G2 Crowd gives a real-time look at how dreamforce sponsors and exhibitioners stack up.

Best Application Security Software

Application Security Software Grid® Overview

The best Application Security Software products are determined by customer satisfaction (based on user reviews) and market presence (based on products’ scale, focus, and influence) and placed into four categories on the Grid®:
G2 Crowd Grid® for Application Security
Leaders
High Performers
Contenders
Niche
Market Presence
Satisfaction
Compare Application Security Software
    Results: 113

    Filters
    Star Rating

    Application Security reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

    Fiddler is a free web debugging proxy for any browser, system or platform.


    Coverity, a Synopsys software testing solution, is a leading provider of software quality and security analysis.


    F5 Big IP Platform provides application services ranging from access and acceleration to security to intelligent traffic management.


    Pulse Secure Virtual Traffic Manager is a software-based application delivery controller (ADC) designed to deliver faster, high performance user experience, with more reliable access to public websites and enterprise applications.


    Bitdefender GravityZone combines all the security services organizations need into a single delivery platform to reduce their cost of building a trusted environment for all endpoints.


    Consultants and organizations around the world use Nessus® Professional to reduce their IT attack surface and ensure compliance. Nessus features high-speed asset discovery, configuration auditing, target profiling, malware detection, sensitive data discovery and more. Nessus supports more technologies than competitive solutions, scanning operating systems, network devices, next generation firewalls, hypervisors, databases, web servers and critical infrastructure for vulnerabilities, threats and compliance violations. With the world’s largest continuously updated library of vulnerability and configuration checks, and the support of Tenable’s expert vulnerability research team, Nessus sets the standard for vulnerability scanning speed and accuracy.


    Lookout is a mobile app that fights cybercriminals by predicting and stopping mobile attacks before they do harm.


    IBM Security AppScan Standard protects against web application attacks and expensive data breaches by automating application security vulnerability testing. Avoid security vulnerabilities Use automated dynamic security testing and advanced static analysis – “black box” and “white box” – to detect developing security issues. Empower accurate scanning Scan websites to identify embedded vulnerabilities. Simplify interpretation of scan results with scan-specific explanations of each issue. Get quick remediation Fix high-priority problems first with streamlined remediation. Make fixes quickly with the provided remediation steps – including code examples and a task list.


    Netsparker develops an industry leading automated web application security solution. Available as Windows software, online and on-premises service, the Netsparker scanner can automatically detect SQL Injection, Cross-site Scripting and other vulnerabilities in any type of modern HTML5, Single Page Application (SPA), Web 2.0 web application and web services, regardless of the technology they are built with. The Netsparker scanner does not just report the vulnerabilities, it also generates a proof of exploit confirming they are real and not false positives. Therefore you do not have to waste time manually verifying the scanner’s findings and can easily scale up web application security and scan thousands of websites within a matter of hours. Netsparker is trusted and used by world renowned companies such as Samsung, Ernst & Young, Skype, NASA, ISACA and ING Bank.


    Acunetix leads the market in automatic web security testing technology that comprehensively scans and audits complex, authenticated, HTML5 and JavaScript-heavy websites among others. Used by many Government, Military, Educational, Telecommunications, Banking, Finance, and E-Commerce sectors, including many Fortune 500 companies, Acunetix offers cost-effective entry into the web scanning market with a simple, scalable, and high availability solution, without compromising quality. Acunetix can report on a wide range of web vulnerabilities, including SQLi, XSS and provides the only technology on the market that can automatically detect out-of-band vulnerabilities. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritise and control vulnerability threats – ordered by business criticality.


    Checkmarx is the Software Exposure Platform for the enterprise. Over 1,400 organizations around the globe rely on Checkmarx to measure and manage software risk at the speed of DevOps. Checkmarx serves five of the world’s top 10 software vendors, four of the top American banks, and many government organizations and Fortune 500 enterprises, including SAP, Samsung, and Salesforce.com. Learn more at Checkmarx.com or follow us on Twitter: @checkmarx.


    SiteLock, the global leader in website security solutions, is the only provider to offer complete, cloud-based website protection. Its 360-degree monitoring detects and fixes threats, prevents future attacks, accelerates website performance, and meets PCI compliance standards for businesses of all sizes. Founded in 2008, the company protects over 12 million ​websites worldwide. For more information, please visit sitelock.com.

    SiteLock Reviews

    EdgeWave, award-winning Web Security


    Cloudbric is a cloud-based web security provider, offering an award-winning Web Application Firewall (WAF), DDoS protection, and SSL. Cloudbric offers security primarily to startup and SMB websites that lack cybersecurity experience or can't afford expensive IT security solutions. Cloudbric’s services are free for all websites with less than 4GB of bandwidth per month. We charge based on amount of web traffic, making Cloudbric perfect for SMEs and new startups. Our services are military-grade protection for the little guy.


    Burp Suite is a toolkit for web application security testing.


    The NGINX Application Platform is a suite of products that together form the core of what organizations need to create applications with performance, reliability, security, and scale. The NGINX Application Platform includes NGINX Plus for load balancing and application delivery, the NGINX WAF for security, and NGINX Unit to run the application code, all monitored and managed by the NGINX Controller. NGINX is the heart of the modern web — helping the world’s most innovative companies deliver their sites and applications with performance, reliability, security, and scale. The company offers an award-winning, comprehensive application delivery platform in use on more than 300 million sites worldwide. Companies around the world rely on NGINX to ensure flawless digital experiences through features such as advanced load balancing, web and mobile acceleration, security controls, application monitoring, and management. More than half of the Internet’s busiest websites rely on NGINX, including Airbnb, Box, Instagram, Netflix, Pinterest, SoundCloud, and Zappos. The company is headquartered in San Francisco, with its EMEA headquarters in Cork, Ireland and APAC headquarters in Singapore. Learn more at https://www.nginx.com/


    Trend Micro IM Security provides threat and data protection for Microsoft Skype for Business servers. Top-rated malware and URL filtering block phishing messages and malicious file transfers. Built-in Data Loss Prevention (DLP) controls the sharing of sensitive data. Minimize risk exposure with messaging content filters that warn users of unprofessional behavior. This real-time security solution also helps avoid conflicts of interest with communication controls to enforce blocks or ethical walls.


    NetScaler AppFirewall is a web application firewall (WAF) that protects web applications and sites from both known and unknown attacks, including all application-layer and zero-day threats.


    SUSE Linux Enterprise Server is a world-class, secure open source server operating system, built to power physical, virtual and cloud-based mission-critical workloads.


    Synopsys SecureAssist helps companies design, build, and maintain secure software.


    Veracode is the world's best automated, on-demand application security testing and code review solution.



    Application Centric Infrastructure (ACI) simplifies, optimizes, and accelerates the application deployment lifecycle in next-generation data centers and clouds.



    Peach Fuzzer is an automated security testing platform that prevents zero-day attacks by findng vulnerabilities in hardware and software systems.


    Scanii is a simple REST API you can use to identify malware, phishing, NSFW images/language and other dangerous content.


    Appknox is one of the enterprise level security assessment product that helps businesses and enterprises to detect, manage and fix security issues. Its been used by some of the top enterprises to secure more than 500 mobile apps on regular basis. Appknox is listed in one of the Gartner's top mobile app security testing vendors list. Working with more than 100 organizations globally Appknox has been focusing on niche area of mobile app security.


    AppSecure is a suite of application security capabilities for Juniper Networks SRX Series Services Gateways that identifies applications for greater visibility, enforcement, control, and protection of the network.


    BitNinja is an easy-to-use server security tool, which can be installed on your server within a couple of minutes and requires virtually no maintenance. It is a mixture of an on-premise and cloudbased solution. It is an agent which sits on your infrastructure and sends the attack information to the central server which is in the cloud. We have a new technology called defence network, which means that every BitNinja protected server learns from each attack and shares the learned information with the central server and with all the other BitNinja enabled servers, so the shield just gets stronger and stronger with every single attack.


    Detectify is a web security scanner that performs fully automated tests to identify security issues on your website. It checks for SQL injections, XSS and 700+ other vulnerabilities. This is included: - A scanner that checks your site for 700+ vulnerabilities - The latest security tests submitted by ethical hackers - Unlimited number of scans - An extensive knowledge base with over 100 remediation tips - Team functionality so that you can easily share reports - Integrations with popular tools like Slack, Jira and PagerDuty


    FortiWeb WAF is a comprehensive, high-performance web application security service.


    Gemnasium keeps track of projects dependencies and sends notifications of security vulnerabilities or when new versions are available.


    Automatically scan your App Engine apps for common vulnerabilities


    Software security solutions from Micro Focus Fortify cover your entire software development lifecycle (SDLC) for mobile, third party and website security.


    WebInspect offers automated dynamic application security testing (DAST) and interactive application security testing (IAST) technologies that mimics real-world hacking techniques and attacks, provides comprehensive dynamic analysis of complex web applications and services, and crawls more of the attack surface to exposes exploits.


    Powered by XGen security, Trend Micro Network Defense goes beyond next-gen IPS to provide a blend of cross-generational techniques that apply the right technology at the right time to deliver integrated detection and prevention of known, unknown and undisclosed threats.


    ParosPro is a security scanner software.


    Bricata ProAccel provides a deep, multi-vector cyber threat defense to protect networks.


    Qualys WAS is Qualys's platform for end-to-end web application scanning.


    ThinApp accelerates application deployment and simplifies application migration by isolating applications from their underlying operating systems to eliminate application conflict and streamline delivery and management.



    Web Application Protector is designed to safeguard web assets from web application and DDoS attacks, while improving performance.


    Fortify offers end-to-end application security solutions with the flexibility of testing on-premises and on-demand to cover the entire software development lifecycle.


    Appmobi is a secure mobile platform that adds end-to-end encryption and security to any mobile.


    Appsec Scale is an automated web application security testing solution. Its works with the same appsec engine as Outpost24's SWAT (the Secure Web Application Tactics) which means it always adapt itself to applications changes and new discovered threats. Appsec Scale test continuously the application but customers keep the control of the solution. Finally, Appsec Scale goes further than application testing and analyzes also the infrastructure. The solution can fit organizations of any size. It is Cloud-based (SaaS) so easy to deploy. But Application security teams are available 24/7 to support. Know more > https://outpost24.com/appsec-scale


    AppSpider is a dynamic application security testing (DAST) solution.


    AppSuit is a mobile app security solution which is develped by attacker's view. Protect various type of mobile apps in safe such as finace, game, public, IoT, fintech, O2O etc., from hacking threat.


    AppWall is a web application firewall (WAF) and network security solution that guarantees fast, reliable and secure web applications.


    Arxan Application Protection offers protection and management solutions for IoT, mobile, and other applications.


    Baffle's solution goes beyond simple encryption to truly close gaps in the data access model. The technology protects against some of the most recent high profile attacks. It's easy to deploy, requires no changes to the apps, and encrypts data at-rest, in use, in memory and in the search index. That’s complete data protection.


    baramundi Management System (bMS) is a modular, scalable and highly cost-effective Unified Endpoint Management system for comprehensive IT management, security and workflow automation. Modules work together via a single database in a single user interface. Select any of 18 available modules now and add others as needed for OS Install & Cloning, Patch Management, Vulnerability Management, MDM, Remote Control, HW/SW Inventory, VM Management, SNMP Device Management, Application Control, Disaster Recovery, Personal Backup and more.


    bugBlast is a tool designed to manage any type of security audit project.


    CAST Application Intelligence Platform (AIP) is an enterprise-grade software measurement and quality analysis solution designed to analyze multi-tiered, multi-technology applications for technical vulnerabilities and adherence to architectural and coding standards and then provide business relevant information to the IT organization through various dashboards and products built with end users in mind.


    CA Veracode Greenlight brings security scanning right into your IDE as you are coding, returning most scans in seconds. Think of it as your own personal security coach, highlighting the parts of your code that are vulnerable, and providing helpful tips on how to fix it. Becoming a better developer starts with ensuring that you are committing code with the fewest security flaws possible.


    CA Veracode's State of Software Security Report found that 88% of Java applications had at least one open sourced based vulnerability, one of which leaked the Social Security numbers of 143 million Americans. CA Veracode Software Composition Analysis (SCA) identifies risks from open source libraries early so you can reduce unplanned work, covering both security and license risk. SCA helps Engineering keep roadmaps on track, Security achieve regulatory compliance, and the Business make smart decisions


    CA Veracode Vendor Application Security Testing (VAST) provides a scalable program for managing third-party software risk. Build your program based on a decade’s worth of best practices to ensure success and see a simple pass or fail for each vendor application. Because CA Veracode scans binaries rather than source code, vendors will be more comfortable with the assessments because they don't have to disclose their intellectual property. With CA Veracode, you can scale your program without adding specialized headcount and manage the entire program on a single platform


    CA Veracode Web Application Scanning (WAS) offers a unified solution to find, secure, and monitor all of your web applications – not just the ones you know about. First, CA Veracode discovers and inventories all of your external web applications, then performs a lightweight scan on thousands of sites in parallel to find critical vulnerabilities and helps you prioritize your biggest risks. As a second step, you can run authenticated scans on critical applications to systematically reduce risk while continuously monitoring your security posture as part of the SDLC. CA Veracode offers multiple scanning technologies on a single platform, so you get unified results, analytics, and increased accuracy


    CD Web Performance Suite integrates a full range of web application performance tools to accelerate web content delivery and application performance.


    Code Dx’s automated application vulnerability correlation shaves weeks off that process so you can get right to fixing your code. Its vulnerability management lets you quickly prioritize vulnerabilities (to fix the most important ones first), track progress of their remediation, and observe how your code's security changes over time.


    Comodo cWatch Web is a managed security service for websites and applications that combines a Web Application Firewall (WAF) provisioned over a secure Content Delivery Network (CDN).


    Contrast Protect is a runtime application self-protection solution that uses deep security instrumentation to automatically weave real-time threat visibility & attack protection into every app.


    Deepfence provides application layer intrusion prevention for modern workloads. Deepfence's Security as a Microservice gets deployed as a lightweight sidecar container on every host, and can be scaled and orchestrated in exactly the same manner as your other containers.


    Defensics enables companies to preemptively mitigate unknown and published threats in products and services prior to release or deployment - before systems are exposed, outages occur and zero-day attacks strike.


    DenyAll is a french software editor specialized in Web Application Firewall (WAF) and vulnerability scanners.


    dotDefender is a web application security solution (a Web Application Firewall, or WAF) that offers strong, proactive security for websites and web applications. dotDefender can handle .NET Security issues.


    Enterprise Threat Protector (ETP) enables security teams to proactively identify, block, and mitigate targeted threats such as malware, ransomware, phishing, and data exfiltration that exploit the Domain Name System (DNS). Powered by real-time intelligence from Akamai Cloud Security Intelligence and Akamai's proven, globally distributed recursive DNS platform, Enterprise Threat Protector efficiently delivers security, control, and visibility to the enterprise while easily integrating with your existing network defenses.


    ForceShield real time proactive defense is a comprehensive security solution for both web and mobile applications, which can secure enterprise business and end users against account takeover and online fraud from automation attacks and data breaches.


    Identify and protect production applications from common attacks and vulnerability exploits in real-time.


    Integrated secure development, security testing and continuous monitoring.


    Manage, measure and integrate security for the entire software lifecycle.


    GamaScan, is a remote online web vulnerability-assessment service delivered via SaaS (software-as-a-service) and is designed to identify security weaknesses in web applications.


    Hdiv RASP enables applications to protect themselves during runtime. By building protection in during development, Hdiv RASP protects applications from the inside, keeping them secure wherever they go.


    Helios RXPF is a unique, fully scalable, hardware accelerated pattern matching solution for Security Analytics Acceleration (SAA) and content processing. The solution can be tuned for the desired combination of throughput, rule depth and complexity.


    Indusface is an application security with amazon web services (AWS) and software-as-a-service (SaaS) options.


    The ServiceNow Instance Security Dashboard gives your ServiceNow administrator quick and easy visibility to your instances' current compliance levels based on application security standards.


    Provides an end-to-end Application Security platform to bring you objective data so you can make informed decisions regarding the security, risk, cost, activity, quality, maintainability, efficiency and dependencies of your applications.


    Layered Insight, the pioneer and global leader in Container Native Application Protection, enables organizations to unify DevOps and SecOps by providing complete visibility and control of containerized applications.


    LeanSentry is an expert monitoring and diagnostics service for teams running production web applications from the Microsoft web platform.


    The Fortify Application Defender is a RASP solution designed to help users mitigate risk from homegrown or third-party applications. It provides visibility into application abuse while protecting software vulnerabilities from exploits in real time.


    Fortify your mobile app with self-protection, authentication and rogue app takedown.


    Allows connection with external SAF compliant security systems. Available for Natural on mainframe. Read more


    Secures Natural applications during development and run-time by controlling user access. Available for Natural on mainframe and LUW.


    Our SaaS Vulnerability Scanner accumulates the power of software discovery that runs against your Internet facing hosts and vulnerability intelligence. We use passive fingerprinting techniques to detect software and its version, running on a particular port, as well as supported functionality. This approach allows us to reliably detect and report critical vulnerabilities, misconfigured services or dangerous applications facing the Internet within your infrastructure. Furthermore, your systems will not suffer service disruptions during vulnerability scans as our passive fingerprinting techniques do not require usage of dangerous exploits. During the scan we will not trigger memory corruption, excessive resources consumption or assertion failures and still will be able to detect if your service is vulnerable to such threats.


    NSFocus ADS is an Anti-DDoS solution that provides on-premises equipment, cloud-based detection and mitigation services, or a hybrid offering that combines the strengths of both approaches.


    N-Stalker Web Application Security Scanner X is a web security assessment solution for web applications.


    Trend Micro PortalProtect secures collaborations with a dedicated layer of protection that guards against malware, malicious links, and other threats that SharePoint administrators are often unaware of. Its web reputation technology blocks malicious links from entering web portals, while its powerful content filtering scans both files and web components of SharePoint.


    Prevoty provides runtime application self protection (RASP) and application security-as-a-service.


    Prey is a cross-platform anti-theft and management solution for laptops, tablets and phones used to protect over 8 million devices, all around the world. Its solid tracking technology helps people and companies keep track of their assets 24/7, and proves to be crucial in the recovery of stolen devices and in the prevention of data breaches. What can you do with Prey anti-theft: MONITOR EFFICIENTLY Global view with location history to keep an eye on all devices, plus Control Zones to delimit areas on a map, like an office, and receive alerts if any assigned device moves in or out. MITIGATE DATA LOSS Data protection features provide the chance to avoid leaks by wiping custom directories remotely or retrieving files from compromised devices with corporate information. PREVENT THEFT Prey’s Missing Evidence reports will provide location, pictures, nearby Wifi networks and more data crucial when retrieving stolen devices and finding the culprit. MANAGE EFFORTLESSLY Smoothly manage thousands of devices by categorizing them with labels and perform bulk tasks with ease using Mass Actions: Alarm, Lock, Message Alerts, Wipe. INTEGRATE YOUR FLEET Organize devices from all types and operating systems under a single platform. Android, Windows, Linux, Chromebook, iOS, macOS, laptops, tablets, and mobiles, we got it. TRACKING CAPABILITIES ► Control Zones: Mark an area on a map, and get alerts when your mobile devices enter or leave it. ► Missing Device Reports: Receive evidence reports with location, nearby networks, pictures, and everything else you need to locate a device. ► GPS Geolocation: Pin-point accuracy reflected on a map, with gps coordinates on each report. ► Aware Tracking: Select between a smart and automatic periodic location tracking, or the on-demand alternative. ► Security Alarm: It will ring like gangbusters, even if your android phone's sound is silenced. ► Re Lock: Keep curious hands away from your lost mobile device, block it remotely. ► Front and Back Camera: Take silent snaps and discover who is holding your device. ► Security Camouflage: Go silent with the camouflage mode, hide the app on your android phone. ► Security Message Alert: Display a message on the screen to contact the current user. ► Location History: DATA PROTECTION ► Wipe: Boom, gone. Simply select what you want to delete, and safeguard your privacy. ► File Retrieval: That document you worked on for countless nights? We can retrieve it. DEVICE MANAGEMENT: ► Group Labelling: Create custom labels and group devices according to users, status, or area. ► Advanced Search: Filter the devices you are looking for with our advanced search system. ► Custom APK: Deploy and configure Prey with ease using customized installers. ► Mass Actions: All security actions can be deployed in mass to ensure smooth large-scale management.


    Probe.ly finds vulnerabilities or security issues in web applications and provides guidance on how to fix them. Probe.ly was built having developers in mind. Despite its sleek and intuitive web interface, Probe.ly follows an API-First development approach, providing all features through an API.


    ProfileUnityUser Environment Management ends the need for roaming profiles or basic profile tools. The solution supports zero downtime user migrations to Windows 10, and Server 2016, and to DaaS platforms such as Amazon WorkSpaces, Citrix Desktops on Azure, VMware Horizon hosted desktops, or Microsoft RDS & RDMI


    ProGuard is the most popular optimizer for Java bytecode. It makes your Java and Android applications up to 90% smaller and up to 20% faster. ProGuard also provides minimal protection against reverse engineering by obfuscating the names of classes, fields and methods.


    Promon SHIELD makes it possible to launch effective and secure apps on untrusted devices, without risking data leakage and damage to end-user trust.


    PT Application Inspector is designed to protect web applications of every scale: from landing pages and corporate portals to commerce, cloud services, and e-government systems.


    Qualys WAF is an integrated web application firewall (WAF) and web application scanning (WAS) solution.


    SD Elements is an award-winning platform that translates policies to prescriptive, measurable procedures that are used by IT and Engineering teams to achieve their security and compliance objectives. SD Elements generates and tracks granular controls with a flexible rule- based engine and integrates those controls into ALMs and enterprise workflows used by development teams, including those leveraging DevOps. SD Elements also delivers Just-In-Time training to developers, providing concise, contextual guidance on how to implement controls right when they need it.


    SecureSphere Web Application Firewall (WAF) analyzes all user access to business-critical web applications and protects applications and data from cyber attacks.


    APC's next-generation Connected Smart-UPS * is a time-saving, resource-saving innovation, making it easier to deploy, maintain, and monitor your power infrastructure - so you can focus on your business.


    Runtime Application Self-Protection (RASP) solution for developers. It protects applications and users against attacks at runtime. The protection logic is brought into applications with no source code modification or traffic redirection. Once deployed, Sqreen provides real-time protection against a large set of vulnerabilities incl. SQL injections, XSS, account takeovers, Security bots/scanners etc. It will detect suspicious user activities like: attacks performed by connected users, tor connections, shared accounts, lost passwords etc. Sqreen gets installed in 30 seconds and doesn’t require any configuration or maintenance.


    Build, run and secure your AWS, Azure, Google Cloud Platform or Hybrid applications with Sumo Logic, a cloud-native, machine data analytics service for log management and time series metrics.


    Dynamic Application Security Testing (DAST) uses penetration testing while web applications are running to simulate an attack by a skilled and motivated attacker.


    An enterprise solution that allows you to query and modify your managed computer assets in seconds, regardless of the size of your network.


    Threatcare is a cybersecurity platform that allows organizations to simulate intrusions on their network to help improve their people's performance, their processes, and their product utilization.


    TrueCode is a static application security testing solution.



    Uila with its Application-Centric Infrastructure Monitoring and Analytics identies performance bottlenecks for business-critical services & plans Workload Migration strategies for Private & Hybrid Cloud environments.


    VNS3:turret is a secure, redundant network with integrated dataflow and compliance tools.


    Trend Micro Vulnerability Protection provides earlier, stronger endpoint protection by supplementing desktop anti-malware and threat security with proactive virtual patching.


    Wallarm is an AI-powered application security solution for the teams launching new modular software services or upgrading their existing web applications to a new stack. Wallarm includes an adaptive Next Gen WAF, attack sandboxing, vulnerability scanner and development time testing modules.


    A plugin agent that provides the full suite of Waratek benefits


    A lightweight plugin agent that protects against the known attack vectors found in 2013 and 2017 OWASP Top Ten, SANS Top 25, Other common exploits


    Webreaver is a web application vulnerability scanner.


    WhiteHat Sentinel Dynamic is a software-as-a-service platform for dynamic application security testing (DAST).


    z3A Advanced App Analysis continually evaluates mobile app risk across company employees and their devices.