Best Application Security Software

G2 Crowd Grid® for Application Security
Leaders
High Performers
Contenders
Niche
Momentum Leaders
Momentum Score
Market Presence
Satisfaction
Compare Application Security Software
    Results: 98

    Filters
    Star Rating

    Application Security reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

    Coverity static analysis by Synopsys helps development and security teams find and fix defects and security flaws in code as it’s being written. Coverity is highly accurate, supports thousands of developers, and quickly analyzes large projects exceeding 100 million lines of code, helping your teams build secure, high-quality software faster.


    IBM Security AppScan Standard protects against web application attacks and expensive data breaches by automating application security vulnerability testing. Avoid security vulnerabilities Use automated dynamic security testing and advanced static analysis – “black box” and “white box” – to detect developing security issues. Empower accurate scanning Scan websites to identify embedded vulnerabilities. Simplify interpretation of scan results with scan-specific explanations of each issue. Get quick remediation Fix high-priority problems first with streamlined remediation. Make fixes quickly with the provided remediation steps – including code examples and a task list.


    Netsparker develops an industry leading automated web application security solution. Available as Windows software, online and on-premises service, the Netsparker scanner can automatically detect SQL Injection, Cross-site Scripting and other vulnerabilities in any type of modern HTML5, Single Page Application (SPA), Web 2.0 web application and web services, regardless of the technology they are built with. The Netsparker scanner does not just report the vulnerabilities, it also generates a proof of exploit confirming they are real and not false positives. Therefore you do not have to waste time manually verifying the scanner’s findings and can easily scale up web application security and scan thousands of websites within a matter of hours. Netsparker is trusted and used by world renowned companies such as Samsung, Ernst & Young, Skype, NASA, ISACA and ING Bank.


    Acunetix leads the market in automatic web security testing technology that comprehensively scans and audits complex, authenticated, HTML5 and JavaScript-heavy websites among others. Used by many Government, Military, Educational, Telecommunications, Banking, Finance, and E-Commerce sectors, including many Fortune 500 companies, Acunetix offers cost-effective entry into the web scanning market with a simple, scalable, and high availability solution, without compromising quality. Acunetix can report on a wide range of web vulnerabilities, including SQLi, XSS and provides the only technology on the market that can automatically detect out-of-band vulnerabilities. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritise and control vulnerability threats – ordered by business criticality.


    Checkmarx is the Software Exposure Platform for the enterprise. Over 1,400 organizations around the globe rely on Checkmarx to measure and manage software risk at the speed of DevOps. Checkmarx serves five of the world’s top 10 software vendors, four of the top American banks, and many government organizations and Fortune 500 enterprises, including SAP, Samsung, and Salesforce.com. Learn more at Checkmarx.com or follow us on Twitter: @checkmarx.


    Metasploit Pro is a penetration testing tool that increases penetration tester's productivity, prioritizes and demonstrates risk through closed-loop vulnerability validation, and measures security awareness through simulated phishing emails.


    Cloudbric is a cloud-based web security provider, offering an award-winning Web Application Firewall (WAF), DDoS protection, and SSL. Cloudbric offers security primarily to startup and SMB websites that lack cybersecurity experience or can't afford expensive IT security solutions. Cloudbric’s services are free for all websites with less than 4GB of bandwidth per month. We charge based on amount of web traffic, making Cloudbric perfect for SMEs and new startups. Our services are military-grade protection for the little guy.


    The NGINX Application Platform is a suite of products that together form the core of what organizations need to create applications with performance, reliability, security, and scale. The NGINX Application Platform includes NGINX Plus for load balancing and application delivery, the NGINX WAF for security, and NGINX Unit to run the application code, all monitored and managed by the NGINX Controller. NGINX is the heart of the modern web — helping the world’s most innovative companies deliver their sites and applications with performance, reliability, security, and scale. The company offers an award-winning, comprehensive application delivery platform in use on more than 300 million sites worldwide. Companies around the world rely on NGINX to ensure flawless digital experiences through features such as advanced load balancing, web and mobile acceleration, security controls, application monitoring, and management. More than half of the Internet’s busiest websites rely on NGINX, including Airbnb, Box, Instagram, Netflix, Pinterest, SoundCloud, and Zappos. The company is headquartered in San Francisco, with its EMEA headquarters in Cork, Ireland and APAC headquarters in Singapore. Learn more at https://www.nginx.com/


    Burp Suite is a toolkit for web application security testing.


    Eliminate application vulnerabilities and stop data breaches. You depend on applications everyday. They are how your customers and partners connect with you, and they are how your employees get their jobs done. Unfortunately, your applications remain one of the most commonly exploited threat vectors. Barracuda WAF protects your web, mobile and API applications from being compromised, and prevents data breaches— ensuring you maintain your reputation and your customer's confidence.


    Citrix Web App Firewall is a web application firewall (WAF) that protects web applications and sites from both known and unknown attacks, including all application-layer and zero-day threats.


    The Most Trusted Hacker-Powered Security Platform


    Appknox is one of the enterprise level security assessment product that helps businesses and enterprises to detect, manage and fix security issues. Its been used by some of the top enterprises to secure more than 500 mobile apps on regular basis. Appknox is listed in one of the Gartner's top mobile app security testing vendors list. Working with more than 100 organizations globally Appknox has been focusing on niche area of mobile app security.


    bugScout is a next-gen SAST platform for detecting vulnerabilities in application and website source codes, designed by ethical hackers and cybersecurity analysts coming out of Deloitte’s European cyberthreat SOC competency center. Today, source code security audits are snapshots that define the status at a point in time and deliver reports that are already out of date by the time they are finished because the development process is continuous. With its fast performance and scalability, bugScout enables continuous source code analysis. Security audits can keep pace with the speed of the development process, and role-based reports facilitate communications between security analysts and developers to help identify vulnerabilities, pinpoint the causes and remediate the problems.


    Peach Fuzzer is an automated security testing platform that prevents zero-day attacks by findng vulnerabilities in hardware and software systems.


    AppSecure is a suite of application security capabilities for Juniper Networks SRX Series Services Gateways that identifies applications for greater visibility, enforcement, control, and protection of the network.


    AppWall is a web application firewall (WAF) and network security solution that guarantees fast, reliable and secure web applications.


    Cloudflare’s enterprise-class web application firewall (WAF) protects your Internet property from common vulnerabilities like SQL injection attacks, cross-site scripting, and cross-site forgery requests with no changes to your existing infrastructure.


    Cobalt's Pen Testing as a Service (PTaaS) Platform transforms yesterday’s broken pen test model into a data-driven vulnerability management engine. Fueled by our global talent pool of certified freelancers, Cobalt's crowdsourced SaaS pen test platform delivers actionable results that empower agile teams to pinpoint, track, and remediate software vulnerabilities. Hundreds of organizations now benefit from high quality pen test findings, faster remediation times, and higher ROI for their pen test budget.


    Detectify is a web security scanner that performs fully automated tests to identify security issues on your website. It checks for SQL injections, XSS and 700+ other vulnerabilities. This is included: - A scanner that checks your site for 700+ vulnerabilities - The latest security tests submitted by ethical hackers - Unlimited number of scans - An extensive knowledge base with over 100 remediation tips - Team functionality so that you can easily share reports - Integrations with popular tools like Slack, Jira and PagerDuty


    FortiWeb WAF is a comprehensive, high-performance web application security service.


    Application security testing for the modern web


    Software security solutions from Micro Focus Fortify cover your entire software development lifecycle (SDLC) for mobile, third party and website security.


    WebInspect offers automated dynamic application security testing (DAST) and interactive application security testing (IAST) technologies that mimics real-world hacking techniques and attacks, provides comprehensive dynamic analysis of complex web applications and services, and crawls more of the attack surface to exposes exploits.


    Qualys WAS is Qualys's platform for end-to-end web application scanning.



    Web Application Protector is designed to safeguard web assets from web application and DDoS attacks, while improving performance.


    WAF is a cloud firewall service that protects core website data and safeguards the security and availability of your site


    Application Security is a network security software that provides safeguards against unauthorized access and malicious application attacks.


    Fortify offers end-to-end application security solutions with the flexibility of testing on-premises and on-demand to cover the entire software development lifecycle.


    Appsec Scale is an automated web application security testing solution. Its works with the same appsec engine as Outpost24's SWAT (the Secure Web Application Tactics) which means it always adapt itself to applications changes and new discovered threats. Appsec Scale test continuously the application but customers keep the control of the solution. Finally, Appsec Scale goes further than application testing and analyzes also the infrastructure. The solution can fit organizations of any size. It is Cloud-based (SaaS) so easy to deploy. But Application security teams are available 24/7 to support. Know more > https://outpost24.com/appsec-scale


    AppSpider is a dynamic application security testing (DAST) solution.


    Arxan Application Protection offers protection and management solutions for IoT, mobile, and other applications.


    AttackFlow is a solution helps find security and quality weaknesses in software by analyzing the code.


    BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.


    A comprehensive web application firewall (WAF) that protects apps and data from known and unknown threats, defends against bots that bypass standard protections, and virtually patches app vulnerabilities.


    CAST Application Intelligence Platform (AIP) is an enterprise-grade software measurement and quality analysis solution designed to analyze multi-tiered, multi-technology applications for technical vulnerabilities and adherence to architectural and coding standards and then provide business relevant information to the IT organization through various dashboards and products built with end users in mind.


    CA Veracode Vendor Application Security Testing (VAST) provides a scalable program for managing third-party software risk. Build your program based on a decade’s worth of best practices to ensure success and see a simple pass or fail for each vendor application. Because CA Veracode scans binaries rather than source code, vendors will be more comfortable with the assessments because they don't have to disclose their intellectual property. With CA Veracode, you can scale your program without adding specialized headcount and manage the entire program on a single platform


    Code Dx’s automated application vulnerability correlation shaves weeks off that process so you can get right to fixing your code. Its vulnerability management lets you quickly prioritize vulnerabilities (to fix the most important ones first), track progress of their remediation, and observe how your code's security changes over time.


    Code Dx Enterprise takes the results of all of your scans, processes them, and gives you a short list with no duplicates. It even points out which vulnerabilities were found by more than one tool, and provides an easy interface to prioritize each one based on severity. This can cut your testing time down, and get your application secured without falling behind schedule.


    CodePeer is an Ada source code analyzer that detects run-time and logic errors. It assesses potential bugs before program execution, serving as an automated peer reviewer, helping to find errors easily at any stage of the development life-cycle. CodePeer helps you improve the quality of your code and makes it easier for you to perform safety and/or security analysis.


    CodeSonar, GrammaTech's flagship static analysis SAST tool, identifies bugs that can result in system crashes, unexpected behavior, and security breaches.


    Comodo cWatch Web is a managed security service for websites and applications that combines a Web Application Firewall (WAF) provisioned over a secure Content Delivery Network (CDN).


    Businesses can focus on what matters to them, remaining highly agile, without putting the organization at risk.


    Cymulate comprehensively identifies the security gaps in your infrastructure and provides actionable insights for proper remediation. Run safely from the internet, our battery of simulated attacks causes no interruption to your operation or business productivity.


    Test running apps and services for common security weaknesses and vulnerabilities using malformed inputs to detect flaws. Leverage fully automated tests across 250+ test suites, protocol-specific attack patterns and automatic test mutation


    DenyAll is a french software editor specialized in Web Application Firewall (WAF) and vulnerability scanners.


    dotDefender is a web application security solution (a Web Application Firewall, or WAF) that offers strong, proactive security for websites and web applications. dotDefender can handle .NET Security issues.


    Identify and protect production applications from common attacks and vulnerability exploits in real-time.


    Integrated secure development, security testing and continuous monitoring.