Application Security Tools and News That I First Share With Email Subscribers

A curated list of application security tools and CandyShop projects to benchmark tool results.

AppSec Santa

We are getting close to the end of the year and Christmas (the best time of the year!), which also means budgeting for some of us.

If you happen to watch any news or visit a nearby grocery store, you know the economy is not going well, and no surprise it is also affecting our cybersecurity budgets. 

So that's why I wanted to research the topic and share my findings about devsecops tools.

CandyShop DevSecOps is a database of vulnerability scanning tool results.  It is available to cybersecurity professionals only.  (closed beta)

Test Beds: OWASP JuiceShop, Broken Crystals, Altoro Mutual

Scanning Tools: semgrep, CodeQL, nodejsscan, Nuclei, OWASP ZAP, Dependabot, Dependency Check, Trivy, Grype

Check out my curated list of application security tools to secure your web applications and APIs.

Latest Articles

Most AppSec teams are not yet aware of it; some plan to take action this year, and some have tried to develop it internally, but what is the ASOC tool? is one of the fastest growing open source initiatives going viral in #devsecops, accelerating the path to a more secure world🦾. 

Kondukto is an ASOC platform to streamline security testing, centralize vulnerability management and improve security posture with risk-based metrics.

Latest Interviews