The Ultimate List of Software Security Tools

Signal Sciences

WebsiteWikipedia

Signal Sciences secures the most important web applications, APIs, and microservices of the world's leading companies. Our next-gen WAF and RASP help you…

Checkmarx AppSec Accelerator

WebsiteWikipedia

AppSec Accelerator is an Application Security Managed Service that helps development organizations transition to a secure SDLC and combines SAST and DAST…

Checkmarx SAST (Static Application Security Testing)

WebsiteWikipedia

Checkmarx is an Application Security software company, whose mission is to provide enterprise organizations with application security testing products…

OSSEC

WebsiteWikipedia

OSSEC is a free, open-source host-based intrusion detection system (HIDS). It performs log analysis, integrity checking, Windows registry monitoring, rootkit…

OWASP Zed Attack Proxy (ZAP)

WebsiteWikipedia

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers.…

WhiteHat

WebsiteWikipedia

WhiteHat Security combines technology and human intelligence to deliver the world's most powerful solution for application security. WhiteHat’s application…

LogRhythm SIEM

WebsiteWikipedia

SIEM log management, network and endpoint monitoring and forensics, and security analytics. LogRhythm claims to help customers detect and respond quickly…

Venafi Trust Protection Platform

WebsiteWikipedia

Venafi Trust Protection Platform (TPP) provides fully automated processes for injecting X.509 keys and certificates into Containers, VM's, CI/CD pipelines,…

Klocwork

WebsiteWikipedia

Klocwork by Rogue Wave Software provides source code analysis solutions that boost development productivity. Using static analysis technology, Klocwork…

Black Duck

WebsiteWikipedia

Black Duck's multi-factor open source detection capabilities, in conjunction with Black Duck KnowledgeBase™, the most comprehensive database of open source…

Fortify SCA

WebsiteWikipedia

Micro Focus Fortify Static Code Analyzer reduces software risk by identifying security vulnerabilities that pose the biggest threats to your organization.…

Kiuwan

WebsiteWikipedia

Kiuwan is an end-to-end application security platform, providing a DevSecOps approach to securing your applications. Highlights: SAST + SCA, 30+ Languages,…

Charles Proxy

WebsiteWikipedia

Charles Proxy, the defacto tool for sniffing out any requests made between a frontend and a backend. It tracks response times, sizes of messages and can…

CyberArk Conjur

WebsiteWikipedia

Available as an open source tool and for the enterprise, CyberArk Conjur is a secrets management solution tailored specifically for the unique infrastructure…

Snort

WebsiteWikipedia

Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) created by Martin Roesch in 1998.…

Tripwire

WebsiteWikipedia

Open Source Tripwire is a free software security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems.…

Fortify WebInspect

WebsiteWikipedia

Easily manage large-scale, distributed penetration testing tools across thousands of apps. Fortify on Demand is a managed application security testing…

SecureAssist

WebsiteWikipedia

SecureAssist is a lightweight static analysis tool that automatically detects vulnerabilities and provides just-in-time security guidance to you as you…

Veracode

WebsiteWikipedia

Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, the company offers an automated cloud-based service for…

HashiCorp Vault

WebsiteWikipedia

HashiCorp's Vault secures, stores, and controls access to tokens, passwords, certificates, API keys, and other sensitive resources in modern datacenters.…

SD Elements

WebsiteWikipedia

SD Elements automates software security requirements based on your project’s technology, business, and compliance drivers. SD Elements eliminates security…