COVERITY - STATIC APPLICATION SOFTWARE TESTING
Coverity® is a fast, accurate, and highly scalable static analysis (SAST) solution that helps development and security teams address security and quality defects early in the software development life cycle (SDLC), track and manage risks across the application portfolio, and ensure compliance with security and coding standards.
With Coverity you can comprehensively track and manage compliance through a wide range of security, quality, data protection, and safety standards. Easily filter identified issues by category, view trend reports, prioritize remediation of vulnerabilities based on criticality, and manage policy compliance across teams and projects.
Coverity provides broad security and quality checkers for 22 languages, over 70 frameworks, and commonly used infrastructure-as-code platforms and file formats.
BLACK DUCK - SOFTWARE COMPOSITION ANALYSIS
Black Duck® software composition analysis (SCA) helps teams manage the security, quality, and license compliance risks that come from the use of open source and third-party code in applications and containers.
Black Duck is the market leader in open source governance solutions. This market is known as Software Composition Analysis or SCA for short. The basic model used by all SCA vendors is to scan source code looking for clues to identify which open source libraries might be present. This analysis creates a bill of materials, or BoM, for the project. Armed with a bill of materials, it then becomes possible to identify latent security issues within each element of that BoM.
DEFENSICS - NETWORK & APPLICATION PROTOCOL FUZZING
Fuzzing intentionally submits malformed input and identifies whether the software being tested handled that malformed input in an appropriate manner without becoming unstable or exposing a vulnerability.
Defensics is a comprehensive, versatile, automated black box fuzzer that enables organizations to efficiently and effectively discover and remediate security weaknesses in software.
Defensics is a black box fuzzer - it doesn’t require source code to run.
Defensics works particularly well for structured inputs such as network protocols and file formats, and all fuzzing follows a conceptual sequence of creating the test case, running the test case and then determining what failures – if any – occurred.
SEEKER - INTERACTIVE APPLICATION SECURITY TESTING
WHITE HAT - DYNAMIC APPLICATION SECURITY TESTING
CODE SIGHT - IDE PLUGIN FOR SAST AND SCA
Seeker is the The industry's first IAST solution with active verification and sensitive-data tracking for web-based applications.
Seeker is easy to deploy and scale in your CI/CD development workflows. Native integrations, web APIs, and plugins provide seamless integration with the tools you use for on-premises, cloud-based, microservices-based, and container-based development. You’ll get accurate results out of the box, without extensive configuration, custom services, or tuning.
Seeker monitors web app interactions in the background during normal testing and can quickly process hundreds of thousands of HTTP(S) requests, giving you results in seconds with near-zero false positives—no need to run manual security scans.
Seeker saves you valuable time, resources, and costs by enabling your developers to fix critical security flaws early in the SDLC. Not only can you reduce your risk by securing apps before they go to production, but you can also significantly reduce your pen testing requirements, as shown by Forrester Research.
Dynamic application security testing (DAST) is an essential tool in any AppSec toolbox. Synopsys WhiteHat™ makes it easy for developers and security teams to test web applications for known and zero-day vulnerabilities.
Synopsys WhiteHat is constantly being updated, so you can rest assured that you are protected against the latest threats. We regularly incorporate new tests, and Synopsys WhiteHat consistently scores higher than any other scanner on open source benchmarks.
Code Sight™ is an IDE plug-in that helps you address security defects in real time as you code.
With fast and accurate static application security testing (SAST) and software composition analysis (SCA) performed at the desktop, you can quickly find and fix vulnerabilities in source code, open source dependencies, API calls, and infrastructure-as-code (IaC) before you commit.
Code Sight quickly and accurately detects security defects in application code and infrastructure-as-code files as you open, edit, and save them, so you can stay focused and fix security bugs before you check in.
Code Sight gives you complete visibility into security risks in both direct and open source dependencies, so you can select the most secure components and versions to use and avoid incompatible licenses.
When issues are found, Code Sight shows you exactly what code change or component upgrade is needed, and it can often make the fix automatically for you with just one click.