Application Security Tools and News That I First Share With Email Subscribers
A curated list of application security tools and CandyShop projects to benchmark tool results.
We are getting close to the end of the year and Christmas (the best time of the year!), which also means budgeting for some of us.
If you happen to watch any news or visit a nearby grocery store, you know the economy is not going well, and no surprise it is also affecting our cybersecurity budgets.
So that's why I wanted to research the topic and share my findings about devsecops tools.
CandyShop DevSecOps is a database of vulnerability scanning tool results. It is available to cybersecurity professionals only. (closed beta)
Test Beds: OWASP JuiceShop, Broken Crystals, Altoro Mutual
Scanning Tools: semgrep, CodeQL, nodejsscan, Nuclei, OWASP ZAP, Dependabot, Dependency Check, Trivy, Grype
Check out my curated list of application security tools to secure your web applications and APIs.
Most AppSec teams are not yet aware of it; some plan to take action this year, and some have tried to develop it internally, but what is the ASOC tool?
ProjectDiscovery.io is one of the fastest growing open source initiatives going viral in #devsecops, accelerating the path to a more secure world🦾.
Kondukto is an ASOC platform to streamline security testing, centralize vulnerability management and improve security posture with risk-based metrics.
Talsec
Talsec – Mobile app security Summary Talsec offers a multi-platform SDK that focuses on app shielding, API protection, and network traffic control. It enables you
Faraday Security
Faraday Security – Collaborative Pentest Platform Summary Faraday is a platform that orchestrates security tools to optimise response time and efficiency for vulnerability management. 6
Snyk Open Source
Snyk Open Source Security Summary Snyk Open Source allows you to find and fix vulnerabilities in the open-source libraries used by your applications. 11 min
Black Duck
Black Duck – Open Source Audits Summary Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks from using open-source
Shiftleft CORE
ShiftLeft CORE – Interactive Remediation Summary ShiftLeft CORE helps companies release secure code at scale. CORE combines next-generation SAST, secrets detection, Intelligent SCA, and developer
CAST Highlight
CAST Highlight – Rapid Application Portfolio Analysis Summary CAST Highlight is a SaaS software intelligence product for performing rapid application portfolio analysis. It combines technology
Mend
Mend SCA- Open Source Software Management Summary Mend SCA is an advanced technology makes it easy to develop secure software without compromising on speed or
JFrog Xray
JFROG Xray – Supply Chain Security and Compliance Summary JFrog Xray is an application security SCA tool that integrates security directly into your DevOps workflows,