SecureAssist is a lightweight static analysis tool that automatically detects vulnerabilities and provides just-in-time security guidance to you as you code. With SecureAssist, you can eliminate the most common security problems, by checking your own code for security vulnerabilities, and using SecureAssist guidance to fix them.
Checkmarx is an Application Security software company, whose mission is to provide enterprise organizations with application security testing products and services that empower developers to deliver secure applications. Cx SAST is designed to seamlessly integrate with all development and application security methodologies.
AppSec Accelerator is an Application Security Managed Service that helps development organizations transition to a secure SDLC and combines SAST and DAST for the best possible security coverage. With AppSec Accelerator, our AppSec experts will help you streamline and automate your Application Security testing while embedding it within your development environment.
Black Duck’s multi-factor open source detection capabilities, in conjunction with Black Duck KnowledgeBase™, the most comprehensive database of open source component, vulnerability, and license information, enable you to research open source projects, mitigate security and license compliance risks, and automatically enforce open source policies using your existing DevOps tools and processes.
Signal Sciences secures the most important web applications, APIs, and microservices of the world’s leading companies. Our next-gen WAF and RASP help you increase security and maintain site reliability without sacrificing velocity, all at the lowest total cost of ownership. Learn how our patented approach can help you.
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It’s also a great tool for experienced pentesters to use […]
Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) created by Martin Roesch in 1998. Snort is now developed by Sourcefire, of which Roesch is the founder and CTO. In 2009, Snort entered InfoWorld’s Open Source Hall of Fame as one of the “greatest [pieces of] […]
Available as an open source tool and for the enterprise, CyberArk Conjur is a secrets management solution tailored specifically for the unique infrastructure requirements of native cloud and DevOps environments. The solution incorporates fundamental DevOps security principles, such as least privilege and segregation of duties, to secure and manage secrets used by non-human machine identities […]
Twistlock is the industry’s most complete, automated and scalable container cybersecurity platform. From precise, full-lifecycle vulnerability and compliance management to application-tailored runtime defense and cloud native firewalls, Twistlock secures your containers and modern applications against the next generation of threats across the entire application lifecycle.
SIEM log management, network and endpoint monitoring and forensics, and security analytics. LogRhythm claims to help customers detect and respond quickly to cyber threats before a material breach occurs. It also aims to provide compliance automation and assurance and IT predictive intelligence to organizations, government agencies, and mid-sized businesses.
Micro Focus Fortify Static Code Analyzer reduces software risk by identifying security vulnerabilities that pose the biggest threats to your organization. It pinpoints the root cause of the vulnerability, correlates and prioritizes results, and provides best practices so developers can develop code more securely.
Kiuwan is an end-to-end application security platform, providing a DevSecOps approach to securing your applications. Highlights: SAST + SCA, 30+ Languages, Web, Mobile & Legacy systems supported, discover open source vulnerabilities and license compliance, OWASP, CWE, SANS 25, PCI-DSS, HIPAA, WASC, MISRA-C, BIZEC, CERT-C, CERT-J.
Easily manage large-scale, distributed penetration testing tools across thousands of apps. Fortify on Demand is a managed application security testing service that enables organizations to quickly test the application security of a few applications or launch a comprehensive security program without additional investment in software and personnel.
Charles Proxy, the defacto tool for sniffing out any requests made between a frontend and a backend. It tracks response times, sizes of messages and can also be used to rewrite requests made to insert faulty data or trigger error codes on screens. Charles Proxy is also used by Security testers to test if an […]
OSSEC is a free, open-source host-based intrusion detection system (HIDS). It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and active response. It provides intrusion detection for most operating systems, including Linux, OpenBSD, FreeBSD, OS X, Solaris and Windows. OSSEC has a centralized, cross-platform architecture allowing multiple systems to be easily […]
Qualys Cloud Platform consists of integrated apps to help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for all your IT assets – on premises, in clouds and on mobile endpoints.