Acunetix Scan is a vulnerability scanner specifically designed to detect vulnerabilities in web applications. The tool scans for a wide range of vulnerabilities including SQL Injection, Cross-Site Scripting (XSS), and Local File Inclusion (LFI), among others.
An extension of the Acunetix Scan, the Acunetix 360 is a more comprehensive solution offering full visibility of your web security posture and ensures web and mobile app security integrating with your development environment.
This is essentially the same as the AppSpider Scan, provided by Rapid7, a company renowned for offering various security solutions including vulnerability management.
AppSpider is a web application security scanning tool. It dynamically assesses apps to identify vulnerabilities, provides reports, and offers remediation guidance. It is suitable for identifying a wide range of vulnerabilities.
A tool from PortSwigger, designed to automate the process of scanning web applications for vulnerabilities, allowing for continuous monitoring and reporting to help secure web applications efficiently.
A tool part of the Burp Suite used for scanning web applications for security vulnerabilities. It works by performing automatic and manual testing of the web applications to identify potential security issues.
A feature that allows integration with the Cobalt.io platform through its API, facilitating the import of penetration testing data and other security findings into your systems, helping in streamlined security management and reporting.
A security service provided by Cobalt.io that leverages ethical hackers to perform penetration testing to identify vulnerabilities in your applications, improving the security posture by reporting potential security issues.
A feature of the Crashtest Security suite that allows for the export of vulnerability data in JSON format, facilitating integration with other tools and systems for further analysis and reporting.
Similar to the JSON file feature but allows for the export of vulnerability data in XML format, providing a way to integrate the data with other systems or tools that prefer XML format for data ingestion.
A service that offers full-stack vulnerability management, leveraging a combination of machine automation and expert validation, helping organizations identify and manage vulnerabilities effectively.
A Dynamic Application Security Testing (DAST) report generated by GitLab that provides insights into runtime security issues, aiding in the identification and mitigation of security vulnerabilities in web applications.
A dynamic application security testing tool provided by IBM that analyzes running applications to identify security vulnerabilities, helping organizations to secure their web applications against potential attacks.
A tool that leverages AI and machine learning to perform web security testing, dark web monitoring, and other security assessments, helping organizations to maintain a secure presence online.
A dynamic application security testing tool by Microfocus that scans web applications and services to identify security vulnerabilities, helping organizations to secure their web assets against potential cyber threats.
A mobile security framework that performs static, dynamic, and interactive security testing on mobile apps (Android/iOS), helping to identify security vulnerabilities in mobile applications.
A static analysis security testing (SAST) tool integrated with MobSF for scanning source code of mobile applications to identify security vulnerabilities, helping to secure mobile apps through early detection of security issues.
An automated web application security scanner from Netsparker that identifies vulnerabilities and security flaws in websites, web applications, and web services, aiding organizations in protecting their web assets from cyber threats.
An open-source web server scanner that performs comprehensive tests against web servers to identify security vulnerabilities and configuration issues, assisting in securing web servers against potential attacks.
An open-source scanner that helps in vulnerability identification using customizable templates, allowing security researchers and penetration testers to identify known vulnerabilities efficiently and at scale.
A comprehensive vulnerability management scanning solution by Qualys that helps organizations identify, assess, and manage vulnerabilities in their network environments, promoting a secure and compliant infrastructure.
A web application security scanning solution by Qualys that identifies vulnerabilities and security issues in web applications, providing insights and recommendations to secure web applications effectively.
A security scanning solution by Scantist that identifies vulnerabilities in open-source components used in software development projects, helping organizations manage open-source risks and maintain secure software supply chains.
A static application security testing (SAST) tool that identifies vulnerabilities in the source code of applications, supporting a wide range of programming languages, and helping to secure applications from the development phase.
A dynamic application security testing (DAST) tool by StackHawk that scans running applications and APIs to identify security issues, assisting in maintaining secure web applications.
A vulnerability management solution that identifies vulnerabilities in networks and applications, providing detailed reports to help organizations maintain a secure and compliant environment.
A vulnerability scanning solution by Trustwave that can output results in CSV format, facilitating easy analysis and reporting of scan results.
A suite of security tools by Veracode that scans applications for vulnerabilities in a range of programming languages, helping to secure applications throughout the SDLC.
A feature in the WFuzz tool that exports the results of a security testing process in JSON format, enabling easier integration with other systems and detailed reporting on web application vulnerabilities.
A cloud-based application security platform that identifies vulnerabilities in applications throughout their lifecycle, providing solutions to help maintain secure applications.
A black-box WordPress vulnerability scanner that identifies known vulnerabilities in WordPress installations, helping to maintain secure WordPress sites.
A security scanning tool part of OWASP ZAP (Zed Attack Proxy) project that identifies vulnerabilities in web applications, facilitating secure development and deployment of web applications.
A tool designed to find common security issues in Python code. By statically analyzing the source code, it helps developers identify security weaknesses and vulnerabilities in Python applications.
A static analysis tool that scans Ruby on Rails applications for security vulnerabilities, helping developers to secure their Ruby applications by identifying a wide range of security issues.
A static application security testing (SAST) solution that identifies security vulnerabilities in the source code early in the software development lifecycle, promoting secure coding practices.
An extended functionality of the Checkmarx Scan that provides a detailed report on the vulnerabilities identified, helping teams to get a deeper understanding of the security issues in their code.
A tool that facilitates the visualization and management of reports generated by the CodeChecker static analysis tool, helping developers to identify and manage vulnerabilities more effectively.
A tool that integrates with the software development lifecycle to continuously identify vulnerabilities in real time, both in custom code and open-source libraries, improving the security of your applications.
An API for the Coverity software, which facilitates the integration of Coverity's static code analysis tool into various environments and workflows, enabling automated vulnerability detection and reporting.
A tool that scans codebases for accidentally committed sensitive information such as passwords and secrets, helping to prevent security breaches by identifying and removing sensitive data from code repositories.
An open-source static analysis security scanner specifically designed for Ruby written web applications, helping developers identify security issues in the early stages of development.
A tool aimed at detecting secrets and sensitive information, like passwords and API keys, that may have been accidentally committed into the code repository, helping to prevent security breaches due to leaked credentials.
A tool for identifying and fixing problems in JavaScript code through static analysis, helping developers maintain a high code quality and adhere to best practices, which can indirectly help in maintaining a good security posture.
A tool that scans code repositories for secrets and potential security vulnerabilities, assisting in the prevention of sensitive data leakage and enhancing the security posture of development environments.
A scan leveraged by GitHub to automatically identify vulnerabilities in the repositories, helping developers to secure their code by alerting them to potential security issues identified in the dependencies.
A GitLab feature that provides Static Application Security Testing (SAST), analyzing source code for known vulnerabilities early in the development cycle, promoting secure coding practices.
A GitLab service that scans repository histories for secrets and sensitive information that should not be there, helping to prevent security incidents by identifying potentially compromised credentials.
An open-source tool that scans Git repositories for secrets and other sensitive information that might have been accidentally committed, aiding in the prevention of data leaks and other security issues.
A Golang security checker that inspects Go source code to identify security flaws and other issues through static analysis, helping developers to maintain secure and reliable Go codebases.
An open-source tool used for identifying vulnerabilities in the source code during the development process, helping teams to maintain a high-security standard in their applications by catching issues early on.
A tool designed to perform network logon cracking, helping security professionals and ethical hackers to identify weak passwords and potential vulnerabilities in network authentication mechanisms.
A tool that scans project dependencies to identify known security vulnerabilities and license issues, helping teams to maintain secure and compliant code by managing their third-party dependencies effectively.
A tool by Mozilla that helps developers, sysadmins, and security researchers to analyze and improve the security of their web servers and web applications by scanning them for known best practices and common misconfigurations.
A security scanning solution that focuses on identifying vulnerabilities in Node.js applications, helping developers to maintain secure JavaScript and Node.js codebases.
A tool leveraging OpenSCAP library, used for scanning hosts to identify vulnerabilities based on known CVEs and configuration issues, aiding organizations in maintaining secure and compliant environments.
An auditing tool designed to analyze PHP applications for security vulnerabilities, using a set of predefined rules to identify potential security risks and help maintain secure PHP codebases.
A source code analyzer for Java, JavaScript, Salesforce.com Apex, PL/SQL, XML, XSL and others, used to detect coding issues, potential bugs, and other discrepancies in code bases, encouraging the maintenance of high-quality code.
A Static Application Security Testing (SAST) tool by PWN which analyzes source code to identify security vulnerabilities early in the development process, helping to maintain secure applications.
A Ruby static code analyzer based on the community Ruby style guide, aiding Ruby developers in maintaining clean and idiomatic Ruby code by identifying and optionally fixing style issues and bugs in Ruby programs.
A security scanning tool that identifies secrets and credentials in codebases, leveraging various scanning techniques to help organizations find and mitigate potential security risks arising from hardcoded secrets in their applications.
A report generated by Semgrep, a customizable, open-source code scanning tool, that outlines the findings in a JSON format, facilitating integration with other tools and in-depth analysis of the scan results.
A tool that identifies and fixes vulnerabilities and license violations in open-source dependencies and container images, helping to secure the application and its open-source components.
A feature in SonarQube that allows for the importation of data via its API, facilitating integration with other tools and enabling organizations to leverage SonarQube’s static code analysis capabilities in diverse environments.
A static code analysis solution that detects bugs, vulnerabilities, and code smells in source code, helping development teams to maintain high code quality and secure applications.
An extended feature of the SonarQube scan that provides detailed reports on the source code analysis, offering in-depth insights and facilitating a comprehensive understanding of the codebase’s health.
A static code analysis tool used to identify bugs in Java code, helping developers maintain high-quality code by finding and fixing bugs early in the development process.
A tool that identifies potential secrets in the code before it is pushed to the repository, helping to prevent secret leakage and maintain secure codebases.
A Python tool that searches through git repositories for high entropy strings, which often indicate secret keys, helping to prevent secrets leakage in codebases.
An iteration of the Trufflehog scanner with additional features and improvements, offering enhanced performance in identifying secrets and sensitive information in code repositories.
A tool that scans code repositories for vulnerabilities using various plugins and integrations, helping organizations to identify and remediate vulnerabilities in their codebases.
An open-source web application vulnerability scanner that identifies various vulnerabilities by “black-box” testing, helping organizations secure their web applications against different threats.
A static code analysis tool that identifies hard-coded secrets and sensitive information in source code, helping to prevent security issues arising from secret leakage.
A static code analysis tool that identifies security vulnerabilities in web applications, aiding developers in finding and fixing security issues in the early stages of development.
A JavaScript/Node.js tool that leverages the Sonatype OSS Index to identify known vulnerabilities in your JavaScript & Node.js applications, helping developers secure their applications effectively.
A patch-level verification tool for Ruby Bundler that helps in scanning Gemfile.lock files for known security vulnerabilities, helping developers maintain secure dependencies.
Stands for Open Source Analysis; it is a tool that allows organizations to manage the risk associated with the use of open-source components in software, helping in identifying and mitigating potential security and license compliance issues.
A lightweight software bill of materials (SBOM) standard designed for use in application security contexts and supply chain component analysis, helping to identify and manage vulnerabilities associated with component usage.
An open-source tool suite that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities, helping in maintaining a secure codebase by managing the vulnerabilities effectively.
A feature of the Dependency-Track system that allows exporting findings in the Finding Packaging Format (FPF), aiding in the seamless sharing and management of vulnerability information across different platforms.
A static code analyzer from Micro Focus that helps in identifying security vulnerabilities in the source code early in the development lifecycle, promoting secure coding practices and reducing the risk of security breaches.
A GitLab feature that scans project dependencies for known vulnerabilities, utilizing a database of known issues to help developers maintain secure and updated dependencies in their projects.
A tool used to scan Go language (Golang) projects for known vulnerabilities using the National Vulnerability Database, helping developers to identify and patch security issues in their Go-based applications.
A scan conducted through JFrog Xray's API to gather summary information on artifacts, including potential security vulnerabilities, license compliance issues, and more, aiding in the secure handling of binary artifacts.
JFrog CLI empowers you with robust scanning capabilities to ensure the security and compliance of your source code and software artifacts, including containers.
A security scanning solution by JFrog that integrates with JFrog Artifactory, providing detailed information on security vulnerabilities and license compliance, helping to secure your software artifacts and containers.
An extended feature of JFrog Xray that allows for the scanning of various artifacts, including Docker images, and software packages, in a unified manner, to identify security vulnerabilities and compliance issues.
A software analytics and SAST tool that scans source code to identify vulnerabilities and compliance issues, aiding organizations in maintaining secure and compliant code bases.
A command-line utility from npm, Inc. that analyzes Node.js project dependencies to identify known vulnerabilities, helping developers to maintain secure and up-to-date project dependencies.
A tool that allows for the importation of software composition analysis (SCA) scans conducted using the DevAudit tool against the OSS Index vulnerability database, aiding in the identification and management of open-source vulnerabilities.
A security checker tool for PHP Symfony applications, which scans the project dependencies for known vulnerabilities, aiding developers in maintaining secure and compliant Symfony projects.
A tool that scans Python environments and analyzes installed packages against known vulnerability databases to identify security issues, helping Python developers to maintain secure code by managing vulnerable dependencies.
A scanner tool that identifies JavaScript files with known vulnerabilities in your web applications, utilizing a database of known vulnerabilities from Retire.js repository, assisting developers in maintaining secure JavaScript applications.
A security solution that scans applications to identify open-source risk, policy violations, and security vulnerabilities, helping organizations maintain secure applications by managing risks associated with open-source components.
A tool by Veracode that identifies vulnerabilities in open-source components used in applications, helping developers maintain secure open-source usage.
A solution that identifies vulnerabilities in open-source components used in applications, offering automated remediation and compliance reporting to maintain secure open-source usage.
A command in the Yarn package manager that identifies known vulnerabilities in project dependencies, helping to maintain secure Node.js applications by managing vulnerability risks in dependencies.
An open-source project that provides a centralized service for inspection, analysis, and certification of container images. The Anchore engine is core to many Anchore deployments, used to analyze and scan Docker and OCI container images for security vulnerabilities and policy issues.
Red Hat® Satellite is an infrastructure management product specifically designed to keep Red Hat Enterprise Linux® environments and other Red Hat infrastructure running efficiently, with security, and compliant with various standards.
A part of Anchore Enterprise suite, it is designed to bring a policy-based compliance check to ensure your containers meet your organizational requirements. It allows the definition and enforcement of custom policies for CI/CD pipelines.
Grype is Anchore's fast and lightweight OS package and library vulnerability scanner for containers and filesystems.
AnchoreCTL is a command-line tool that leverages Anchore Engine to conduct vulnerability scans, generate policy evaluations, and other Anchore operations. Policies Report generates a detailed report on the policies applied during the analysis.
Similar to the Policies Report, but focuses on generating reports that provide detailed information on any vulnerabilities found during the scanning process by AnchoreCTL.
Sysdig Secure is part of Sysdig’s container intelligence platform. Sysdig provides a unified platform to deliver security, monitoring, and forensics in a cloud, container and microservices-friendly architecture integrated with Docker and Kubernetes.
ssh-audit is a tool for ssh server & client configuration auditing.
A security solution that specializes in container security, providing comprehensive vulnerability scanning and policy enforcement to ensure continuous security and compliance of containerized applications.
An open-source web application security scanner which identifies and mitigates vulnerabilities, enhancing the security of web applications.
An open-source tool that helps you secure AWS environments following best practices defined in the AWS Well-Architected Framework, and other standards, by performing extensive configuration and security checks.
An updated version of AWS Prowler Scan, providing enhanced features and updated security checks to help maintain the security posture of AWS environments.
A security auditing tool that allows users to review the security configuration of their AWS environments, providing a clear report of potential security weaknesses and risks.
A centralized service that consolidates findings from various AWS services and third-party products to help you analyze and identify security findings in your AWS environment.
A tool from Microsoft Azure which provides unified security management and advanced threat protection, helping users to adhere to recommended best practices and secure their Azure environments.
An interface that allows for integration with the BlackDuck software, which is used to secure and manage open source software in applications and containers, automating the process of identifying and mitigating open source security, license compliance and operational risks.
A tool within the BlackDuck software suite that is utilized for identifying and managing risks associated with the components used in your software applications, helping to pinpoint and mitigate security, license, and operational risks.
Black Duck® Binary Analysis gives you visibility into open source and third-party dependencies that have been compiled into executables, libraries, containers, and firmware. You can analyze individual files using an intuitive user interface or Black Duck multifactor open source detection, which automates the scanning of binary artifacts.
A scanning tool from the BlackDuck suite that helps in identifying the open-source components in your software and highlights any associated risks, including potential security vulnerabilities and license compliance issues.
A part of the Burp Suite, it allows for scanning and testing of GraphQL APIs to identify potential vulnerabilities and security issues, helping to secure applications that are utilizing GraphQL technology.
An extension of the Burp Suite, enabling integration with the REST API to facilitate automated scanning processes and other functionalities, allowing for a more streamlined approach to web application security.
A Rust language tool that leverages Cargo, Rust's package manager, to audit Rust projects for known vulnerabilities reported in the RustSec advisory database, helping developers maintain secure and vulnerability-free Rust applications.
An open-source tool for infrastructure as code (IaC) static code analysis that scans cloud infrastructure configured using Terraform, CloudFormation, Kubernetes, and other frameworks for security misconfigurations and compliance violations.
A combination of Clair, an open-source vulnerability scanner for containers, and Klar, a CLI tool that integrates with Clair for vulnerability analyses, providing a detailed report on potential security issues in Docker containers.
An open-source project that performs static analyses of container images to identify security vulnerabilities and other issues, helping organizations maintain secure container environments.
An open-source tool that performs static code analysis on AWS, Azure, and GCP infrastructures to identify security misconfigurations and compliance violations, helping in securing cloud environments effectively.
An open-source script that checks for dozens of common best-practices around deploying Docker containers in production, helping to secure Docker configurations and prevent vulnerabilities.
A container image linter that helps in identifying and solving container-related security issues, misconfigurations, and best practice violations, enhancing the security posture of your containerized applications.
A GitLab feature that allows for the automated scanning of API structures using fuzz testing techniques to uncover vulnerabilities and security flaws, enhancing API security through early detection of issues.
A GitLab feature that performs security scans on container images to identify vulnerabilities before deployment, helping to secure containerized applications by ensuring they are free of known vulnerabilities.
A static analysis tool for Dockerfiles that helps in identifying issues with Dockerfile configurations according to best practices, aiming to reduce potential security and performance issues in Docker containers.
A feature of the Harbor container registry that scans container images for vulnerabilities, assisting organizations in identifying and mitigating security issues before deploying the containers in production environments.
A tool for Keeping Infrastructure as Code Secure (KICS), it scans infrastructure as code (IaC) configurations to identify security vulnerabilities and compliance issues, assisting in maintaining secure and compliant IaC setups.
A tool that checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark, helping to ensure the secure configuration of Kubernetes environments.
kube-hunter hunts for security weaknesses in Kubernetes clusters.
A component of the NeuVector container security platform that focuses on ensuring compliance with various regulatory and security standards, helping organizations to maintain compliant container environments.
A REST API provided by the NeuVector container security platform that allows for integration with other systems and automation of security tasks, aiding in the streamlined management of container security.
A vulnerability management solution from Rapid7 that scans networks to identify vulnerabilities and compliance issues, offering detailed reports and remediation advice to help organizations strengthen their security posture.
A versatile open-source network scanner used for network discovery and security auditing, helping administrators and security professionals to identify open ports, running services, and other information about networked systems.
A report format utilized by the OpenVAS vulnerability scanning software, where the scan results and details of the identified vulnerabilities are exported as a CSV file, facilitating easier data analysis and reporting.
A report format utilized by the OpenVAS vulnerability scanning software, where the scan results and details of the identified vulnerabilities are exported as a XML file, facilitating easier data analysis and reporting.
A utility tool for scanning Kubernetes clusters to identify potential issues and unused resources, promoting best practices and helping system administrators maintain efficient and secure Kubernetes environments.
A feature of Qualys vulnerability management solution that allows for infrastructure scanning, exporting the results in WebGUI XML format, aiding in the detailed analysis and reporting of infrastructure security.
A multi-cloud security-auditing tool that scans cloud infrastructure and identifies security misconfigurations, helping organizations maintain secure and compliant cloud environments.
A suite of tools and services by SSL Labs that analyses the configuration of SSL web servers and identifies weaknesses, promoting secure server configurations.
A tool that identifies SSL/TLS versions and cipher suites supported by a server, helping in the configuration review and security assessment of SSL-enabled services.
A Python tool that scans SSL/TLS services to identify misconfigurations and vulnerabilities, providing detailed reports to help maintain secure SSL/TLS configurations.
A feature in SSLyze that outputs the scan results in JSON format, facilitating integration with other tools and automated analysis of SSL/TLS configurations.
A static code analysis tool that scans Infrastructure as Code (IaC) to identify security misconfigurations and compliance violations, promoting secure and compliant infrastructure code.
A free tool that checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and more.
A static analysis tool that scans Terraform templates to identify security issues, helping to maintain secure and compliant Terraform configurations.
A component of Trivy vulnerability scanner designed for use in Kubernetes environments, facilitating automated scanning of container images and helping to maintain secure Kubernetes deployments.
A simple and comprehensive vulnerability scanner for containers and other artifacts, designed to scan for vulnerabilities in various file systems and application dependencies.
A feature in Prisma Cloud by Palo Alto Networks that scans container images for vulnerabilities, helping to secure containerized applications by identifying and mitigating vulnerabilities in container images.
A security information and event management (SIEM) tool that provides log analysis, intrusion detection, vulnerability detection, and other security monitoring capabilities for IT environments.
A unified security findings format that integrates different AWS security services and third-party findings into AWS Security Hub, providing a comprehensive view of security and compliance status across AWS environments.
Threagile enables teams to execute Agile Threat Modeling as seamless as possible, even highly-integrated into DevSecOps environments.
A functionality that allows for the integration with Bugcrowd's crowdsourced security platform through its API, facilitating the import of data such as vulnerability reports to help manage and streamline security processes.
A tool leveraging Bugcrowd's security platform to scan applications and software for potential vulnerabilities, leveraging the power of the crowd to identify and report on security issues.
A tool that helps in the importation of JSON files generated by DrHeader, a tool that analyzes HTTP security headers and identifies misconfigurations, facilitating the easy integration of DrHeader reports into other systems.
A tool for scanning systems and applications to ensure they adhere to the Department of Defense (DOD) Security Technical Implementation Guides (STIGs), which are a framework for standardized secure installation and maintenance of computer software and hardware.
A feature that allows the importing of findings from various formats, helping to consolidate vulnerability data from different tools into a centralized system for easier management and reporting.
A feature of the HackerOne platform where vulnerability reports submitted by ethical hackers are managed, helping organizations to efficiently track, manage, and resolve security issues identified through their bug bounty programs.
A security tool that performs static code analysis to identify security vulnerabilities, misconfigurations, and other issues in the source code, reporting the findings through HuskyCI, and helping teams to maintain secure codebases.
A feature of the IntSights threat intelligence platform that provides insights and reports on the cyber threat landscape, helping organizations to understand and respond to cyber threats more effectively.
An import functionality of the OSS Review Toolkit (ORT) that enables the incorporation of evaluated models — representing a concluded open source compliance review process, into the ORT environment, helping in the management of open source compliance.
A vulnerability assessment tool by Outpost24 that scans networks, applications, and devices to identify security vulnerabilities and provide remediation advice, helping organizations to improve their security posture.
A tool that facilitates the importation of vulnerability data and other security findings from the Risk Recon platform through its API, aiding organizations in integrating Risk Recon insights into their vulnerability management processes.
A standardized format for the interchange of static analysis results, facilitating the integration of various static analysis tools into a wide range of development and security platforms, promoting interoperable and scalable static analysis workflows.
An open-source security knowledge base including Security Knowledge Framework (SKF) which is an open-source web application that helps you learn and integrate security by design in your web application.
A service that integrates with Trustwave Fusion platform, allowing for automated security scanning through its API, facilitating continuous security monitoring and vulnerability management.
An AI-powered database and security analysis tool that collects and analyzes vulnerabilities from various sources, providing actionable insights for vulnerability management and security assessments.