The Ultimate List of Software Security Tools
HCL AppScan is a provider of application security testing tools for Static (SAST), Dynamic (DAST), Interactive (IAST) and Software Composition (SCA) that enable software publishers to detect and remediate vulnerabilities, comply with regulations and implement security best practices. Its static testing engine includes capabilities to remove false positives, organize findings into related groups and provide […]
WhiteSource is an open source security and license compliance management platform WhiteSource constantly and automatically detects all open source components in your code and cross-references them against a continuously updated database of over 3,000,000 open source libraries, so that you are notified immediately if an issue arises in one of the open source libraries from […]
Nexus Lifecycle gives you full control over your software supply chain by continuously identifying risk, enforcing policy and helping to remediate vulnerabilities across every stage of the SDLC. Create custom security, license, and architectural policies based on application type or organization and contextually enforce those policies. Automatic policy enforcement can only happen with the precision […]
Checkmarx AppSec Accelerator is an Application Security Managed Service that helps development organizations offload their application security program onto Checkmarx’s AppSec experts, thereby minimizing internal workloads and maximizing productivity. By aligning industry-leading SAST, IAST, and SCA solutions, experienced practitioners, and optimized processes, Checkmarx AppSec Accelerator ensures that organizations can quickly and effectively set up, and […]
OSSEC is a free, open-source host-based intrusion detection system (HIDS). It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and active response. It provides intrusion detection for most operating systems, including Linux, OpenBSD, FreeBSD, OS X, Solaris and Windows. OSSEC has a centralized, cross-platform architecture allowing multiple systems to be easily […]
SIEM log management, network and endpoint monitoring and forensics, and security analytics. LogRhythm claims to help customers detect and respond quickly to cyber threats before a material breach occurs. It also aims to provide compliance automation and assurance and IT predictive intelligence to organizations, government agencies, and mid-sized businesses.
Automatically detects open source vulnerabilities and accelerate fixing throughout your development process. Developer-first security Giving developers a security tool they use and love. Automated remediation Powerful fix advice and automation that enables security at scale and speed. Leading vulnerability database Hand-curated, enriched and first to publish vulnerability content.
Kiuwan is an end-to-end application security platform, providing a DevSecOps approach to securing your applications. Highlights: SAST + SCA, 30+ Languages, Web, Mobile & Legacy systems supported, discover open source vulnerabilities and license compliance, OWASP, CWE, SANS 25, PCI-DSS, HIPAA, WASC, MISRA-C, BIZEC, CERT-C, CERT-J.
Twistlock is the industry’s most complete, automated and scalable container cybersecurity platform. From precise, full-lifecycle vulnerability and compliance management to application-tailored runtime defense and cloud native firewalls, Twistlock secures your containers and modern applications against the next generation of threats across the entire application lifecycle.
Burp Suite is the most trusted Application Security Testing toolkit. 45,000 security engineers and penetration testers count on Burp Suite to uncover and verify vulnerabilities in web applications. Burp is increasingly deployed as part of DevOps and DevSecOps initiatives, enabling engineering teams to shift left and integrate dynamic and automated application scans into their software […]
Micro Focus Fortify Static Code Analyzer reduces software risk by identifying security vulnerabilities that pose the biggest threats to your organization. It pinpoints the root cause of the vulnerability, correlates and prioritizes results, and provides best practices so developers can develop code more securely.
Easily manage large-scale, distributed penetration testing tools across thousands of apps. Fortify on Demand is a managed application security testing service that enables organizations to quickly test the application security of a few applications or launch a comprehensive security program without additional investment in software and personnel.
Checkmarx SAST (CxSAST) is an enterprise-grade, flexible, and accurate static analysis solution used to identify hundreds of security vulnerabilities in custom code. A core component of Checkmarx’s broader Software Security Platform, CxSAST is used by development, DevOps, and security teams to scan source code early in the SDLC, identify vulnerabilities, and provide actionable remediation insights.
Black Duck’s multi-factor open source detection capabilities, in conjunction with Black Duck KnowledgeBase™, the most comprehensive database of open source component, vulnerability, and license information, enable you to research open source projects, mitigate security and license compliance risks, and automatically enforce open source policies using your existing DevOps tools and processes.
Secure and manage secrets used by apps and other non-human identities in the CI/CD tool chain. Credentials and secrets used in DevOps environments are a prime target for attackers. Using a DevOps tools-centered approach to manage secrets contributes to secrets sprawl and expands the attack surface. Implementing a centralized administration solution, built for continuous development […]
Charles Proxy, the defacto tool for sniffing out any requests made between a frontend and a backend. It tracks response times, sizes of messages and can also be used to rewrite requests made to insert faulty data or trigger error codes on screens. Charles Proxy is also used by Security testers to test if an […]
Available as an open source tool and for the enterprise, CyberArk Conjur is a secrets management solution tailored specifically for the unique infrastructure requirements of native cloud and DevOps environments. The solution incorporates fundamental DevOps security principles, such as least privilege and segregation of duties, to secure and manage secrets used by non-human machine identities […]
Qualys Cloud Platform consists of integrated apps to help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for all your IT assets – on premises, in clouds and on mobile endpoints.
Signal Sciences secures the most important web applications, APIs, and microservices of the world’s leading companies. Our next-gen WAF and RASP help you increase security and maintain site reliability without sacrificing velocity, all at the lowest total cost of ownership. Learn how our patented approach can help you.
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It’s also a great tool for experienced pentesters to use […]
Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) created by Martin Roesch in 1998. Snort is now developed by Sourcefire, of which Roesch is the founder and CTO. In 2009, Snort entered InfoWorld’s Open Source Hall of Fame as one of the “greatest [pieces of] […]
SecureAssist is a lightweight static analysis tool that automatically detects vulnerabilities and provides just-in-time security guidance to you as you code. With SecureAssist, you can eliminate the most common security problems, by checking your own code for security vulnerabilities, and using SecureAssist guidance to fix them.
Centrify develops best-in-class Active Directory bridging and infrastructure security tools. Over half of the Fortune 100, the world’s largest financial institutions, intelligence agencies, and critical infrastructure companies, all trust Centrify to stop the leading cause of breaches – privileged access abuse.
Aqua Security helps enterprises secure their cloud native applications from development to production, whether they run using containers, serverless, or virtual machines. Aqua bridges the gap between DevOps and security, promoting business agility and accelerating digital transformation. Aqua’s Cloud Native Security portfolio provides full visibility and security automation across the entire application lifecycle and infrastructure, […]