Discover AppSec Tools
in Minutes, not Months.
Choosing security tools shouldn't require a 6-month PoC. I've done that work for 140+ tools over 10 years—so you don't have to.
Application Security Categories
Explore tools organized by security testing methodology
01Static Application Security Testing
Static Code Analysis
02Software Composition Analysis
Dependency Vulnerability Scanning
03Dynamic Application Security Testing
Dynamic Vulnerability Scanning
04Interactive Application Security Testing
Runtime Code Analysis
05Runtime Application Self-Protection
Runtime Attack Protection
06AI Security & LLM Red Teaming
LLM Security & Red Teaming
07API Security Testing
API Discovery & Protection
08Infrastructure as Code Security
Infrastructure Misconfiguration Scanning
09Application Security Posture Management
Unified Vulnerability Management
10Mobile Application Security Testing
iOS & Android Security Testing
Recently Added & Updated
Latest tools and reviews from our team
AI Security & LLM Red Teaming: 10 Tools Compared
Tools for testing LLMs against prompt injection, jailbreaks, and data leakage. Includes Garak, PyRIT, LLM Guard, and more.
SonarQube Review Updated
New v10.x features, updated pricing model, and community edition changes.
OWASP ZAP: Now Under SSP Umbrella
ZAP moved from OWASP to Software Security Project. What changes for users.
Snyk vs Dependabot: Which SCA Tool to Choose?
Side-by-side comparison of two popular dependency scanning tools.
IaC Security Tools Compared
Checkov, Trivy, KICS, and more scanning Terraform, Kubernetes configs.
Why AppSec Santa?
Making informed decisions about application security tools shouldn't be overwhelming.
Unbiased Reviews
Honest evaluations based on real-world testing, not vendor marketing.
Comprehensive Coverage
129 tools across 10 categories, from open-source to enterprise.
Always Updated
Regular updates to reflect the latest tool changes and market trends.