πŸ’» SaaS β€Ί Application Security β€Ί Application Security
πŸ“‹

Application Security

Compare 154 application security tools to find the right one for your needs

πŸ“‚ Subcategories

πŸ“ API Security

29 tools

πŸ“ DAST Tools

20 tools

πŸ“ Mobile App Security

22 tools

πŸ“ RASP Solutions

29 tools

πŸ“ SAST Tools

21 tools

πŸ“ SCA Tools

20 tools

πŸ“ Secure Code Review

2 tools

πŸ“ WAF Solutions

11 tools

πŸ”§ Tools

Compare and find the best application security for your needs

Aikido Security

Security for developers. Not for the 1%.

An all-in-one security platform that combines multiple scanners, including SAST, for SMBs.

View tool details β†’

Wib

The API Security Platform for Developers.

A holistic API security platform covering the entire API lifecycle.

View tool details β†’

Prophaze WAF

AI-Powered Cloud Native Web Application & API Protection.

A Kubernetes-native WAF that uses AI and behavioral analysis to protect web applications, APIs, and microservices.

View tool details β†’

Jit

The easiest way to secure your code, from day one.

A security orchestration platform that simplifies the implementation of DevSecOps.

View tool details β†’

PortSwigger Burp Suite

The world's #1 web penetration testing toolkit.

A set of tools for performing security testing of web applications.

View tool details β†’

Intruder

Stop breaches before they start.

An online vulnerability scanner that finds cybersecurity weaknesses in digital infrastructure.

View tool details β†’

Astra Pentest

Pentesting as a service, tailored for your industry.

A penetration testing platform that combines automated and manual pentesting to secure web applications, APIs, and cloud infrastructure.

View tool details β†’

Semgrep

The App Security Platform for developers.

A fast, open-source static analysis tool for finding bugs and enforcing code standards.

View tool details β†’

Aikido Security

Security for developers. Not for the sake of compliance.

An all-in-one security platform that consolidates multiple open source tools.

View tool details β†’

42Crunch

The API Security Platform.

An API security platform focused on a 'shift-left' approach.

View tool details β†’

Traceable AI

The Industry's Leading API Security Platform.

API security and observability for cloud-native applications.

View tool details β†’

Wallarm

End-to-End API and Application Security.

A WAAP platform that protects websites, microservices, and APIs from threats.

View tool details β†’

ThreatX WAF

Managed API and application protection with confidence, not complexity.

A managed WAF that blocks botnets and advanced attacks in real time, protecting both web applications and APIs.

View tool details β†’

Appdome

The Mobile App Defense Automation Platform.

A no-code platform for adding security, anti-fraud, and other features to mobile apps.

View tool details β†’

Data Theorem

Analyze and secure any modern application, anytime, anywhere.

Automated security for mobile, API, cloud, and web applications.

View tool details β†’

Guardsquare (DexGuard and iXGuard)

The Mobile Application Security Platform.

Provides multi-layered security for mobile apps, including code hardening and RASP.

View tool details β†’

Approov

Secure Your APIs. Protect Your Business.

Provides mobile app and API shielding to ensure only genuine apps can access backend services.

View tool details β†’

Fastly Next-Gen WAF (formerly Signal Sciences)

The first truly modern WAF.

A next-generation WAF and RASP solution that protects web applications, APIs, and microservices.

View tool details β†’

Appknox

Automate your mobile application security.

A mobile application security platform combining automated and manual testing.

View tool details β†’

Pradeo

The 360Β° Mobile Security Company.

An AI-based security platform for mobile devices, applications, and data.

View tool details β†’

Appsealing

Robust Mobile App Security, Made Easy.

A cloud-based mobile app security solution with RASP capabilities.

View tool details β†’

Jamf

Simplifying work by helping organizations manage and secure an Apple experience.

A comprehensive management and security platform for the Apple ecosystem.

View tool details β†’

Semgrep

An extensible developer-friendly application security platform.

A fast, open-source static analysis tool for finding bugs and enforcing code standards.

View tool details β†’

GitHub Advanced Security

Find and fix vulnerabilities with ease.

A suite of security tools integrated into GitHub, featuring CodeQL-powered SAST.

View tool details β†’

CodeScene

The only developer-first platform for software engineering intelligence.

A code analysis tool that prioritizes technical debt and security issues based on development activity.

View tool details β†’

Bright Security

Developer-Centric Dynamic Application Security Testing (DAST)

A DAST solution that integrates into the SDLC to help developers find and fix vulnerabilities early.

View tool details β†’

Probely

Web Vulnerability Scanning for Dev, Sec, and Ops.

A DAST tool that provides continuous and automated vulnerability scanning for web applications and APIs.

View tool details β†’

GitHub Advanced Security

Find and fix vulnerabilities with ease.

A suite of security tools integrated into the GitHub platform.

View tool details β†’

Trivy

The All-in-One Security Scanner.

A popular open source scanner for vulnerabilities, misconfigurations, secrets, and SBOMs.

View tool details β†’

Cycode

The AI-Native AppSec Platform.

A comprehensive platform for software supply chain and application security.

View tool details β†’

Noname Security

The Complete, Proactive API Security Platform.

Discovers, analyzes, remediates, and tests all APIs in real-time.

View tool details β†’

Postman

The API Platform for Developers.

A comprehensive platform for building, testing, and documenting APIs.

View tool details β†’

F5 BIG-IP Advanced WAF

Industry-leading web application security.

A powerful WAF that provides comprehensive protection for web applications and APIs.

View tool details β†’

Tyk API Management

The open source API management platform.

An open-source API gateway and management platform.

View tool details β†’

DataTheorem

Full Stack Application Security.

An application security platform with a focus on API and mobile security.

View tool details β†’

Postman API Platform

Build APIs together.

A platform for building and using APIs, with integrated security features.

View tool details β†’

F5 Advanced WAF

Industry-leading web application security.

Protects applications with behavioral analytics, proactive bot defense, and application-layer encryption of sensitive data.

View tool details β†’

Hdiv Security

Unified Application Security.

Provides a unified platform for IAST, RASP, and SCA to protect applications throughout the SDLC.

View tool details β†’

DeepSource

Find and fix bugs, anti-patterns, and security vulnerabilities.

An automated static analysis tool that helps developers write clean and secure code.

View tool details β†’

SpectralOps

Automated code security for developers.

A developer-focused security tool that combines SAST, SCA, and secrets scanning.

View tool details β†’

Detectify

Application security testing reimagined.

A cloud-based DAST tool that helps organizations discover, classify, and scan all external assets.

View tool details β†’

StackHawk

Your AppSec Intelligence Platform

A DAST and API security testing tool built for developers to find and fix security issues in CI/CD.

View tool details β†’

NowSecure

The Mobile App Security and Privacy Experts

A mobile-first, mobile-only application security and privacy testing platform.

View tool details β†’

Snyk

AI-powered Developer Security Platform.

Finds and fixes vulnerabilities in code, open source dependencies, containers, and IaC.

View tool details β†’

Sonatype Nexus Lifecycle

Secure Software Development with Open Source & AI.

Automated open source governance and software supply chain management.

View tool details β†’

Salt Security

The industry’s leading API security platform.

An API Protection Platform that discovers APIs, stops attacks, and eliminates vulnerabilities.

View tool details β†’

Cequence Security

Unified API Protection.

A platform to discover, manage, and protect APIs from attacks.

View tool details β†’

Fortinet FortiWeb

Web Application Firewall.

A WAF that protects web applications and APIs from known and unknown threats.

View tool details β†’

Cloudflare WAF

Cloud-based WAF security to protect your web applications from exploits and vulnerabilities.

A web application firewall that uses threat intelligence from millions of sites to identify and block emerging threats.

View tool details β†’

Sucuri WAF

Stop website hacks and attacks.

A cloud-based WAF that protects websites from hacks, DDoS attacks, and zero-day exploits.

View tool details β†’

Check Point CloudGuard AppSec

Preemptive Web Application & API Protection (WAAP).

An automated web application and API security solution that uses contextual AI to prevent attacks.

View tool details β†’

Contrast Protect (RASP)

Secure from the Inside.

Embeds security into applications to provide continuous protection from development to production.

View tool details β†’

Jscrambler

Client-Side Protection and Compliance.

Provides JavaScript protection, including code obfuscation and runtime protection, to secure web and mobile applications.

View tool details β†’

Microsoft Defender for Endpoint

Prevent, detect, investigate, and respond to advanced threats.

A comprehensive endpoint security platform for enterprises.

View tool details β†’

NowSecure

The Mobile App Security Software Company.

Automated mobile app security testing designed for developers.

View tool details β†’

Zimperium

The only mobile-native security platform that works in zero-trust environments.

Provides real-time, on-device threat defense for mobile devices against known and unknown threats.

View tool details β†’

Zimperium MAPS (Mobile Application Protection Suite)

Unified Mobile Security Platform.

A comprehensive mobile security platform that includes app shielding and RASP.

View tool details β†’

Lacework

The Data-Driven Cloud Security Platform.

A cloud security platform that provides runtime threat detection and response for cloud workloads.

View tool details β†’

ESET Endpoint Security

Multi-layered endpoint protection for your business.

Endpoint protection platform that includes security for mobile devices.

View tool details β†’

Snyk

Developer security that works.

A developer-first security platform for code, dependencies, containers, and IaC.

View tool details β†’

Aqua Security Cloud Native Application Protection Platform (CNAPP)

The Cloud Native Security Platform.

A comprehensive security platform for cloud-native applications, including runtime protection.

View tool details β†’

Sysdig Secure

Cloud Security, Powered by Runtime Insights.

A cloud-native security platform with runtime threat detection and response.

View tool details β†’

Palo Alto Networks Prisma Cloud

The Complete Cloud-Native Application Protection Platform.

A comprehensive CNAPP that includes runtime protection for cloud workloads.

View tool details β†’

Lookout

Integrated endpoint-to-cloud security.

A security platform that protects data from endpoint to cloud.

View tool details β†’

Veracode

Secure the applications that power your business.

A cloud-native application security platform for the entire SDLC.

View tool details β†’

Guardsquare

Protecting mobile applications from reverse engineering and tampering.

Provides multi-layered mobile app protection and threat monitoring solutions.

View tool details β†’

F5 Distributed Cloud App Infrastructure Protection (AIP)

Cloud Workload Protection for Modern Apps and Infrastructure.

A cloud workload protection platform with RASP-like capabilities for modern applications.

View tool details β†’

Veracode Static Analysis

Secure your code from start to finish.

An enterprise-grade SAST solution that analyzes binaries for security vulnerabilities.

View tool details β†’

SonarQube

The essential tool for Code Quality and Code Security.

An open-core platform for continuous inspection of code quality and security.

View tool details β†’

Snyk Code

Developer-first SAST that's fast and accurate.

A developer-friendly SAST tool that scans code for vulnerabilities in real-time.

View tool details β†’

GitLab SAST

Analyze your source code for known vulnerabilities.

Integrated SAST capabilities within the GitLab DevOps platform.

View tool details β†’

Embold

The intelligent software analytics platform.

A static analysis platform that helps developers find and fix issues in their code before deployment.

View tool details β†’

GuardRails

The complete application security platform.

An AppSec platform that integrates with SCMs to scan for vulnerabilities on every pull request.

View tool details β†’

Invicti

The only proof-based application security platform that finds, validates, and prioritizes real vulnerabilities.

Automated application and API security testing solution for enterprise organizations.

View tool details β†’

OWASP ZAP

The world’s most popular free web security tool.

An open-source web application security scanner.

View tool details β†’

Veracode

The Application Risk Management Platform.

A comprehensive platform for managing application security risk across the entire software development lifecycle.

View tool details β†’

GitLab

The DevSecOps Platform.

A single application for the entire DevOps lifecycle, with built-in security scanning.

View tool details β†’

FOSSA

Automated Open Source License and Vulnerability Management.

A platform for managing open source license compliance and security vulnerabilities.

View tool details β†’

Aqua Security

The Cloud Native Security Platform.

A comprehensive security platform for cloud-native applications.

View tool details β†’

Prisma Cloud

The Cloud-Native Application Protection Platform.

A comprehensive CNAPP from Palo Alto Networks for securing cloud environments.

View tool details β†’

SonarQube

The essential tool for Code Quality and Code Security.

An open-core platform for continuous inspection of code quality and security.

View tool details β†’

Cloudflare API Gateway

Secure, manage, and monitor your APIs.

A comprehensive solution for API security and management built on Cloudflare's global network.

View tool details β†’

Imperva API Security

Continuous API discovery and data classification.

A solution that discovers APIs and protects them from vulnerabilities and attacks.

View tool details β†’

Palo Alto Networks Prisma Cloud

The industry’s most complete CNAPP.

A comprehensive Cloud Native Application Protection Platform (CNAPP) with API security.

View tool details β†’

Google Apigee

API Management.

A comprehensive API management platform with built-in security features.

View tool details β†’

MuleSoft Anypoint Platform

The #1 integration and API platform.

A unified platform for integration, API management, and automation.

View tool details β†’

Kong Konnect

The Cloud Native API Platform.

A unified cloud-native API lifecycle platform.

View tool details β†’

SmartBear SwaggerHub

The API Design and Documentation Platform.

A platform for designing, documenting, and managing APIs with built-in governance.

View tool details β†’

Palo Alto Networks API Security

Complete API Security for the Modern Enterprise.

API security integrated into the Prisma Cloud platform.

View tool details β†’

F5 API Security

Secure your APIs anywhere.

Comprehensive API security as part of F5's application security portfolio.

View tool details β†’

Google Cloud Apigee

Lead with APIs.

A full lifecycle API management platform with advanced security features.

View tool details β†’

Amazon API Gateway

Create, publish, maintain, monitor, and secure APIs at any scale.

A fully managed service for creating, managing, and securing APIs.

View tool details β†’

Microsoft Azure API Management

A hybrid, multicloud management platform for APIs across all environments.

A service to publish, secure, transform, maintain, and monitor APIs.

View tool details β†’

AWS WAF

Protect your web applications from common web exploits.

A web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources.

View tool details β†’

Google Cloud Armor

DDoS protection and WAF at Google scale.

Helps protect your applications and websites against denial of service and web attacks.

View tool details β†’

Barracuda WAF

Comprehensive, proven, and scalable application security.

Protects web applications from data breaches, defacement, and application-layer DDoS attacks.

View tool details β†’

Radware AppWall

Web Application Firewall (WAF).

A WAF that ensures fast, reliable, and secure delivery of mission-critical web applications and APIs.

View tool details β†’

Snyk

AI-powered AppSec tool & security platform

Developer security platform for securing custom code, open source dependencies, containers, and cloud infrastructure.

View tool details β†’

Datadog Application Security Management (formerly Sqreen)

Full-stack security, from your infrastructure to your applications.

Provides real-time threat detection and protection for applications, integrated into the Datadog platform.

View tool details β†’

Mend SAST

The industry’s first AI-native SAST.

An AI-powered SAST solution focused on speed and accuracy, with automated remediation.

View tool details β†’

Veracode

The Application Risk Management Platform

A comprehensive software security platform that provides end-to-end security across the software development lifecycle.

View tool details β†’

Mend.io

The AI Native AppSec Platform

An enterprise suite of application security tools designed to help organizations manage a proactive AppSec program.

View tool details β†’

Checkmarx

The Agentic AppSec Platform for Code to Cloud.

A unified application security platform offering SAST, SCA, IaC Security, and more.

View tool details β†’

Black Duck

Software Composition Analysis.

Comprehensive SCA tool for managing security, license, and operational risks in open source.

View tool details β†’

JFrog Xray

Universal Software Composition Analysis (SCA).

SCA solution that integrates with JFrog Artifactory to secure the software supply chain.

View tool details β†’

Mend.io

Application Security, Automated.

A platform for automated application security, specializing in open source management.

View tool details β†’

Akamai API Security

Stop API attacks and abuse.

Discovers and profiles API activity, detects threats, and provides data on API behavior.

View tool details β†’

Axway Amplify API Management

Open API Management.

A platform for managing and securing APIs across multiple gateways and environments.

View tool details β†’

Azure Web Application Firewall

Cloud-native web app security.

Provides centralized protection of your web applications from common exploits and vulnerabilities.

View tool details β†’

Checkmarx

Unified Agentic AppSec Testing, Monitoring & Remediation Platform

An enterprise application security platform providing SAST, SCA, DAST, IaC, and API security.

View tool details β†’

Imperva RASP

Runtime Application Self-Protection that secures applications from within, wherever they are.

Provides real-time protection for applications against known and zero-day vulnerabilities.

View tool details β†’

Checkmarx CxRASP

Make security seamless, from code to cloud.

A RASP solution that provides real-time protection for applications, integrated with the Checkmarx One platform.

View tool details β†’

Veracode Runtime Protection

See and Stop Attacks in Production.

A RASP solution that provides real-time visibility and protection for applications in production.

View tool details β†’

Sophos Mobile

UEM with Intercept X for Mobile.

A Unified Endpoint Management (UEM) solution with integrated mobile threat defense.

View tool details β†’

Trend Micro Hybrid Cloud Security (incorporating IMMUNIO)

Security for your hybrid cloud.

A comprehensive security solution for hybrid cloud environments, with RASP capabilities for application protection.

View tool details β†’

MobileIron (by Ivanti)

Discover, manage, secure, and service IT assets from cloud to edge.

A leading Unified Endpoint Management (UEM) platform with integrated threat defense.

View tool details β†’

Checkmarx

The platform for enterprise application security.

A comprehensive AppSec platform offering SAST, DAST, IAST, SCA, and API security.

View tool details β†’

HCL AppScan

The enterprise-class application security testing suite.

A suite of security testing tools for web, mobile, and APIs.

View tool details β†’

Arxan for Web

Application Protection for a Digital World.

Provides comprehensive protection for web applications, including RASP and code obfuscation.

View tool details β†’

BlackBerry UEM

Secure, manage, and enable your mobile workforce.

A unified endpoint management (UEM) solution with a strong security focus.

View tool details β†’

Checkmarx SAST

The Enterprise Application Security Platform.

A powerful source code analysis tool for identifying security vulnerabilities in custom code.

View tool details β†’

Coverity

Develop high-quality, secure applications.

A SAST tool by Synopsys known for its accuracy, speed, and scalability in identifying critical defects.

View tool details β†’

Qualys SAST

Find and fix vulnerabilities in your web applications.

A SAST solution integrated into the Qualys Cloud Platform for web application security.

View tool details β†’

HCL AppScan

The smarter application security testing suite.

A suite of application security testing tools, including a powerful SAST solution.

View tool details β†’

Acunetix

The original automated web application security scanner.

A DAST solution that helps small to mid-size organizations find, fix, and prevent vulnerabilities.

View tool details β†’

Checkmarx

The leader in enterprise application security solutions.

A unified application security platform that helps organizations secure their applications from code to cloud.

View tool details β†’

Rapid7 InsightAppSec

Dynamic Application Security Testing (DAST) for modern web applications.

A cloud-native DAST solution that automatically crawls and assesses web applications to identify vulnerabilities.

View tool details β†’

Anchore Enterprise

Secure Your Software Supply Chain.

A platform for securing the software supply chain, with a focus on containers.

View tool details β†’

Red Hat 3scale API Management

Control, manage, and secure your APIs.

An API management platform for controlling and securing API traffic.

View tool details β†’

Broadcom Layer7

Full Lifecycle API Management.

An enterprise-grade platform for full lifecycle API management and security.

View tool details β†’

Fortify Static Code Analyzer

Find security vulnerabilities in your source code earlier.

A comprehensive SAST tool from OpenText that supports a wide range of languages and provides detailed vulnerability analysis.

View tool details β†’

Qualys Web Application Scanning (WAS)

Modern AppSec for Web App & API Security

A cloud-based AppSec solution providing DAST, API security, and web malware detection.

View tool details β†’

Synopsys Seeker

Interactive Application Security Testing

An IAST solution that gives visibility into web app security posture and identifies vulnerability trends against compliance standards.

View tool details β†’

HCL AppScan

Secure DevOps starts with HCL AppScan.

A suite of application security testing tools that helps organizations reduce the risk of web and mobile application attacks.

View tool details β†’

Fortify Application Defender

Runtime Application Self-Protection and Monitoring.

A RASP solution that provides real-time visibility and protection for applications in production.

View tool details β†’

Synopsys

Build secure, high-quality software faster.

A broad portfolio of application security testing tools and services.

View tool details β†’

Klocwork

The most trusted static analysis and SAST for C, C++, C#, Java, JavaScript, Python, and Kotlin.

A SAST tool by Perforce that provides real-time analysis for security, safety, and reliability.

View tool details β†’

Micro Focus Fortify WebInspect

Dynamic Application Security Testing

An automated dynamic application security testing (DAST) tool that identifies and prioritizes security vulnerabilities in running applications.

View tool details β†’

IBM Security AppScan

Application security testing for today's enterprise.

A suite of application security testing tools to identify and remediate vulnerabilities in web, mobile, and API applications.

View tool details β†’

Waratek

The Java Security Company.

Provides runtime protection for Java applications, specializing in virtual patching and vulnerability remediation.

View tool details β†’

K2 Cyber Security

Runtime Application and Workload Protection.

Provides runtime protection for web applications and APIs, with a focus on zero-day attack prevention.

View tool details β†’

Talsec

Mobile App & API Protection.

A mobile RASP and app shielding solution for Android and iOS.

View tool details β†’

OpenRASP

Open Source Runtime Application Self-Protection.

An open-source RASP solution from Baidu that provides real-time protection for web applications.

View tool details β†’

Protectt.ai

Mobile App, Device & Transaction Security.

A mobile security solution with RASP capabilities to protect against fraud and other threats.

View tool details β†’

TrueFort Fortress

The Cloud and Application Workload Protection Platform.

A workload protection platform with RASP capabilities to secure applications from the inside.

View tool details β†’

Templarbit Shield

NA

Information on this RASP solution is limited.

View tool details β†’

Promon SHIELDβ„’

Proactive Mobile App Security.

A mobile app shielding solution with RASP capabilities to protect against a wide range of threats.

View tool details β†’

Quokka (formerly Kryptowire)

Mobile Security, Solved.

An AI-powered platform for automated mobile app security and vulnerability analysis.

View tool details β†’

Codified Security

Automated Mobile App Security Testing.

A self-service, automated platform for testing mobile app security.

View tool details β†’

App-Ray

Next-Gen Mobile Application Security.

An automated mobile security scanning solution that detects vulnerabilities and data leaks.

View tool details β†’

KyberSecurity Application Protection

NA

Information on this RASP solution is limited.

View tool details β†’

InsiderSecurity SAST

SAST that is simple, fast and accurate.

A static analysis tool focused on simplicity and accuracy for modern web applications.

View tool details β†’

Grype

A vulnerability scanner for container images and filesystems.

An open source vulnerability scanner from Anchore.

View tool details β†’

Dependabot

Automated dependency updates.

A GitHub-native tool that automatically creates pull requests to keep dependencies up-to-date.

View tool details β†’