The Ultimate List of Software Security Tools

Signal Sciences Web Protection Platform

WebsiteWikipedia

Signal Sciences Web Protection Platform (WPP) provides comprehensive threat protection and security visibility for production web applications, microservices,…

Checkmarx AppSec Accelerator

WebsiteWikipedia

AppSec Accelerator is an Application Security Managed Service that helps development organizations transition to a secure SDLC and combines SAST and DAST…

Checkmarx SAST (Static Application Security Testing)

WebsiteWikipedia

Checkmarx is an Application Security software company, whose mission is to provide enterprise organizations with application security testing products…

OSSEC

WebsiteWikipedia

OSSEC is a free, open-source host-based intrusion detection system (HIDS). It performs log analysis, integrity checking, Windows registry monitoring, rootkit…

OWASP Zed Attack Proxy (ZAP)

WebsiteWikipedia

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers.…

WhiteHat

WebsiteWikipedia

WhiteHat Security combines technology and human intelligence to deliver the world's most powerful solution for application security. WhiteHat’s application…

LogRhythm SIEM

WebsiteWikipedia

SIEM log management, network and endpoint monitoring and forensics, and security analytics. LogRhythm claims to help customers detect and respond quickly…

Venafi Trust Protection Platform

WebsiteWikipedia

Venafi Trust Protection Platform (TPP) provides fully automated processes for injecting X.509 keys and certificates into Containers, VM's, CI/CD pipelines,…

Klocwork

WebsiteWikipedia

Klocwork by Rogue Wave Software provides source code analysis solutions that boost development productivity. Using static analysis technology, Klocwork…

Black Duck

WebsiteWikipedia

Black Duck's multi-factor open source detection capabilities, in conjunction with Black Duck KnowledgeBase™, the most comprehensive database of open source…

Gauntlt

WebsiteWikipedia

Automated Security Testing. Gauntlt provides hooks to a variety of security tools and puts them within reach of security, dev and ops teams to collaborate…

Charles Proxy

WebsiteWikipedia

Charles Proxy, the defacto tool for sniffing out any requests made between a frontend and a backend. It tracks response times, sizes of messages and can…

Burp Proxy

WebsiteWikipedia

Burp Proxy is an intercepting proxy server for security testing of web applications. It operates as a man-in-the-middle between your browser and the target…

CyberArk

WebsiteWikipedia

CyberArk is an information security company focused on privileged account security. The company's technology is deployed worldwide – primarily in the financial…

Snort

WebsiteWikipedia

Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) created by Martin Roesch in 1998.…

Tripwire

WebsiteWikipedia

Open Source Tripwire is a free software security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems.…

Fortify WebInspect

WebsiteWikipedia

Easily manage large-scale, distributed penetration testing tools across thousands of apps. Fortify on Demand is a managed application security testing…

SecureAssist

WebsiteWikipedia

SecureAssist is a lightweight static analysis tool that automatically detects vulnerabilities and provides just-in-time security guidance to you as you…

Veracode

WebsiteWikipedia

Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, the company offers an automated cloud-based service for…

Vault

WebsiteWikipedia

HashiCorp's Vault secures, stores, and controls access to tokens, passwords, certificates, API keys, and other sensitive resources in modern datacenters.…

SD Elements

WebsiteWikipedia

SD Elements automates software security requirements based on your project’s technology, business, and compliance drivers. SD Elements eliminates security…



Signal Sciences Web Protection Platform

WebsiteWikipedia

Signal Sciences Web Protection Platform (WPP) provides comprehensive threat protection and security visibility for production web applications, microservices,…

Checkmarx AppSec Accelerator

WebsiteWikipedia

AppSec Accelerator is an Application Security Managed Service that helps development organizations transition to a secure SDLC and combines SAST and DAST…

Checkmarx SAST (Static Application Security Testing)

WebsiteWikipedia

Checkmarx is an Application Security software company, whose mission is to provide enterprise organizations with application security testing products…

OSSEC

WebsiteWikipedia

OSSEC is a free, open-source host-based intrusion detection system (HIDS). It performs log analysis, integrity checking, Windows registry monitoring, rootkit…

OWASP Zed Attack Proxy (ZAP)

WebsiteWikipedia

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers.…

WhiteHat

WebsiteWikipedia

WhiteHat Security combines technology and human intelligence to deliver the world's most powerful solution for application security. WhiteHat’s application…

LogRhythm SIEM

WebsiteWikipedia

SIEM log management, network and endpoint monitoring and forensics, and security analytics. LogRhythm claims to help customers detect and respond quickly…

Venafi Trust Protection Platform

WebsiteWikipedia

Venafi Trust Protection Platform (TPP) provides fully automated processes for injecting X.509 keys and certificates into Containers, VM's, CI/CD pipelines,…

Klocwork

WebsiteWikipedia

Klocwork by Rogue Wave Software provides source code analysis solutions that boost development productivity. Using static analysis technology, Klocwork…

Black Duck

WebsiteWikipedia

Black Duck's multi-factor open source detection capabilities, in conjunction with Black Duck KnowledgeBase™, the most comprehensive database of open source…

Gauntlt

WebsiteWikipedia

Automated Security Testing. Gauntlt provides hooks to a variety of security tools and puts them within reach of security, dev and ops teams to collaborate…

Charles Proxy

WebsiteWikipedia

Charles Proxy, the defacto tool for sniffing out any requests made between a frontend and a backend. It tracks response times, sizes of messages and can…

Burp Proxy

WebsiteWikipedia

Burp Proxy is an intercepting proxy server for security testing of web applications. It operates as a man-in-the-middle between your browser and the target…

CyberArk

WebsiteWikipedia

CyberArk is an information security company focused on privileged account security. The company's technology is deployed worldwide – primarily in the financial…

Snort

WebsiteWikipedia

Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) created by Martin Roesch in 1998.…

Tripwire

WebsiteWikipedia

Open Source Tripwire is a free software security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems.…

Fortify WebInspect

WebsiteWikipedia

Easily manage large-scale, distributed penetration testing tools across thousands of apps. Fortify on Demand is a managed application security testing…

SecureAssist

WebsiteWikipedia

SecureAssist is a lightweight static analysis tool that automatically detects vulnerabilities and provides just-in-time security guidance to you as you…

Veracode

WebsiteWikipedia

Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, the company offers an automated cloud-based service for…

Vault

WebsiteWikipedia

HashiCorp's Vault secures, stores, and controls access to tokens, passwords, certificates, API keys, and other sensitive resources in modern datacenters.…

SD Elements

WebsiteWikipedia

SD Elements automates software security requirements based on your project’s technology, business, and compliance drivers. SD Elements eliminates security…



What's hotter in...