Application Security Tools and News That I First Share With Email Subscribers

A curated list of application security tools and CandyShop projects to benchmark tool results.

AppSec Santa
APPSEC TOOL REVIEWS
VENDOR NEWS
DEVSECOPS PROJECTS
DevSecOps Tools

We are getting close to the end of the year and Christmas (the best time of the year!), which also means budgeting for some of us.

If you happen to watch any news or visit a nearby grocery store, you know the economy is not going well, and no surprise it is also affecting our cybersecurity budgets. 

So that’s why I wanted to research the topic and share my findings about devsecops tools.

CandyShop for DevSecOps

CandyShop DevSecOps is a database of vulnerability scanning tool results.  It is available to cybersecurity professionals only.  (closed beta)

Test Beds: OWASP JuiceShop, Broken Crystals, Altoro Mutual

Scanning Tools: semgrep, CodeQL, nodejsscan, Nuclei, OWASP ZAP, Dependabot, Dependency Check, Trivy, Grype

Application Security Tools

Check out my curated list of application security tools to secure your web applications and APIs.

Latest Articles
Application Security Orchestration and Correlation

Application Security Orchestration and Correlation

Most AppSec teams are not yet aware of it; some plan to take action this year, and some have tried to develop it internally, but what is the ASOC tool?

Project Discovery

Gain Superhero Powers To Prevent Cyber Criminals From Disrupting Business

ProjectDiscovery.io is one of the fastest growing open source initiatives going viral in #devsecops, accelerating the path to a more secure world🦾. 

Kondukto Integrations

Kondukto - a modern ASOC Tool

Kondukto is an ASOC platform to streamline security testing, centralize vulnerability management and improve security posture with risk-based metrics.

Latest Interviews
Faraday Security
Fortify WebInspect
Eshard
Astra Security
HCL AppScan
Talsec Dashboard RASP

Talsec

Jun 21, 2022

Talsec – Mobile app security Summary Talsec offers a multi-platform SDK that focuses on app shielding, API protection, and network traffic control. It enables you

Read More »
Faraday Security

Faraday Security

Jun 16, 2022

Faraday Security – Collaborative Pentest Platform Summary Faraday is a platform that orchestrates security tools to optimise response time and efficiency for vulnerability management. 6

Read More »
Snyk Open Source Dashboard

Snyk Open Source

Jun 6, 2022

Snyk Open Source Security Summary Snyk Open Source allows you to find and fix vulnerabilities in the open-source libraries used by your applications. 11 min

Read More »
Black Duck SCA Dashboard

Black Duck

Jun 6, 2022

Black Duck – Open Source Audits Summary Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks from using open-source

Read More »
Shiftleft CORE Dashboard

Shiftleft CORE

Jun 4, 2022

ShiftLeft CORE – Interactive Remediation Summary ShiftLeft CORE helps companies release secure code at scale. CORE combines next-generation SAST, secrets detection, Intelligent SCA, and developer

Read More »
CAST Highlight Dashboard

CAST Highlight

Jun 4, 2022

CAST Highlight – Rapid Application Portfolio Analysis Summary CAST Highlight is a SaaS software intelligence product for performing rapid application portfolio analysis. It combines technology

Read More »
Mend SCA Dashboard

Mend

Jun 4, 2022

Mend SCA- Open Source Software Management Summary Mend SCA is an advanced technology makes it easy to develop secure software without compromising on speed or

Read More »
Jfrog Xray Dashboard

JFrog Xray

Jun 4, 2022

JFROG Xray – Supply Chain Security and Compliance Summary JFrog Xray is an application security SCA tool that integrates security directly into your DevOps workflows,

Read More »