Application Security Tools and News That I First Share With Email Subscribers

A curated list of application security tools and CandyShop projects to benchmark tool results.

AppSec Santa

We are getting close to the end of the year and Christmas (the best time of the year!), which also means budgeting for some of us.

If you happen to watch any news or visit a nearby grocery store, you know the economy is not going well, and no surprise it is also affecting our cybersecurity budgets. 

So that’s why I wanted to research the topic and share my findings about devsecops tools.

CandyShop DevSecOps is a database of vulnerability scanning tool results.  It is available to cybersecurity professionals only.  (closed beta)

Test Beds: OWASP JuiceShop, Broken Crystals, Altoro Mutual

Scanning Tools: semgrep, CodeQL, nodejsscan, Nuclei, OWASP ZAP, Dependabot, Dependency Check, Trivy, Grype

Check out my curated list of application security tools to secure your web applications and APIs.

Latest Articles

Most AppSec teams are not yet aware of it; some plan to take action this year, and some have tried to develop it internally, but what is the ASOC tool? is one of the fastest growing open source initiatives going viral in #devsecops, accelerating the path to a more secure world🦾. 

Kondukto is an ASOC platform to streamline security testing, centralize vulnerability management and improve security posture with risk-based metrics.

Latest Interviews
Bearer scan result


Bearer – a SAST tool for security and privacy Summary Bearer is a newest SAST solution to scan source code and also detects sensitive data

Read More »
Talsec Dashboard RASP


Talsec – Mobile app security Summary Talsec offers a multi-platform SDK that focuses on app shielding, API protection, and network traffic control. It enables you

Read More »
Faraday Security

Faraday Security

Faraday Security – Collaborative Pentest Platform Summary Faraday is a platform that orchestrates security tools to optimise response time and efficiency for vulnerability management. 6

Read More »
Snyk Open Source Dashboard

Snyk Open Source

Snyk Open Source Security Summary Snyk Open Source allows you to find and fix vulnerabilities in the open-source libraries used by your applications. 11 min

Read More »
Black Duck SCA Dashboard

Black Duck

Black Duck – Open Source Audits Summary Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks from using open-source

Read More »
Shiftleft CORE Dashboard

Shiftleft CORE

ShiftLeft CORE – Interactive Remediation Summary ShiftLeft CORE helps companies release secure code at scale. CORE combines next-generation SAST, secrets detection, Intelligent SCA, and developer

Read More »
CAST Highlight Dashboard

CAST Highlight

CAST Highlight – Rapid Application Portfolio Analysis Summary CAST Highlight is a SaaS software intelligence product for performing rapid application portfolio analysis. It combines technology

Read More »
Mend SCA Dashboard


Mend SCA- Open Source Software Management Summary Mend SCA is an advanced technology makes it easy to develop secure software without compromising on speed or

Read More »