Best Application Security Software

Application Security Software Grid® Overview

The best Application Security Software products are determined by customer satisfaction (based on user reviews) and market presence (based on products’ scale, focus, and influence) and placed into four categories on the Grid®:
  • Products in the Leader quadrant are rated highly by G2 Crowd users and have substantial Market Presence scores. Leaders include: Fiddler, Nessus, and Salesforce Platform: mySalesforce
  • High Performers are highly rated by their users, but have not yet achieved the Market Presence of the Leaders. High Performers include: Lookout, Netsparker, and Pulse Secure Virtual Traffic Manager
  • Contenders have significant Market Presence and resources, but have received below average user Satisfaction ratings or have not yet received a sufficient number of reviews to validate the solution. Contenders include: GravityZone
  • Niche solutions do not have the Market Presence of the Leaders. They may have been rated positively on customer Satisfaction, but have not yet received enough reviews to validate them. Niche products include: CheckMarx and Acunetix Vulnerability Scanner
G2 Crowd Grid® for Application Security
Leaders
High Performers
Contenders
Niche
Market Presence
Satisfaction
Compare Application Security Software
    Results: 111

    Filters
    Star Rating

    Application Security reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

    Salesforce Platform: mySalesforce empowers employees across your organization to live your brand through their mobile experience. mySalesforce alllows you to create rich and engaging branded mobile apps for every department, from sales and service to HR, finance, and operations.


    Fiddler is a free web debugging proxy for any browser, system or platform.


    Bitdefender GravityZone combines all the security services organizations need into a single delivery platform to reduce their cost of building a trusted environment for all endpoints.


    Consultants and organizations around the world use Nessus® Professional to reduce their IT attack surface and ensure compliance. Nessus features high-speed asset discovery, configuration auditing, target profiling, malware detection, sensitive data discovery and more. Nessus supports more technologies than competitive solutions, scanning operating systems, network devices, next generation firewalls, hypervisors, databases, web servers and critical infrastructure for vulnerabilities, threats and compliance violations. With the world’s largest continuously updated library of vulnerability and configuration checks, and the support of Tenable’s expert vulnerability research team, Nessus sets the standard for vulnerability scanning speed and accuracy.


    Pulse Secure Virtual Traffic Manager is a software-based application delivery controller (ADC) designed to deliver faster, high performance user experience, with more reliable access to public websites and enterprise applications.


    Lookout is a mobile app that fights cybercriminals by predicting and stopping mobile attacks before they do harm.


    Netsparker develops an industry leading automated web application security solution. Available as Windows software, online and on-premises service, the Netsparker scanner can automatically detect SQL Injection, Cross-site Scripting and other vulnerabilities in any type of modern HTML5, Single Page Application (SPA), Web 2.0 web application and web services, regardless of the technology they are built with. The Netsparker scanner does not just report the vulnerabilities, it also generates a proof of exploit confirming they are real and not false positives. Therefore you do not have to waste time manually verifying the scanner’s findings and can easily scale up web application security and scan thousands of websites within a matter of hours. Netsparker is trusted and used by world renowned companies such as Samsung, Ernst & Young, Skype, NASA, ISACA and ING Bank.


    Acunetix leads the market in automatic web security testing technology that comprehensively scans and audits complex, authenticated, HTML5 and JavaScript-heavy websites among others. Used by many Government, Military, Educational, Telecommunications, Banking, Finance, and E-Commerce sectors, including many Fortune 500 companies, Acunetix offers cost-effective entry into the web scanning market with a simple, scalable, and high availability solution, without compromising quality. Acunetix can report on a wide range of web vulnerabilities, including SQLi, XSS and provides the only technology on the market that can automatically detect out-of-band vulnerabilities. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritise and control vulnerability threats – ordered by business criticality.


    Identify software security vulnerabilities & fix them


    Coverity, a Synopsys software testing solution, is a leading provider of software quality and security analysis.


    IBM Security AppScan Standard protects against web application attacks and expensive data breaches by automating application security vulnerability testing. Avoid security vulnerabilities Use automated dynamic security testing and advanced static analysis – “black box” and “white box” – to detect developing security issues. Empower accurate scanning Scan websites to identify embedded vulnerabilities. Simplify interpretation of scan results with scan-specific explanations of each issue. Get quick remediation Fix high-priority problems first with streamlined remediation. Make fixes quickly with the provided remediation steps – including code examples and a task list.


    EdgeWave, award-winning Web Security


    SiteLock, the global leader in website security solutions, is the only provider to offer complete, cloud-based website protection. Its 360-degree monitoring detects and fixes threats, prevents future attacks, accelerates website performance, and meets PCI compliance standards for businesses of all sizes. Founded in 2008, the company protects over 12 million ​websites worldwide. For more information, please visit sitelock.com.


    The NGINX Application Platform is a suite of products that together form the core of what organizations need to create applications with performance, reliability, security, and scale. The NGINX Application Platform includes NGINX Plus for load balancing and application delivery, the NGINX WAF for security, and NGINX Unit to run the application code, all monitored and managed by the NGINX Controller. NGINX is the heart of the modern web — helping the world’s most innovative companies deliver their sites and applications with performance, reliability, security, and scale. The company offers an award-winning, comprehensive application delivery platform in use on more than 300 million sites worldwide. Companies around the world rely on NGINX to ensure flawless digital experiences through features such as advanced load balancing, web and mobile acceleration, security controls, application monitoring, and management. More than half of the Internet’s busiest websites rely on NGINX, including Airbnb, Box, Instagram, Netflix, Pinterest, SoundCloud, and Zappos. The company is headquartered in San Francisco, with its EMEA headquarters in Cork, Ireland and APAC headquarters in Singapore. Learn more at https://www.nginx.com/


    Burp Suite is a toolkit for web application security testing.


    Cloudbric is a cloud-based web security provider, offering an award-winning Web Application Firewall (WAF), DDoS protection, and SSL. Cloudbric offers security primarily to startup and SMB websites that lack cybersecurity experience or can't afford expensive IT security solutions. Cloudbric’s services are free for all websites with less than 4GB of bandwidth per month. We charge based on amount of web traffic, making Cloudbric perfect for SMEs and new startups. Our services are military-grade protection for the little guy.


    Synopsys SecureAssist helps companies design, build, and maintain secure software.


    AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards web applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency.


    Barracuda Web Application Firewall gives DevOps and application security teams comprehensive security that is easy to deploy and manage.


    F5 Big IP Platform provides application services ranging from access and acceleration to security to intelligent traffic management.


    NetScaler AppFirewall is a web application firewall (WAF) that protects web applications and sites from both known and unknown attacks, including all application-layer and zero-day threats.


    Peach Fuzzer is an automated security testing platform that prevents zero-day attacks by findng vulnerabilities in hardware and software systems.


    Scanii is a simple REST API you can use to identify malware, phishing, NSFW images/language and other dangerous content.


    SUSE Linux Enterprise Server is a world-class, secure open source server operating system, built to power physical, virtual and cloud-based mission-critical workloads.


    Veracode is the world's best automated, on-demand application security testing and code review solution.


    BitNinja is an easy-to-use server security tool, which can be installed on your server within a couple of minutes and requires virtually no maintenance. It is a mixture of an on-premise and cloudbased solution. It is an agent which sits on your infrastructure and sends the attack information to the central server which is in the cloud. We have a new technology called defence network, which means that every BitNinja protected server learns from each attack and shares the learned information with the central server and with all the other BitNinja enabled servers, so the shield just gets stronger and stronger with every single attack.


    Application Centric Infrastructure (ACI) simplifies, optimizes, and accelerates the application deployment lifecycle in next-generation data centers and clouds.


    Detectify is a web security scanner that performs fully automated tests to identify security issues on your website. It checks for SQL injections, XSS and 700+ other vulnerabilities. This is included: - A scanner that checks your site for 700+ vulnerabilities - The latest security tests submitted by ethical hackers - Unlimited number of scans - An extensive knowledge base with over 100 remediation tips - Team functionality so that you can easily share reports - Integrations with popular tools like Slack, Jira and PagerDuty



    Gemnasium keeps track of projects dependencies and sends notifications of security vulnerabilities or when new versions are available.


    Automatically scan your App Engine apps for common vulnerabilities


    Trend Micro IM Security provides threat and data protection for Microsoft Skype for Business servers. Top-rated malware and URL filtering block phishing messages and malicious file transfers. Built-in Data Loss Prevention (DLP) controls the sharing of sensitive data. Minimize risk exposure with messaging content filters that warn users of unprofessional behavior. This real-time security solution also helps avoid conflicts of interest with communication controls to enforce blocks or ethical walls.


    Software security solutions from Micro Focus Fortify cover your entire software development lifecycle (SDLC) for mobile, third party and website security.


    WebInspect offers automated dynamic application security testing (DAST) and interactive application security testing (IAST) technologies that mimics real-world hacking techniques and attacks, provides comprehensive dynamic analysis of complex web applications and services, and crawls more of the attack surface to exposes exploits.


    ParosPro is a security scanner software.


    Bricata ProAccel provides a deep, multi-vector cyber threat defense to protect networks.


    ThinApp accelerates application deployment and simplifies application migration by isolating applications from their underlying operating systems to eliminate application conflict and streamline delivery and management.



    Web Application Protector is designed to safeguard web assets from web application and DDoS attacks, while improving performance.


    Appknox is a cloud-based mobile app security solution that helps businesses and developers detect and resolve security issues in their apps, in just a few minutes and without access to any source code. Appknox uses a device farm of real devices to test your apps for over 80 security test cases resulting in a report that lays down actionable insights for developers to be able to build a secure app.


    Fortify offers end-to-end application security solutions with the flexibility of testing on-premises and on-demand to cover the entire software development lifecycle.


    Appmobi is a secure mobile platform that adds end-to-end encryption and security to any mobile.


    Appsec Scale is an automated web application security testing solution. Its works with the same appsec engine as Outpost24's SWAT (the Secure Web Application Tactics) which means it always adapt itself to applications changes and new discovered threats. Appsec Scale test continuously the application but customers keep the control of the solution. Finally, Appsec Scale goes further than application testing and analyzes also the infrastructure. The solution can fit organizations of any size. It is Cloud-based (SaaS) so easy to deploy. But Application security teams are available 24/7 to support. Know more > https://outpost24.com/appsec-scale


    AppSecure is a suite of application security capabilities for Juniper Networks SRX Series Services Gateways that identifies applications for greater visibility, enforcement, control, and protection of the network.


    AppSpider is a dynamic application security testing (DAST) solution.


    AppSuit is a mobile app security solution which is develped by attacker's view. Protect various type of mobile apps in safe such as finace, game, public, IoT, fintech, O2O etc., from hacking threat.


    AppWall is a web application firewall (WAF) and network security solution that guarantees fast, reliable and secure web applications.


    Arxan Application Protection offers protection and management solutions for IoT, mobile, and other applications.


    Baffle's solution goes beyond simple encryption to truly close gaps in the data access model. The technology protects against some of the most recent high profile attacks. It's easy to deploy, requires no changes to the apps, and encrypts data at-rest, in use, in memory and in the search index. That’s complete data protection.


    Baramundi provides companies and organizations with efficient, secure, and cross-platform management of workstation environments.


    bugBlast is a tool designed to manage any type of security audit project.


    CAST Application Intelligence Platform (AIP) is an enterprise-grade software measurement and quality analysis solution designed to analyze multi-tiered, multi-technology applications for technical vulnerabilities and adherence to architectural and coding standards and then provide business relevant information to the IT organization through various dashboards and products built with end users in mind.


    CA Veracode Greenlight brings security scanning right into your IDE as you are coding, returning most scans in seconds. Think of it as your own personal security coach, highlighting the parts of your code that are vulnerable, and providing helpful tips on how to fix it. Becoming a better developer starts with ensuring that you are committing code with the fewest security flaws possible.


    CA Veracode's State of Software Security Report found that 88% of Java applications had at least one open sourced based vulnerability, one of which leaked the Social Security numbers of 143 million Americans. CA Veracode Software Composition Analysis (SCA) identifies risks from open source libraries early so you can reduce unplanned work, covering both security and license risk. SCA helps Engineering keep roadmaps on track, Security achieve regulatory compliance, and the Business make smart decisions


    CA Veracode Vendor Application Security Testing (VAST) provides a scalable program for managing third-party software risk. Build your program based on a decade’s worth of best practices to ensure success and see a simple pass or fail for each vendor application. Because CA Veracode scans binaries rather than source code, vendors will be more comfortable with the assessments because they don't have to disclose their intellectual property. With CA Veracode, you can scale your program without adding specialized headcount and manage the entire program on a single platform


    CA Veracode Web Application Scanning (WAS) offers a unified solution to find, secure, and monitor all of your web applications – not just the ones you know about. First, CA Veracode discovers and inventories all of your external web applications, then performs a lightweight scan on thousands of sites in parallel to find critical vulnerabilities and helps you prioritize your biggest risks. As a second step, you can run authenticated scans on critical applications to systematically reduce risk while continuously monitoring your security posture as part of the SDLC. CA Veracode offers multiple scanning technologies on a single platform, so you get unified results, analytics, and increased accuracy


    CD Web Performance Suite integrates a full range of web application performance tools to accelerate web content delivery and application performance.


    Code Dx’s automated application vulnerability correlation shaves weeks off that process so you can get right to fixing your code. Its vulnerability management lets you quickly prioritize vulnerabilities (to fix the most important ones first), track progress of their remediation, and observe how your code's security changes over time.


    Comodo cWatch Web is a managed security service for websites and applications that combines a Web Application Firewall (WAF) provisioned over a secure Content Delivery Network (CDN).


    Contrast Protect is a runtime application self-protection solution that uses deep security instrumentation to automatically weave real-time threat visibility & attack protection into every app.


    Deepfence provides application layer intrusion prevention for modern workloads. Deepfence's Security as a Microservice gets deployed as a lightweight sidecar container on every host, and can be scaled and orchestrated in exactly the same manner as your other containers.


    Defensics enables companies to preemptively mitigate unknown and published threats in products and services prior to release or deployment - before systems are exposed, outages occur and zero-day attacks strike.


    DenyAll is a french software editor specialized in Web Application Firewall (WAF) and vulnerability scanners.


    dotDefender is a web application security solution (a Web Application Firewall, or WAF) that offers strong, proactive security for websites and web applications. dotDefender can handle .NET Security issues.


    Falcon Discover is a security hygiene solution that allows to identify unauthorized systems and applications in real time across the environment and remediate quickly to improve the overall security posture.


    ForceShield real time proactive defense is a comprehensive security solution for both web and mobile applications, which can secure enterprise business and end users against account takeover and online fraud from automation attacks and data breaches.


    Identify and protect production applications from common attacks and vulnerability exploits in real-time.


    Integrated secure development, security testing and continuous monitoring.


    Manage, measure and integrate security for the entire software lifecycle.


    FortiWeb WAF is a comprehensive, high-performance web application security service.


    GamaScan, is a remote online web vulnerability-assessment service delivered via SaaS (software-as-a-service) and is designed to identify security weaknesses in web applications.


    Hdiv RASP enables applications to protect themselves during runtime. By building protection in during development, Hdiv RASP protects applications from the inside, keeping them secure wherever they go.


    Helios RXPF is a unique, fully scalable, hardware accelerated pattern matching solution for Security Analytics Acceleration (SAA) and content processing. The solution can be tuned for the desired combination of throughput, rule depth and complexity.


    Indusface is an application security with amazon web services (AWS) and software-as-a-service (SaaS) options.


    The ServiceNow Instance Security Dashboard gives your ServiceNow administrator quick and easy visibility to your instances' current compliance levels based on application security standards.


    Provides an end-to-end Application Security platform to bring you objective data so you can make informed decisions regarding the security, risk, cost, activity, quality, maintainability, efficiency and dependencies of your applications.


    Layered Insight, the pioneer and global leader in Container Native Application Protection, enables organizations to unify DevOps and SecOps by providing complete visibility and control of containerized applications.


    LeanSentry is an expert monitoring and diagnostics service for teams running production web applications from the Microsoft web platform.


    The Fortify Application Defender is a RASP solution designed to help users mitigate risk from homegrown or third-party applications. It provides visibility into application abuse while protecting software vulnerabilities from exploits in real time.


    Fortify your mobile app with self-protection, authentication and rogue app takedown.


    Allows connection with external SAF compliant security systems. Available for Natural on mainframe. Read more


    Secures Natural applications during development and run-time by controlling user access. Available for Natural on mainframe and LUW.


    Powered by XGen security, Trend Micro Network Defense goes beyond next-gen IPS to provide a blend of cross-generational techniques that apply the right technology at the right time to deliver integrated detection and prevention of known, unknown and undisclosed threats.


    Our SaaS Vulnerability Scanner accumulates the power of software discovery that runs against your Internet facing hosts and vulnerability intelligence. We use passive fingerprinting techniques to detect software and its version, running on a particular port, as well as supported functionality. This approach allows us to reliably detect and report critical vulnerabilities, misconfigured services or dangerous applications facing the Internet within your infrastructure. Furthermore, your systems will not suffer service disruptions during vulnerability scans as our passive fingerprinting techniques do not require usage of dangerous exploits. During the scan we will not trigger memory corruption, excessive resources consumption or assertion failures and still will be able to detect if your service is vulnerable to such threats.


    NSFocus ADS is an Anti-DDoS solution that provides on-premises equipment, cloud-based detection and mitigation services, or a hybrid offering that combines the strengths of both approaches.


    N-Stalker Web Application Security Scanner X is a web security assessment solution for web applications.


    Trend Micro PortalProtect secures collaborations with a dedicated layer of protection that guards against malware, malicious links, and other threats that SharePoint administrators are often unaware of. Its web reputation technology blocks malicious links from entering web portals, while its powerful content filtering scans both files and web components of SharePoint.


    Prevoty provides runtime application self protection (RASP) and application security-as-a-service.


    Probe.ly finds vulnerabilities or security issues in web applications and provides guidance on how to fix them. Probe.ly was built having developers in mind. Despite its sleek and intuitive web interface, Probe.ly follows an API-First development approach, providing all features through an API.


    ProGuard is the most popular optimizer for Java bytecode. It makes your Java and Android applications up to 90% smaller and up to 20% faster. ProGuard also provides minimal protection against reverse engineering by obfuscating the names of classes, fields and methods.


    Promon SHIELD makes it possible to launch effective and secure apps on untrusted devices, without risking data leakage and damage to end-user trust.


    PT Application Inspector is designed to protect web applications of every scale: from landing pages and corporate portals to commerce, cloud services, and e-government systems.


    Qualys WAF is an integrated web application firewall (WAF) and web application scanning (WAS) solution.


    Qualys WAS is Qualys's platform for end-to-end web application scanning.


    SD Elements is an award-winning platform that translates policies to prescriptive, measurable procedures that are used by IT and Engineering teams to achieve their security and compliance objectives. SD Elements generates and tracks granular controls with a flexible rule- based engine and integrates those controls into ALMs and enterprise workflows used by development teams, including those leveraging DevOps. SD Elements also delivers Just-In-Time training to developers, providing concise, contextual guidance on how to implement controls right when they need it.


    Comprehensive code signing management solution that includes vetting and approval of software publishers, code signing, key protection, revocation, administrative controls, reporting and audit logs.


    SecureSphere Web Application Firewall (WAF) analyzes all user access to business-critical web applications and protects applications and data from cyber attacks.


    Runtime Application Self-Protection (RASP) solution for developers. It protects applications and users against attacks at runtime. The protection logic is brought into applications with no source code modification or traffic redirection. Once deployed, Sqreen provides real-time protection against a large set of vulnerabilities incl. SQL injections, XSS, account takeovers, Security bots/scanners etc. It will detect suspicious user activities like: attacks performed by connected users, tor connections, shared accounts, lost passwords etc. Sqreen gets installed in 30 seconds and doesn’t require any configuration or maintenance.


    Dynamic Application Security Testing (DAST) uses penetration testing while web applications are running to simulate an attack by a skilled and motivated attacker.


    An enterprise solution that allows you to query and modify your managed computer assets in seconds, regardless of the size of your network.


    Threatcare is a cybersecurity platform that allows organizations to simulate intrusions on their network to help improve their people's performance, their processes, and their product utilization.


    TrueCode is a static application security testing solution.



    Uila with its Application-Centric Infrastructure Monitoring and Analytics identies performance bottlenecks for business-critical services & plans Workload Migration strategies for Private & Hybrid Cloud environments.


    Trend Micro Vulnerability Protection provides earlier, stronger endpoint protection by supplementing desktop anti-malware and threat security with proactive virtual patching.


    Wallarm is an AI-powered application security solution for the teams launching new modular software services or upgrading their existing web applications to a new stack. Wallarm includes an adaptive Next Gen WAF, attack sandboxing, vulnerability scanner and development time testing modules.


    A plugin agent that provides the full suite of Waratek benefits


    A lightweight plugin agent that protects against the known attack vectors found in 2013 and 2017 OWASP Top Ten, SANS Top 25, Other common exploits


    Webreaver is a web application vulnerability scanner.


    WhiteHat Sentinel Dynamic is a software-as-a-service platform for dynamic application security testing (DAST).


    z3A Advanced App Analysis continually evaluates mobile app risk across company employees and their devices.


    Kate from G2 Crowd

    Learning about Application Security?

    I can help.
    Get FREE professional recommendations in just a few minutes.