It seems like every other week there's news of a major software hack or data breach. This can be concerning, but shouldn't be surprising. The world's technology runs on software, but the world still has a long way to go in the mission to make secure design and implementation native to the process of software creation. Thankfully, there are new appsec tools that can help.
There's a lot of innovation and churn in the push to make software platforms more secure. We want to share some standout tools that can help you and your team to build and deploy secure SaaS, AI, FinTech, HealthTech, or Blockchain platforms. The list below is not meant to be exhaustive, but the tools listed are innovative and are either new"ish" or gaining lots of traction i.e. they've got juice!
Disclaimer: Resilient Software Security is not sponsored or paid by any of the vendors below. Also, although the tools are placed in categories, the listing is NOT in any particular order of preference or relevance.
Code Analysis
1. Mayhem for Code: An advanced fuzz testing solution that dramatically reduces manual code quality/ security testing efforts with autonomous defect detection and validation.
2. Semgrep: A fast and lightweight static analysis tool that's designed to be dev-ops native. It's particularly good with Python, Go, Java, JavaScript, and Ruby.
3. Snyk Code: An ultra-modern static analysis tool that provides contextual information on secure coding flaws and fixes to developers in realtime, as they code.
Software Supply Chain Security
4. Reversing Labs: Brings endpoint security and malware detection technology to the software development process, by performing a deep analysis of every software file to identify attack signatures, before release.
5. Snyk Open Source: Automates detection of known vulnerabilities in opensource components and accelerates the process of fixing in the software development flow.
API Security Testing
6. Mayhem for API: A fuzzer that automates security testing of software interfaces or APIs. It's designed to be cloud-native and devops-native.
Infrastructure Security
7. Snyk infrastructure as Code: Find and fix misconfigurations in Terraform, AWS cloud formation, Kubernetes, and Azure resource manager templates.
8. Very Good Security (VGS) Control: Accelerates and automates how companies manage and obtain SOC 2, PCI, ISO27001, or GDPR compliance. It does this by scanning the infrastructure for compliance.
11. Snyk Container: Find vulnerabilities in container images and kubernetes applications.
Security Training
12. Security Journey: A SaaS platform that includes everything needed to deploy and manage an application security education program. It utilizes engaging "security belt" achievements and is designed to build application security culture at all levels of an organization.