitigation / AkamaiAkamai Technologies is a global content delivery network (CDN), cybersecurity, and cloud service company, providing web and Internet security servicesAkamaitraining / FaradayFaraday empowers security teams world-wide with most flexible, intuitive and reliable vulnerability management technology to detect and triage issues at speed of business. They also have a boutique-style department delivering security consulting services to cutting-edge companies.Faradaytraining / GuardRailsGuardRails is a continuous application security verification platform that empowers modern development teams to find, fix and prevent vulnerabilities related to source code, open source libraries, secret management and cloud configuration.GuardRailstraining / Security JourneyOur programmatic approach, based on learning-science principles, delivers five fully-customizable paths that give all learners a foundation of security knowledge and developers the tools and skills to become security championsSecurity Journey
sca / sonatypeIt allows you to proxy, collect, and manage your dependencies so that you are not constantly juggling a collection of JARs. It makes it easy to distribute your software. Internally, you configure your build to publish artifacts to Nexus and they then become available to other developerssonatypesca / ContrastUnify security and development teams with one DevSecOps platform across the entire SDLC that increases accuracy, improves developer productivity, and scales for comprehensive software coverageContrastsca / VeracodeMove your business forward by creating secure software, reducing the risk of breach, and increasing security and dev teams' productivityVeracodebotMitigation / radwareRadware is a provider of cybersecurity and application delivery products for physical, cloud and software-defined data centersradwarebotMitigation / ImpervaImperva is a cyber security software and services company which provides protection to enterprise data and application softwareImpervabotMitigation / F5F5 is a company that specializes in application delivery networking (ADN) and application securityF5training / Immersive LabsAppSec, part of Immersive Labs’ Cyber Workforce Resilience Platform, provides hands-on content experiences that simulate real-world application security situations. These simulations measure and improve application development teams’ abilities on secure coding, tooling, and testing, and can be used across the entire software development lifecycle (SDLC).Immersive Labstraining / Katilyst Securitypplication Security Consulting, Security Culture Change & Behavior Reinforcement solutionsKatilyst Security
sca / SnykSnyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.Snyksca / GitLabIntegrating security into your DevOps lifecycle is easy with GitLab. Security is built-in, out of the box, giving you the visibility and control necessary to protect the integrity of your software supply chain, software factory, and its deliverables.GitLabsca / GitHubSee security issues in your pull requests as part of your code review process. Prevent new vulnerabilities from making it onto main.GitHubbotMitigation / KasadaBot mitigation designed to beat cybercriminals at their own game. Frustrate, deceive and strike back.KasadabotMitigation / DataDomeAnti-bot protection solution delivered as-a-serviceDataDomebotMitigation / NetaceaProtect your websites, mobile apps and APIs from the threats posed by bots such as scrapers, scalpers, carding, credential stuffing and other automated attacks.Netacea
sca / MendMend secures developers' applications helping them deliver quality, secure code faster. Removing the AppSec burden, we free developers to build the apps that power the world.Mendsca / SynopsysSynopsys is an American electronic design automation company that focuses on silicon design and verification, silicon intellectual property and software security and qualitySynopsyssca / ShiftLeftShiftLeft delivers a new model for protecting cloud or data center hosted softwareShiftLeftbotMitigation / Prisma CloudCLOUD WORKLOAD PROTECTION Secure hosts, containers and serverless functions across the application lifecycle. CLOUD CODE SECURITY Secure configurations, scan code, and integrate security with developer tools.Prisma CloudCode ReviewAppSec Map Categories include AST, Application proaction tools and AppSec Services.Code ReviewcodeReview / SonarQubeSonarQube® is an automatic code review tool to detect bugs, vulnerabilities, and code smells in your code. It can integrate with your existing workflow to enable continuous code inspection across your project branches and pull requests.SonarQube
sca / AppScanPowerful DevSecOps that pinpoints and remediates application vulnerabilities in every phase of the development lifecycle. AppScan delivers best-in-class application security testing tools to ensure your business, and your customers, are not vulnerable to attacks.AppScansca / JFrog XRAYXRAY is part of JFrog Unified Platform. Scan artifacts for vulnerabilities and fully integrated with other tools. In addition, XRAY might be used as standalone tool through CLI calls.JFrog XRAYsca / Trail of BitsHigh assurance software security consulting and applied researchTrail of BitscodeReview / CheckmarxCheckmarx CxSAST is a unique source code analysis solution that provides tools for identifying, tracking, and repairing technical and logical flaws in the source code, such as security vulnerabilities, compliance issues, and business logic problemsCheckmarxcodeReview / GuardRailsGuardRails is a continuous application security verification platform that empowers modern development teams to find, fix and prevent vulnerabilities related to source code, open source libraries, secret management and cloud configuration.GuardRailscodeReview / JFrog Advanced securityWe will be happy to set up a call to elaborate on our new capabilities and categories we supportJFrog Advanced security
sca / Dependency TrackDependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.Dependency Tracksca / SysdigSysdig enables you to Secure Your Cloud from Source to Run. Based on open-source Falco, Sysdig has built a platform for cloud and container security spanning the entire software development lifecycle. We present a unified view of risk – spanning vulnerabilities, misconfigurations, excess permissions as well as runtime threats and anomalies – across containers, Kubernetes and cloud infrastructure. Sysdig secures cloud-native workloads from source to run. Sysdig is based on open source Falco, which for those not familiar, can be thought of as Wireshark for the Cloud. Sysdig analyzes kernel system calls to provide deep visibility into container, host, and cluster activity. Sysdig taps into many data sources such as Kubernetes API audit events, cloud APIs and cloud audit logs to overlay security policy to the runtime environment in which containers live. Sysdig enables DevOps, security, and cloud teams understand exactly who did what and where, and keep their cloud-native environments secure. Sysdigsca / GuardRailsGuardRails is a continuous application security verification platform that empowers modern development teams to find, fix and prevent vulnerabilities related to source code, open source libraries, secret management and cloud configuration.GuardRailsCI/CD SecurityAppSec Map Categories include AST, Application proaction tools and AppSec Services.CI/CD SecurityCICDSecurity / CycodeCycode utilizes its patent-pending Source Path Intelligence engine to provide IT security teams with visibility across all of their on-premises and cloud-based source-code management systems, automatically detecting and responding to anomalies in source code access, movement, and manipulationCycode
sca / SocketSocket helps software businesses use open source software and stay secure. Socket analyzes open source dependencies to proactively identify supply chain risk and block supply chain attacks. Thousands of organizations and hundreds of thousands of developers depend on Socket to prevent malicious open source packages from infiltrating their apps. Socket audits every open source package to detect supply chain attacks – malware, typo-squats, hidden code, misleading packages, permission creep – and block it in real-time.Socketsca / SOOSSCA tools with support for all well-known CI/CDs. License analysis. Governance. Deep dependency tree analysis with advanced introduction path data. SBOM output in Cyclone + SPDX, plus VEX (ingest coming soon). No scan limits. No seat limits. DAST solution includes no scan limits, request/response details, API scanning, authenticated scanning, and reports to same web dashboard as SCA results.SOOSsca / OxeyeOxeye application security platform contextually detects, analyzes, and prioritizes vulnerabilities in custom code, open-source components, 3rd party binaries, and hard-coded secrets. Oxeye's innovative approach combines static and runtime analysis of all the components and layers of modern applications - code, container, cluster, cloud, and the connections and communications among them. Using this data allows Oxeye to significantly reduce false positives, detect vulnerabilities that span code and infrastructure, generate an exploitable-based risk assessment of all vulnerabilities, and provide a detailed view of potential attack paths in the application from the externally facing API, down to the specific line of code in the inner services. Deploying Oxeye takes less than 2 minutes OxeyeCICDSecurity / GitGuardianSecure your software development with automated secrets detection & remediation for private or public source code.GitGuardianCICDSecurity / BluBracketFrom secrets and PII to misconfigurations and code proliferation, BluBracket reduces risk at every stage of your software development process.BluBracketCICDSecurity / SpectralSpectral Cyber Technologies provides an automated code security platform for companies and developers. Spectral’s developer-first approach enables software to be secured and shipped freely on any platform through real-time detection and mitigation of security flaws that can lead to massive data breaches and business continuity issuesSpectralEASMAppSec Map Categories include AST, Application proaction tools and AppSec Services.EASMeasm / DetectifyDetectify is an automated scanner that checks web application for 2000+ vulnerabilities and monitors subdomains for hostile takeovers. They work closely with the ethical hacking community to turn the latest security findings into vulnerability tests and help discover security issues before someone else doesDetectify
sca / JFrog Advanced securityWe will be happy to set up a call to elaborate on our new capabilities and categories we supportJFrog Advanced securitysca / Endor LabsEndor Labs goes beyond known vulnerabilities and gives developers and security teams the context they need to prioritize open source risk and save thousands of hours.Endor LabsCICDSecurity / Apiiroapiiro is the industry's first Code Risk Platform™ to aid application and infrastructure stakeholders to accelerate delivery by automatically reducing product risk with every material change before it is shipped to productionApiiroCICDSecurity / argonArgon Security is the developer of an innovative unified security solution designed to protect the integrity of the DevOps pipelineargonCICDSecurity / Data TheoremData Theorem prevents AppSec data breaches. Our products focus on API Security (RESTful & GraphQL), Cloud (Serverless Apps & CSPM), mobile apps (iOS & Android), and WebApps (Single-Page Apps).Data Theoremeasm / ReposifySee your unknown exposed assets and shadow IT risks in real-time before attackers exploit them.Reposifyeasm / CyCognitoAutomated attack surface protection platform discovers previously unknown exposed assets, prioritizes risks and accelerates remediation.CyCognitoeasm / CynergyContinuously Identify all the assets associated in your organization and can be identified from the web, Publicly exposed cloud interfaces, subdomains, websites and employee leaked date.We verify that the new code developments and deployment are vulnerability-free, by actively trying to exploit them. This way we only highlight the vulnerabilities which need to get your attention. Not exploitable, Not prioritized.Based on the identified exploitable vulnerabilities, we build a prioritized action plan. This action plan can be directly acted upon from the Cynergy platform, Assignment of activities, ticketing management, outsourcing, and much more.Cynergy
CICDSecurity / StackHawkStackHawk is an automated application and API DAST tool that runs in CI/CD, helping teams find vulnerabilities before they’re pushed into prod. Using StackHawk, developers can run security tests against a running application, no matter what language it is written in, or even test the underlying microservice. Developers are alerted if they are about to introduce a new vulnerability into production, and are equipped with all relevant information to troubleshoot the bug.StackHawkCICDSecurity / AtomistA DevSecOps tool allows developers and AppSec teams to keep up to date and prevent new vulnerabilities. Without ever slowing down shipping.AtomistCICDSecurity / MayhemWith Mayhem, ForAllSecure delivers an autonomous security testing solution that pushes the boundaries of software. Mayhem maximizes development productivity by integrating layers of dynamic security testing into continuous workflows to deliver timely validated fixes directly to developers. By intelligently automating the testing and maintenance of software, Mayhem allows developers to focus on building new features, new software, and new tomorrows.Mayhemeasm / RescanaReduce the risks of your Extended Attack Surface in a streamlined and compliance way - see the attacker's point of view, assess third parties automatically as well as with Questionnaires, and integrate it all into your business processesRescanaeasm / ExpanseExpanse continuously monitors your global Internet attack surface. We assess and prioritize risks to make it easier for security professionals to take action on the highest-consequence items.Expanseeasm / RiskIQRiskIQ is the world's only platform with patented Internet Intelligence Graph technology, security intelligence—unified. · Intelligence · Dataset · Domain Records.RiskIQ
IASTAppSec Map Categories include AST, Application proaction tools and AppSec Services.IASTiast / Data TheoremData Theorem prevents AppSec data breaches. Our products focus on API Security (RESTful & GraphQL), Cloud (Serverless Apps & CSPM), mobile apps (iOS & Android), and WebApps (Single-Page Apps).Data TheoremCICDSecurity / Prisma CloudCLOUD WORKLOAD PROTECTION Secure hosts, containers and serverless functions across the application lifecycle. CLOUD CODE SECURITY Secure configurations, scan code, and integrate security with developer tools.Prisma CloudCICDSecurity / ArnicaArnica minimizes operational risk and optimizes cost for DevOps teams by enhancing security measures within the existing developer toolsetArnicaCICDSecurity / Orca SecurityOrca Security provides comprehensive cloud-native security across the full application development lifecycle (including IaC template and container image scanning), detecting vulnerabilities, malware, misconfigurations, lateral movement risks, weak and leaked passwords, and sensitive data at risk on AWS, Azure and Google Cloud.Orca Securityeasm / CyberpionCyberpion is the only External Attack Surface Management (EASM) platform that enables you to find and eliminate the risks in your entire digital supply chain before attackers use them to breach your organization. Cyberpion empowers enterprises to discover, asses risks and protect against the invisible attack surface of their hyperconnected online ecosystem. Cyberpion allows to: * Discover vulnerable IT assets beyond just third-parties * Assess vulnerabilities for the risk they represent to you * Streamline team processes to effectively manage your external attack surfaceCyberpioneasm / FaradayFaraday empowers security teams world-wide with most flexible, intuitive and reliable vulnerability management technology to detect and triage issues at speed of business. They also have a boutique-style department delivering security consulting services to cutting-edge companies.Faraday
iast / AcunetixAcunetix (by Invicti) is an automated application security testing tool that enables small security teams to tackle huge application security challenges. With fast scanning, comprehensive results, and intelligent automation, Acunetix helps organizations to reduce risk across all types of web applicationsAcunetixiast / CheckmarxCheckmarx CxSAST is a unique source code analysis solution that provides tools for identifying, tracking, and repairing technical and logical flaws in the source code, such as security vulnerabilities, compliance issues, and business logic problemsCheckmarxiast / FortifyBuild secure software fast. Our application security platform automates testing throughout the CI/CD pipeline so developers can quickly resolve issues.FortifyCICDSecurity / BrightBright Security is a developer-first Dynamic Application Security Testing (DAST) scanner, enabling you to bake security testing across your development and CI/CD pipelines. Minimize your security and technical debt by scanning early and often, on every build. With NO false positives, there is no need for manual validation of security findings, removing costly and time consuming human bottlenecks that cripple your rapid releases and drain your security team’s limited resources. Bright is easy to use, fast & integrates into your pipelines to test your applications and APIs (SOAP, REST, GraphQL), built for modern technologies and architectures. With automated Business Logic Security Testing, detect more complex vulnerabilities to minimise your reliance on periodic manual testing to be secure by design, with full visibility of your cyber posture to understand your risk and compliment your compliance. BrightCICDSecurity / SysdigSysdig enables you to Secure Your Cloud from Source to Run. Based on open-source Falco, Sysdig has built a platform for cloud and container security spanning the entire software development lifecycle. We present a unified view of risk – spanning vulnerabilities, misconfigurations, excess permissions as well as runtime threats and anomalies – across containers, Kubernetes and cloud infrastructure. Sysdig secures cloud-native workloads from source to run. Sysdig is based on open source Falco, which for those not familiar, can be thought of as Wireshark for the Cloud. Sysdig analyzes kernel system calls to provide deep visibility into container, host, and cluster activity. Sysdig taps into many data sources such as Kubernetes API audit events, cloud APIs and cloud audit logs to overlay security policy to the runtime environment in which containers live. Sysdig enables DevOps, security, and cloud teams understand exactly who did what and where, and keep their cloud-native environments secure. SysdigCICDSecurity / Code IntelligenceCode Intelligence offers a CI/CD-agnostic platform for automated software security testing. The platform empowers developers to find and fix vulnerabilities long before they reach production and supports them in achieving reproducible testing results, without false positives.Code Intelligence
iast / ContrastUnify security and development teams with one DevSecOps platform across the entire SDLC that increases accuracy, improves developer productivity, and scales for comprehensive software coverageContrastiast / SynopsysSynopsys is an American electronic design automation company that focuses on silicon design and verification, silicon intellectual property and software security and qualitySynopsysiast / AppScanPowerful DevSecOps that pinpoints and remediates application vulnerabilities in every phase of the development lifecycle. AppScan delivers best-in-class application security testing tools to ensure your business, and your customers, are not vulnerable to attacks.AppScanCICDSecurity / GuardRailsGuardRails is a continuous application security verification platform that empowers modern development teams to find, fix and prevent vulnerabilities related to source code, open source libraries, secret management and cloud configuration.GuardRailsCICDSecurity / DefectDojoCI/CD Automation and Tracking Vulnerability Management Track Vital Product InformationDefectDojoCICDSecurity / JFrog Advanced securityWe will be happy to set up a call to elaborate on our new capabilities and categories we supportJFrog Advanced security
iast / K2ioK2 Cyber Security delivers signature-less runtime application protection to secure web applications and container workloads against sophisticated attacks in OWASP Top 10 and provides exploitable vulnerability detection during pre-production. K2’s Platform is deployed on production servers for runtime protection of applications and on pen-testing/pre-production/QA servers for interactive application security testing to identify the location of the vulnerable code. K2’s solution generates virtually no false positives, eliminates breaches due to zero-day attacks, detects attacks missed by traditional security tools like WAFs and host based EDR, finds missed exploitable vulnerabilities and dramatically reduces security cost.K2ioiast / OxeyeOxeye application security platform contextually detects, analyzes, and prioritizes vulnerabilities in custom code, open-source components, 3rd party binaries, and hard-coded secrets. Oxeye's innovative approach combines static and runtime analysis of all the components and layers of modern applications - code, container, cluster, cloud, and the connections and communications among them. Using this data allows Oxeye to significantly reduce false positives, detect vulnerabilities that span code and infrastructure, generate an exploitable-based risk assessment of all vulnerabilities, and provide a detailed view of potential attack paths in the application from the externally facing API, down to the specific line of code in the inner services. Deploying Oxeye takes less than 2 minutes OxeyeCICDSecurity / Endor LabsEndor Labs goes beyond known vulnerabilities and gives developers and security teams the context they need to prioritize open source risk and save thousands of hours.Endor Labs
IaCAppSec Map Categories include AST, Application proaction tools and AppSec Services.IaCiacSecurity / BridgeCrewBridgecrew scans entire IaC templates for misconfigurations. In runtime, each of the following cloud resource types are counted as a resource. For AWS: EC2, RDS, Redshift, ELB, NAT gateway. For Azure: Virtual Machines, SQL DB, PostgreSQL DB, SQL Managed Instance, Load Balancer. For Google Cloud: GCE, Cloud SQL DB, Load Balancer, Cloud NAT.BridgeCrew
iacSecurity / Orca SecurityOrca Security provides comprehensive cloud-native security across the full application development lifecycle (including IaC template and container image scanning), detecting vulnerabilities, malware, misconfigurations, lateral movement risks, weak and leaked passwords, and sensitive data at risk on AWS, Azure and Google Cloud.Orca SecurityiacSecurity / TrivyTrivy (tri pronounced like trigger, vy pronounced like envy) is a simple and comprehensive vulnerability/misconfiguration/secret scanner for containers and other artifacts. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and language-specific packages (Bundler, Composer, npm, yarn, etc.). In addition, Trivy scans Infrastructure as Code (IaC) files such as Terraform and Kubernetes, to detect potential configuration issues that expose your deployments to the risk of attack. Trivy also scans hardcoded secrets like passwords, API keys and tokens. Trivy is easy to use. Just install the binary and you're ready to scan. All you need to do for scanning is to specify a target such as an image name of the container.TrivyiacSecurity / SysdigSysdig enables you to Secure Your Cloud from Source to Run. Based on open-source Falco, Sysdig has built a platform for cloud and container security spanning the entire software development lifecycle. We present a unified view of risk – spanning vulnerabilities, misconfigurations, excess permissions as well as runtime threats and anomalies – across containers, Kubernetes and cloud infrastructure. Sysdig secures cloud-native workloads from source to run. Sysdig is based on open source Falco, which for those not familiar, can be thought of as Wireshark for the Cloud. Sysdig analyzes kernel system calls to provide deep visibility into container, host, and cluster activity. Sysdig taps into many data sources such as Kubernetes API audit events, cloud APIs and cloud audit logs to overlay security policy to the runtime environment in which containers live. Sysdig enables DevOps, security, and cloud teams understand exactly who did what and where, and keep their cloud-native environments secure. Sysdig
iacSecurity / GuardRailsGuardRails is a continuous application security verification platform that empowers modern development teams to find, fix and prevent vulnerabilities related to source code, open source libraries, secret management and cloud configuration.GuardRailsiacSecurity / JFrog Advanced securityWe will be happy to set up a call to elaborate on our new capabilities and categories we supportJFrog Advanced security
MASTAppSec Map Categories include AST, Application proaction tools and AppSec Services.MASTmast / Data TheoremData Theorem prevents AppSec data breaches. Our products focus on API Security (RESTful & GraphQL), Cloud (Serverless Apps & CSPM), mobile apps (iOS & Android), and WebApps (Single-Page Apps).Data Theorem
mast / FortifyBuild secure software fast. Our application security platform automates testing throughout the CI/CD pipeline so developers can quickly resolve issues.Fortifymast / WhiteHatThe WhiteHat Application Security Platform provides all of the services required to secure the entire software development lifecycle.WhiteHatmast / Rapid7 InsightAppSec Total Risk brings Rapid7’s proven Application Security technologyto the Insight platform, combining powerful application crawling and attack capabilities, flexibility in scan scope and scheduling, and accuracy in results with a modern UI, intuitive workflows, and sensible data organization. It’s all delivered via the cloud so that customers can be up and running in minutes, identifying the critical security risks that exist in your application and providing a holistic approach to securing your web apps across your SDLC, from the identification and remediation of vulnerabilities to the detection and prevention of real-time attacks. Rapid7
mast / VeracodeMove your business forward by creating secure software, reducing the risk of breach, and increasing security and dev teams' productivityVeracodemast / SynopsysSynopsys is an American electronic design automation company that focuses on silicon design and verification, silicon intellectual property and software security and qualitySynopsysmast / ImmuniWebAI-Enabled Attack Surface Management, Dark Web Monitoring, & Application Penetration Testing solutions tailored to reduce complexity & costsImmuniWeb
mast / SyhuntSyhunt Code is a staticapplication security scanner designed for testing Web applications written in avariety of languages. Find the vulnerable portions of the code in minutes before putting a web application in production.Syhuntmast / NowSecureNowSecure is the mobile app security and privacy software company trusted by hundreds of the world’s most demanding organizations and most advanced security teams. From mobile-powered digital transformation to mobile-first innovators, NowSecure protects millions of mobile app users across banking, insurance, high tech, IOT, retail, hospitality, transportation, energy and government sectors. NowSecure ensures confidence that your organization is protecting your mobile app users, customers, partners and employees. Only NowSecure delivers fully automated mobile app security, API security and privacy testing software and services with speed, accuracy, and efficiency for enterprise-wide risk management, Agile and DevSecOps programs. Through automated continuous SAST/DAST/IAST/API Security Testing on real Android and iOS devices, NowSecure identifies the broadest array of security threats, compliance gaps and privacy risks. With more than a decade of mobile security expertise, NowSecure is SOC2 certified and was twice recognized as the worldwide leader in 2019 IDC MarketScape reports for Mobile Application Security Testing and named a DevSecOps Transformational leader by Gartner in 2020.NowSecuremast / Trail of BitsHigh assurance software security consulting and applied researchTrail of Bits
mast / AppknoxAppknox is an on-demand mobile application security platform that helps businesses detect and fix security vulnerabilities using an Automated Security Testing suite which includes Static, Dynamic and API testing combined with manual penetration testing to ensure security is addressed all nine yards. Over 500+ mobile app businesses including Fortune 500 companies are going to market faster, protecting their brand identity, data and consumer privacy. Additionally, Appknox advocates and practices the DevSecOps framework to ensure that businesses address security vulnerabilities right from the first line of code to after the apps are in the market. That simply means a lot fewer breaches with a lot fewer fixes. Appknoxmast / esCheckerWe are the editor of the MAST (Mobile Application Security Testing) esChecker solution, whose brochure is attached and which I presented to you last week. Our MAST esChecker tool allows you to test the security level of a mobile application before putting it into production (Apple Store or Play Store) directly from the binary (APK and IPA) with all its components (SDK, Shielding ...): The platform offers static tests (SAST) and dynamic attacks (DAST). It covers the OWASP MASVS L2 + R level. It allows to record a user path to launch dynamic attacks (root, hook, code injection...) in the same conditions as an attacker and especially allows to check the app behavior through a video replay to avoid false positives. Our technology is innovative and has been identified by Gartner as having developed an advanced technology for security testing on mobile applications. esChecker
ASOCAppSec Map Categories include AST, Application proaction tools and AppSec Services.ASOCasoc / zeronorthBring security, DevOps and business teams together to improve application security performance and reduce organizational risk, with the ZeroNorth application security automation and orchestration platformzeronorth
asoc / VulcanVulcan Cyber is a cybersecurity company that helps enterprises quickly detect and fix vulnerabilities in their software stack and codeVulcanasoc / Code DxCode Dx is the only tool that integrates numerous open-source solutions for application vulnerability management. Practical solution for software securityCode Dxasoc / Kenna securityCollecting application security data from a wide range of sources, including SAST, DAST, SCA, penetration testing, and bug bounty programsKenna security
asoc / OrchestronWith Orchestron: Save time organizing vulnerabilities See how your application is improving Superior insight with powerful metadata Discover underlying flaws in your AppOrchestronasoc / GuardRailsGuardRails is a continuous application security verification platform that empowers modern development teams to find, fix and prevent vulnerabilities related to source code, open source libraries, secret management and cloud configuration.GuardRailsasoc / KonduktoThe Kondukto ASOC Platform automates and orchestrates all security testing data in one view to boost visibility, insight and control for AppSec teams to ease prioritization and triage most critical vulnerabilities in time, minus the noise and distractions.Kondukto
asoc / Phoenix SecurityPhoenix Security platform enables you to prioritize vulnerabilities from code to cloud, leveraging contextual-based intelligence. Phoenix Security helps you quickly quantify and minimise your cyber risk exposure delivering precise actions to the team that needs them. Phoenix Security helps scale your Application Security and Cloud Security programmes taking vulnerability management to the next level. Phoenix Security empowers you to ACT On Risk leveraging the APPSEC Phoenix Module and the Cloud Security Phoenix Modules - Saving time, - Minimising Cyber risk, - Actioning vulnerabilities, - RoI maximisation, - Threat modellingPhoenix Securityasoc / AppSOCAppSOC aggregates security findings from siloed AppSec tools, across all applications, with 95% alert reduction and 20X efficiency. It increases visibility into supply-chain risk and compliance. Integrated with SCA, SAST, IaC scanners it delivers deep CI/CD integration, advanced ML and DevSecOps orchestration.AppSOC
appsec
Copyright © enso.security | All Rights Reserved 2025
Privacy PolicyTerms of UseCookies PolicyAboutSitemap
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.