Help people looking for great products just like you!
The list of products below is based purely on reviews and profile completeness. There is no paid placement and analyst opinions do not influence their rankings. We are committed to ensuring information on our site is reliable, useful, and worthy of your trust.
F5 Distributed Cloud Bot Defense (formerly Shape Defense, acquired January 2020) provides security to protect a website from bots, fake users, and unauthorized transactions, preventing large scale fraud and eroded user experiences. Companies get visibility, detection and mitigation…
Veracode is a software security firm that identifies flaws and vulnerabilities across the software development lifecycle. Veracode’s Software Security Platform uses advanced AI algorithms trained on vast datasets of code, for more precise identification and rectification of security…
Sonatype secures the software supply chain and protects organizations' vital software development lifecycle(SDLC). The platform unites security teams and developers…
GitLab DevSecOps platform enables software innovation by aiming to empower development, security, and operations teams to bui…
Vulcan Cyber is an exposure and vulnerability risk mitigation platform that coordinates teams, tools and tasks to eliminate the most-critical exposure risk to the business. Vulcan Cyber first correlates risk signals from scanners, cyber asset and threat intelligence tools. R…
Myra offers a secure, certified Security-as-a-Service platform for protecting digital business processes. The platform protects digital business processes against risks such as DDoS attacks, bot networks and attacks on databases.
Myra specializes in protecting critical infrastructure, especially in the finance, insurance, healthcare and public sectors. The Myra technology is certified by the German Federal Office for Information Security (BSI) according to the ISO 27001 certification based…
Avatao’s security training goes beyond simple tutorials and videos offering an interactive job-relevant learning experience to developer teams, security champions, pentesters, security analysts and DevOps teams.
Avatao's approach to secure coding training
The Avatao platform immerses developers in high-profile cases and provides them with real, in-depth experience with challenging security breaches. Engineers learn to hack and patch the bugs themselves. The vendor states that in this way, Avatao equips software engineering teams with a security mindset that increases their capability to reduce risks and react to known vulnerabilities faster, and that this in turn increases the security capability of a company to ship high-qu…
BluBracket is an enterprise security solution for code in a software-driven world. BluBracket gives companies visibility into where source code introduces security risk while also enabling them to fully secure their code without altering developer workflows or productivity.
SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.
Many organizations that use Office 365 are exposed to security risks that they are unaware of. As they extend SharePoint to meet their business needs, they build applications using technologi…
A solution to simplify security and gain multidirectional protection across any public or private cloud to block inbound attacks, lateral movement, and data exfiltration using a single solution. Cisco Multicloud Defense protects all cloud environments using a single software-as-a-…
IBM® Hyper Protect Offline Signing Orchestrator (Offline Signing Orchestrator or OSO for short) is a cold storage solution on IBM LinuxONE and Linux on Z, which brokers communications between two different applications that ar…
Appknox is an on-demand mobile application security platform designed to help Developers, Security Researchers, and Enterprises to build a sa…
GitGuardian Public Monitoring allows real-time GitHub scanning and alerting to uncover sensitive company information hiding in online repositories. It monitors both organization repositories and developers' personal repositories. The solution gives visibility to developers and security teams on…
Purplemet is a Web Application Security Monitoring SaaS solution focused on what hackers may see and exploit. It’s complementary to scanners enabling cyber hygiene on a URL portfolio while providing an additional list of vulnerabilities and technologies that makes Purplemet a non-…
The Cisco Secure Workload (formerly Tetration) platform offers holistic workload protection for multicloud data centers by enabling a zero-trust model using segmentation. This approach allows users to identify security incidents faster, contain lateral movement, and reduce the attack…
Indusface Web Application Scanner provides an application security audit to detect a range of high-risk Vulnerabilities, Malware, and Critical CVEs.
Vulert’s Developer Security Platform integrates with a developer's workflow, enabling security teams to collaborate with development teams. It adopts a developer-first approach, ensuring that organizations can secure all critical components…
A cloud application security solution from Cisco, it allows teams to secure APIs, serverless, container, and Kubernetes environments.
Reflectiz enables digital businesses to make their web applications safer by non-intrusively mitigating third-party risks without a single line of code. The technology is designed to protect a website agai…
| Software used within the IT environment im… |
Quixxi Security provides codeless app protection against hackers looking to clone, tamper, inject malicious code, or exploit a mobile app. A simple drag & drop feature applies a sophisticated set of security layers, for quick & easy mobile app protection. Quixxi is also a monitoring tool with Licensing, Analytics & Diagnostics SDK. Allowing developers to identify illegal use & help recover associated lost revenue, detailed insights into customer engagement & advanced debugging…
ShiftLeft in Santa Clara offers NextGen Static Analysis (NG SAST) a code analysis solution, purpose-built to support developer workflows, boasting the speed, accuracy, and comprehensiveness to confidently shift code analysis left by eliminating manual bottlenecks and embracing automation.…
TrustMaps are two-dimensional charts that compare products based on trScore and research frequency by prospective buyers. Products must have 10 or more ratings to appear on this TrustMap.
View TrustMapEach of these types of security tools serve different purposes, so they are often used complimentarily. Business-critical applications or those with sensitive data may use many, or all, of these tools throughout the application’s lifecycle.
Many different types of application security tools can be found here. Some of the most common and necessary features of application security tools include:
When comparing application security tools, consider these factors:
Pricing varies widely depending on whether the product is a cloud-based solution, cloud + professional services, or an on-premises tool. In general though, application security platforms price by the number of applications or volume of the codebase in question. Pricing per application can range in the thousands of dollars, or hundreds of dollars per thousand lines of code.
There are also a number of open source application security tools. These tools are free to download and use, but often come with optional paid services, like implementation and support.
Since technology has become commonplace in business, application security tools have become an essential part of most organizations. That said, the more sensitive applications used by your organization, the more necessary an application security tool is.
Most application security tools include some security testing features. These features can range from the bare minimum to rivaling dedicated tools. For businesses that want a single solution for application testing and security, options exist, but it shouldn’t be considered the expectation for the category.
The top rated application security tools are as follows:
Paid application security tools are priced either per application or by the volume of the codebase. Codebase pricing models range in the hundreds of dollars per hundred thousand lines of code, and per-application models start in the thousands of dollars per app.
