Application Security
Industry-leading SAST, DAST, SCA, API security, and DevSecOps platform providers
Try:
Prominent Application Security Vendors
Industry-leading vendors in this security domain
Checkmarx
Enterprise
Veracode
Application Security
Semgrep
Enterprise
Sonatype
Enterprise
Invicti
Enterprise Security
Contrast Security
Enterprise
Mend.io
Enterprise
GitLab
DevOps/Continuous Integration
PortSwigger
Enterprise
Anchore
Enterprise
Apiiro
Enterprise
42Crunch
Enterprise Security
Capability Legend
SAST
SAST
DAST
DAST
SCA
SCA
IAST
IAST
API
API Security
Container
Container Scanning
IaC
IaC Security
Secrets
Secret Detection
SBOM
SBOM
Review
Code Review
CI/CD
CI/CD Integration
RASP
Runtime App Protection
SAST & Code Analysis (11)
Checkmarx
Checkmarx is an information security company specializing in software application security testing and risk management for software supply chains. It
Veracode
Veracode helps organizations manage application security risks effectively with its Application Risk Management platform, built for today's AI-driven
Semgrep
Semgrep App Security Platform provides an extensible developer-friendly application security platform that scans source code to surface true and actio
Backslash Security
Backslash provides an application security solution that merges code and cloud security findings for comprehensive protection. The platform offers vis
Bearer
Bearer provides developer-first software composition analysis and security testing tools to identify and remediate code security risks in DevSecOps wo
Dam Secure
Dam Secure provides AI-powered application security solutions that help development teams identify and remediate vulnerabilities in their software. Th
DeepSource
DeepSource automates code reviews to help teams ship faster with confidence, catching security issues and improving code quality across the developmen
Fluid Attacks
Fluid Attacks integrates AI, automated tools, and pentesters to continuously help development teams build secure software without delays. The company
Qwiet AI
Qwiet AI secures applications with AI-powered code analysis, natural language insights, and context-aware findings - built to empower developers and p
SecureFlag
SecureFlag provides hands-on secure coding training for Developers, DevOps, Cloud and QA Engineers to write secure software from the first keystroke.
Security Journey
Security Journey trains developers to write secure code by having them exploit and fix vulnerabilities in a web-based sandbox, focusing on AI-assisted
DAST & Application Testing (10)
Invicti
Invicti is a web application and API security platform that provides accurate and automated application security testing for enterprise organizations.
PortSwigger
PortSwigger offers tools for web application security testing and scanning. The company provides software solutions for identifying vulnerabilities in
Bright Security
Bright Security helps teams to find and fix security issues fast with automated DAST, API, and cloud testing built for modern DevSecOps. The company's
CMD+CTRL Security
CMD+CTRL Security provides industry-leading application security training to help organizations create secure software through role-based learning and
DefendLab
DefendLab offers application security testing and vulnerability management services for enterprises. The company provides comprehensive security asses
Detectify
Detectify is a cybersecurity company that provides web application security testing and vulnerability detection services to businesses. The company's
ImmuniWeb
ImmuniWeb develops machine learning and AI technologies for SaaS-based application security solutions provided via its proprietary ImmuniWeb AI Platfo
Indusface
Indusface provides AI-powered application security solutions, including Web Application and API Protection, Web Application Firewall, DAST, and Malwar
NightVision
NightVision is a web and API security testing platform that simplifies application security by providing fast, accurate, and comprehensive scans to id
StackHawk
StackHawk enables AppSec teams to prioritize testing and fixing what matters with its shift-left runtime testing (DAST) and attack surface discovery f
SCA & Supply Chain Security (11)
Sonatype
Sonatype provides intelligence & automated governance to help you build faster & safer with open source and AI. From the creators of Nexus Repository,
Mend.io
Mend.io offers the first AI native application security platform, purpose-built to secure AI-generated code and embedded AI components. It provides a
Anchore
Anchore provides software supply chain security solutions that automate vulnerability scanning, SBOM management, and compliance enforcement for contai
Endor Labs
Endor Labs provides an application security posture management platform that unifies SCA, SAST, secrets detection, and CI/CD security into a single de
HeroDevs
HeroDevs provides secure drop-in replacements for end-of-life open source software, helping engineering teams eliminate risk from unsupported dependen
Manifest
Manifest provides software supply chain security and SBOM generation solutions for highly regulated organizations. It automates SBOM creation, manages
Phylum
Phylum is a software supply chain security company that defends applications against malicious open-source packages. The platform analyzes open-source
SOOS
SOOS AppSec - Find & fix vulnerabilities with SCA, DAST, SAST, and Container scans. Manage SBOMs across your SDLC. The company provides enterprise-gra
Scantist
Scantist is a Singapore-based cybersecurity company that helps organisations secure modern software, digital products, and AI-driven systems by combin
Seal Security
Seal Security's AppSec Remediation Agent delivers real, human-vetted, production-ready fixes for open source vulnerabilities - resolving risk directly
Xygeni
Xygeni is an AI-powered application security platform that detects, prioritizes, and remediates vulnerabilities and malware end-to-end, without tradit
API Security (5)
42Crunch
The company provides an API Security platform that proactively tests, fixes, and protects APIs from security vulnerabilities throughout the developmen
AppSentinels
AppSentinels provides unified agentic AI and API security solutions to protect business logic across the entire application lifecycle. The company sec
Escape
Escape is an AI-powered offensive security platform that helps teams replace legacy scanners with continuous discovery, pentesting, and remediation. T
Nokod Security
Nokod Security provides enterprise low-code, no-code, and AI agent security solutions to detect and remediate hidden risks in citizen development. The
Traceable AI
Traceable AI provides comprehensive security for applications and APIs by discovering, protecting, and testing all apps and APIs. The company's platfo
DevSecOps & ASPM Platform (11)
GitLab
GitLab provides an intelligent orchestration platform for DevSecOps, offering a single platform for teams to plan, code, test, and deploy software fas
Apiiro
Apiiro is an application security posture management (ASPM) platform that helps enterprises prevent risks before code exists. It provides AI-powered t
ArmorCode
ArmorCode's Unified Exposure Management Platform helps security teams unify, prioritize, and remediate vulnerabilities 10x faster by leveraging AI-pow
Arnica
Arnica enhances application security through automated tools, providing secure code, streamlined development processes, and compliance ease. It offers
Cycode
Cycode's Agentic Development Security Platform unites security and development teams with actionable, code-to-runtime context to identify, prioritize,
DefectDojo
DefectDojo is a security tool that automates application security vulnerability management, providing a platform for smarter and scalable security. It
Digital.ai
Digital.ai is an AI-powered software delivery platform that unifies, secures, and generates predictive insights across the software lifecycle to enhan
Heeler
Heeler is a remediation platform that helps modern software teams mitigate open source risk through deterministic analysis and preventative guardrails
Legit Security
Legit Security is the AI-native ASPM platform to detect, fix and prevent AppSec risk from AI-generated code, secrets, and critical vulnerabilities. It
Palosade
Palosade: AI-Powered Cybersecurity Automation - Automate your security program and unleash your business potential with Palosade's AI agents that stre
Tromzo
Tromzo builds actionable context from code-to-cloud graph to accelerate remediation of critical risks across the software supply chain through AI-powe
Mobile Application Security (5)
Appknox
Appknox provides AI-powered enterprise-grade mobile application security solutions for enterprises. The company offers vulnerability assessment, penet
Corellium
Corellium provides virtual iOS and Android devices for security testing, research, and DevSecOps. The company offers solutions for mobile app pentesti
DoveRunner
DoveRunner provides complete mobile app and content security solutions for top media, entertainment, financial, and OTT leaders. Its robust end-to-end
Guardsquare
Guardsquare is the leader in mobile application security, providing multi-layered protection for Android and iOS apps through its products such as Dex
Zimperium Mobile Security Solutions
Zimperium is the only mobile security platform purpose-built for enterprise, securing both mobile devices and applications so they can securely access
Specialized Application Security (14)
Contrast Security
Contrast Security delivers real-time and always-on application security INSIDE your apps and APIs. The company provides a runtime security platform th
AppOmni
AppOmni provides enterprise-level SaaS application security solutions, offering deep posture inspection, advanced detection, elastic scale, and leadin
AxisNow
AxisNow is a cloud-agnostic edge platform that provides multi-CDN and private CDN services, application security, and delivery solutions. It enables u
CalypsoAI
CalypsoAI provides an AI security and governance platform that enables enterprises to safely adopt and scale generative AI by monitoring, controlling,
Dynatrace
Dynatrace provides an AI-powered observability platform for monitoring, analyzing, and optimizing application performance, software development, cyber
F5
F5, Inc. is an American technology company specializing in application security, multi-cloud management, online fraud prevention, and network security
GuidePoint Security
GuidePoint Security provides trusted cybersecurity consulting expertise, solutions, and services that help organizations make better decisions and min
Imperva
Imperva provides complete cyber security by protecting what really matters most-your data and applications-whether on-premises or in the cloud. The co
InstaSecure
InstaSecure delivers preventive cloud guardrails and virtual patching to remediate CNAPP/IAM risks in minutes-no code changes. Works with AWS, IdPs, a
ONEKEY
ONEKEY provides an all-in-one platform for product cybersecurity and compliance, offering automated SBOM management, vulnerability analysis, and compl
OWASP Foundation
OWASP Foundation is a non-profit organization that works to improve the security of software through open-source information and resources on IoT, sys
Oligo Security
Oligo Security provides an application and AI runtime security platform that detects and prevents threats in real-time across cloud, code, and AI work
Thales
Thales Group is a global technology leader providing solutions in aerospace, space, defense, security, and transportation. The company offers a range
ThreatModeler
ThreatModeler provides an intelligent threat modeling solution that unifies applications, cloud, and infrastructure to give enterprises continuous vis