Free
YLS Language Server for YARA Language
A security-focused general purpose memory allocator providing the malloc API with hardening against heap corruption vulnerabilities.
Application Security
Secure your applications with robust security measures. Protect against vulnerabilities and threats effectively.
Try these 256 AI Application Security Tools
Free
ZAP The Zed Attack Proxy
Dynamic Java code instrumentation kit for Android applications.
Free
Aikido Security View Aikido Security
Aikido Security is the developer-first platform designed to streamline and centralize your application, cloud, and runtime security. It empowers your team to automatically discover and remediate vulnerabilities with advanced code scanning and cloud assessments, drastically reducing noise and focusing on genuine threats. By simplifying complex security findings and minimizing false positives, Aikido enables developers to build secure software efficiently, allowing them to focus on innovation and core development tasks.
Unified security for code, cloud, and runtime
Automated vulnerability discovery and remediation
Advanced code scanning and cloud security assessments
Free
App-Ray View App-Ray
App-Ray provides an industry-leading, fully automated security analysis platform for Android applications. It proactively identifies critical security vulnerabilities, privacy breaches, and potential data leaks, offering deep insights into application behavior. Acquired by Guardsquare, App-Ray seamlessly integrates into existing mobile security strategies, empowering app stores, developers, and organizations to effectively manage mobile application risks and ensure robust protection.
Fully automated Android application security scanning
Identification of security vulnerabilities and privacy breaches
Detection of potential data leaking channels
Free
Codacy View Codacy
Codacy is a comprehensive, API-driven platform designed to elevate software quality and security. It automates code analysis, security checks, and performance monitoring within existing development workflows, enabling teams to build and deploy secure, high-quality applications with increased efficiency. By integrating seamlessly into your CI/CD pipeline, Codacy empowers developers to identify and resolve issues early, ensuring faster delivery of reliable software.
Automated code analysis for quality and style
Dast and SAST security vulnerability detection
Code coverage monitoring and reporting
Free
Cyclops View Cyclops
Cyclops is the premier Contextual Search Platform for cybersecurity, uniting your security ecosystem through a Cyber Security Mesh Architecture (CSMA). It empowers security practitioners, executives, and teams with rapid access to enriched, contextual insights across your entire security stack, enabling faster, more informed decision-making. By integrating disparate security tools and correlating threat intelligence, vulnerabilities, and asset data, Cyclops transforms complex information into actionable intelligence, allowing you to focus on critical risks and security priorities.
Contextual Search across entire security stack
Cyber Security Mesh Architecture (CSMA) integration
Automated threat and vulnerability enrichment
Free
Jit View Jit
Jit empowers development teams to embed security from the ground up, fostering a culture of 'security by design' for all cloud-native applications. Our platform enables organizations to adopt a Minimal Viable Security (MVS) approach, ensuring new software projects start with essential security controls and continuously improve over time with effortless, just-in-time security integration. Jit provides a developer-centric experience that simplifies security ownership, making it accessible and efficient for every member of the software development lifecycle.
Developer-first security platform
Continuous security integration
Minimal Viable Security (MVS) embedding
Free
Miggo Security View Miggo Security
Miggo Security is the pioneering Application Detection and Response (ADR) platform engineered to proactively eliminate application breaches. Understanding that the application layer is the epicenter of 80% of cyber incidents, Miggo addresses the critical blind spots left by conventional security tools by leveraging deep, in-application runtime context. This enables precise mapping of application behavior, identification of high-risk workflows, and pinpointing of vulnerabilities, all while delivering real-time detection and response capabilities directly within the application environment.
Application Detection and Response (ADR)
In-application runtime context analysis
High-risk application flow identification
Free
Pixee View Pixee
Pixee empowers development teams to build secure software at the speed of innovation by automatically remediating vulnerabilities and hardening code directly within their existing workflows. Say goodbye to cumbersome security reports and endless tickets; Pixee delivers instant, actionable code fixes, allowing developers to reallocate their focus from security burdens to high-impact feature development. Our intelligent platform seamlessly integrates into your CI/CD pipeline, ensuring robust application security without compromising developer productivity or release velocity.
Automated Vulnerability Remediation
Intelligent Code Hardening
Seamless CI/CD Integration
Free
PortSwigger View PortSwigger
PortSwigger's Burp Suite is the leading integrated platform for comprehensive web application security testing. It offers a powerful suite of tools designed to streamline the entire vulnerability discovery and exploitation lifecycle for security professionals.
Integrated platform for web application security testing
Comprehensive support for the entire testing process
Automated crawling and mapping of attack surfaces
Free
Raven View Raven
Raven provides comprehensive runtime protection for cloud-native applications, proactively identifying and eliminating vulnerabilities that traditional shift-left and infrastructure-focused solutions miss. By deeply analyzing runtime code, Raven intelligently deprioritizes over 90% of threats and offers a no-code interface for efficient remediation, ensuring early detection and prevention of application attacks.
Runtime Application Vulnerability Analysis
Intelligent Vulnerability Prioritization (>90%)
No-Code Vulnerability Remediation Interface
Free
Seezo View Seezo
Seezo democratizes world-class application security by leveraging generative AI to empower every engineering team. Our flagship Security Design Review (SDR) solution proactively identifies security requirements for new features before coding begins, embedding security early in the development lifecycle. Offered as a flexible SaaS platform or on-prem deployment, Seezo SDR ensures context-specific security considerations are met, fostering a robust security posture and enabling faster, more secure innovation.
AI-Powered Security Design Reviews (SDR)
Context-Specific Security Requirements Generation
Early Integration into Development Lifecycle
Free
StackHawk View StackHawk
StackHawk empowers development teams to integrate security directly into their workflows, enabling the early detection and remediation of application vulnerabilities before they reach production. By automating security testing within CI/CD pipelines, StackHawk ensures that engineers can proactively manage their application's security posture, simplifying the development of secure software for modern teams.
Automated in-pipeline security scanning
Early detection of application vulnerabilities
Seamless CI/CD integration
Free
StepSecurity View StepSecurity
StepSecurity offers a robust security platform designed to empower organizations using GitHub Actions for their CI/CD workflows. By proactively identifying and mitigating security risks within your pipelines, StepSecurity ensures the integrity and confidentiality of your software development lifecycle. Trusted by over 3000 open-source projects and leading enterprises across critical sectors like crypto, healthcare, and cybersecurity, StepSecurity provides the advanced protection needed to prevent supply chain attacks and ensure compliance.
Automated GitHub Actions security scanning
CI/CD pipeline vulnerability detection
Supply chain security hardening
Free
Symbiotic Security View Symbiotic Security
Symbiotic Security transforms application development by embedding an AI-powered security coach directly into developer IDEs, enabling real-time vulnerability remediation and just-in-time secure coding training. This innovative hybrid-intelligence approach proactively prevents security pitfalls and educates developers, fostering a sustainable culture of secure coding practices within DevOps pipelines. By integrating security seamlessly, Symbiotic Security diminishes alert fatigue, improves code quality, and builds inherently secure applications from the ground up.
AI-driven Security Coach in IDEs
Real-time Vulnerability Remediation
Just-in-Time Secure Coding Training
Free
Veracode View Veracode
Veracode is the leading cloud-based platform for comprehensive application security, safeguarding web, mobile, legacy, and third-party enterprise applications. By proactively identifying and mitigating application-layer threats throughout the entire Software Development Lifecycle (SDLC), Veracode empowers organizations to accelerate innovation and deliver secure software faster. Our unified platform offers a holistic, policy-driven approach to application security, integrating multiple analysis techniques like SAST, DAST, and manual penetration testing for a complete view of your security posture.
Cloud-based application security platform
Secures web, mobile, legacy, and third-party applications
Comprehensive SDLC security coverage