|
| Ambionics Security |
Ambionics Security |
Security Service |
France |
|
| Astrée |
AbsInt Angewandte Informatik GmbH |
Static Analysis Tool and Coding Rules Checker |
Germany |
|
| BigLook |
Evenstar |
Code verification tool for ensuring source code compliance with domestic and international code seucrity guidelines. |
Korea |
|
| BinSearch |
ValiantSec Technology Co.,Ltd |
SCA |
China |
|
| C/C++test |
Parasoft Corporation |
Static Code Analysis |
United States |
|
| CAST Application Intelligence Platform |
CAST |
Automated Application Assessment Platform |
France |
|
| Checkmarx Static application security testing (SAST) |
Checkmarx |
Static application security testing engine - available both as an on-premises application or in the cloud as part of the Checkmarx
One application security suite.
|
Israel |
|
| COBOT |
Beijing Beida Software Engineering Development Co., Ltd. |
Program Static Analysis Tool |
P.R. China |
|
| COBOT-SCA |
Beijing Beida Software Engineering Development Co., Ltd. |
Software Composition And Vulnerability Analysis |
P.R. China |
|
| Code Check |
Hangzhou Huawei Cloud Computing Technologies Co., Ltd |
CodeCheck/Code static analysis/ SAST(Static Application Security Testing) |
China |
|
| CODE-RAY |
TRINITYSOFT Co., Ltd |
Source Code Security weakness analysis tool |
Korea |
|
| CodeAnt |
ValiantSec Technology Co.,Ltd |
SCA and Development security |
China |
|
| CodeArts Check |
Hangzhou Huawei Cloud Computing Technologies Co., Ltd |
CodeArts Check/Code static analysis/SAST(Static Application Security Testing) |
China |
|
| CodePeer |
AdaCore |
Automated Code Review and Validation Tool |
United States |
|
| CodeScroll Code Inspector |
Suresoft Technologies Inc. |
Code-Based Auto Inspection Tool |
Korea |
|
| CodeScroll SNIPER |
Suresoft Technologies Inc. |
Static Code Analysis Tool |
Korea |
|
| CodeScroll STATIC |
Suresoft Technologies Inc. |
Web-based Static Code Analysis Tool |
Korea |
|
| CodeSec |
SecZone |
Statically Apply Security Tool |
China |
|
| CodeSense |
ValiantSec Technology Co.,Ltd |
SAST |
China |
|
| CodeSonar |
GrammaTech, Inc. |
Static Analysis Tool |
United States |
|
| Conviso Security Compliance (CSC) |
Conviso Application Security |
Vulnerability Identification and Management |
Brazil |
|
| Corax |
Shanghai Feiyu Technology Co.,Ltd. |
Static Application Security Testing |
China |
|
| Coverity |
Synopsys Inc. |
Static Application Security Testing |
United States |
|
| Cr0security Certified Security Testing |
Cr0security |
Professional Security Testing Certification |
Indonesia |
|
| Cr0security Penetration Testing and Consultant Services |
Cr0security |
Network Penetration Testing and Vulnerability Assessment Services |
Indonesia |
|
| Cybellum Product Security Platform |
Cybellum |
Engine that can detect violation of CWEs in dinary files, on the assembly level. |
Israel |
|
| DerScanner |
DerSecur Ltd. |
SAST tool |
Israel |
|
| dotTEST |
Parasoft Corporation |
Static Code Analysis |
United States |
|
| Flawfinder |
David A. Wheeler |
Assessment Tool |
United States |
|
| FOSSCheck |
Suzhou Lengjingqicai Information Technology Co.,Ltd |
Software Composition Analysis Tool |
China |
|
| FossEye |
Suzhou Lengjingqicai Information Technology Co.,Ltd |
Open source security and compliance governance Tool |
China |
|
| High-Tech Bridge Security Advisories |
High-Tech Bridge SA |
Database/Knowledge Repository Based upon High-Tech Bridge's Proprietary
Research
|
Switzerland |
|
| IBM Security AppScan Standard |
IBM Security Systems |
Web Application Security Assessment Scanner |
United States |
|
| Imagix 4D, with Checklist for CWE |
Imagix Corporation |
Static Analysis and Change Review Tool |
United States |
|
| ImmuniWeb |
High-Tech Bridge SA |
SaaS Web Application Vulnerability Assessment Service |
Switzerland |
|
| IriusRisk |
IriusRisk |
SaaS Enterprise Threat Modeling platform |
United States |
|
| Jtest |
Parasoft Corporation |
Static Code Analysis |
United States |
|
| Julia |
Julia S.R.L. |
Static Program Analysis Tool |
Italy |
|
| Kiuwan Application Security platform |
Kiuwan Software S.L |
SaaS Enterprise Software Analytics Platform - Local Static Code Analysis with Emphasis on Security |
Spain |
|
| Klocwork Insight |
Klocwork, Inc. |
Assessment and Remediation Tool |
Canada |
|
| LDRA Testbed |
LDRA |
Static and Dynamic Software Analysis Tool Suite |
United Kingdom |
|
| LDRArules |
LDRA |
Static Analysis Tool and Coding Rules Checker |
United Kingdom |
|
| Lucent Sky Application Vulnerability Mitigation (AVM) |
Lucent Sky Corporation |
Application Vulnerability Mitigation |
United States |
|
| Micro Focus Application Defender |
Micro Focus Fortify |
Real-Time Detection and Prevention of Attacks |
United States |
|
| Micro Focus Fortify On Demand |
Micro Focus Fortify |
Static and Dynamic Analysis and Results Reporting Service |
United States |
|
| Micro Focus Software Security Center |
Micro Focus Fortify |
Results Reporting |
United States |
|
| Micro Focus Static Code Analyzer |
Micro Focus Fortify |
Static Analysis and Results Reporting |
United States |
|
| Micro Focus WebInspect |
Micro Focus Fortify |
Dynamic Analysis Web Application Security Assessment Tool |
United States |
|
| NaiveSystems Analyze |
Naive Systems Ltd. |
Static Analysis Tool and Coding Rules Checker |
China |
|
| Oversecured |
Oversecured Inc |
A SaaS-based mobile app vulnerability scanner |
United States |
|
| PC-lint Plus |
Vector Informatik GmbH |
C/C++ Static Code Analysis |
Germany |
|
| Polyspace Bug Finder |
MathWorks, Inc. |
Static Analysis Tool and Coding Rules Checker |
France |
|
| QA*C - CWE Compliance Module for C Programming Language |
Programming Research, Inc. |
Static Analysis of C code with advanced Data-flow/Control-flow/Cross-project and Multilanguage capabilities |
United States |
|
| QI-ANXIN Codesafe |
QI-ANXIN Technology Group Inc. |
Assessment Tool |
China |
|
| QI-ANXIN OSS Security |
QI-ANXIN Technology Group Inc. |
Assessment Tool |
China |
|
| Red Hat Customer Portal |
Red Hat, Inc. |
Customer Assessment Service |
United States |
|
| RedRocket SAST |
Beijing RedRocket Technology Co., Ltd |
Static Analysis Tool |
China |
|
| RedRocket SCA |
Beijing RedRocket Technology Co., Ltd |
Software Composition Analysis Tool |
China |
|
| RESORT Code Analysis |
Soft4Soft Co., Ltd. |
Static Analysis Tool and Coding Rules Checker |
Korea |
|
| Secidea SCAP2000 |
Shenzhen Secidea Network Security Technology Co., Ltd |
Static Application Security Testing |
China |
|
| Security-Database Web Services |
Security-Database |
Web Services |
France |
|
| SecurityPrism |
GTONE Co., Ltd. |
Semantic Based Static Application Security Testing Tool |
Korea |
|
| Seeker Interactive Application Security Testing (IAST) |
Synopsys Inc. |
Interactive Application Security Testing |
United States |
|
| SFuzz |
SecZone |
SFuzz |
China |
|
| SoftSec SCA |
Software Security |
TOOL |
China |
|
| Software Assurance Reference Dataset (SARD) |
National Institute of Standards and Technology (NIST) |
Web-based Software Security Assurance Application |
United States |
|
| SonarQube platform with C/C++ plugin |
SonarSource SA |
Continuous Inspection, Trending, and Code Quality Management Platform |
Switzerland |
|
| SonarQube platform with Java plugin |
SonarSource SA |
Continuous Inspection, Trending, and Code Quality Management Platform |
Switzerland |
|
| SonarQube platform with Objective-C plugin |
SonarSource SA |
Continuous Inspection, Trending, and Code Quality Management Platform |
Switzerland |
|
| SourceCheck |
SecZone |
Open Source Component Security and Compliance Management Platform |
China |
|
| SPARK Pro |
AdaCore |
Product |
United States |
|
| SPARROW |
Sparrow Co., Ltd. |
Semantic-Based Static Program Analysis Tool |
Korea |
|
| Static Reviewer |
Security Reviewer |
Static Application Security Testing (SAST)- Security, Dead Code & Best Practices |
Italy |
|
| Swift Fuzzer Testing Tool |
GYSecurity Technology Co., Ltd |
Assessment and Remediation Tool |
China |
|
| TBvision |
LDRA |
Static Analysis Tool and Coding Rules Checker |
United Kingdom |
|
| ThreadFix |
Denim Group, Ltd |
Open Source Vulnerability Management Tool |
United States |
|
| Tsmart Static Analyzer |
School of Software, Tsinghua University |
Static Analysis Tool |
P.R. China |
|
| UniSCA |
ValiantSec Technology Co.,Ltd |
SCA and Development security |
China |
|
| USTCHCS high confidence software analysis tool suite |
Anhui USTC-Guochuang High-Confidence Software Co.,Ltd |
Static Analysis Tool and Coding Rules Checker |
China |
|
| Vackbot |
Beijing Moyunsec Technology Co.,Ltd |
CART (Continuous Automated Red Teaming) + BAS (Breach and Attack Simulation) |
China |
|
| VackScan |
Beijing Moyunsec Technology Co.,Ltd |
Vulnerability scanning |
China |
|
| Veracode Analytics |
Veracode, Inc. |
SAST, DAST, Manual Penetration Testing |
United States |
|
| Veracode Dynamic Analysis |
Veracode, Inc. |
SAST, DAST, Manual Penetration Testing |
United States |
|
| Veracode Manual Testing |
Veracode, Inc. |
SAST, DAST, Manual Penetration Testing |
United States |
|
| Veracode Static Analysis |
Veracode, Inc. |
SAST, DAST, Manual Penetration Testing |
United States |
|
| vFeed API and Vulnerability Database Community |
ToolsWatch |
Open Source Correlated and Cross-Linked Vulnerability XML Vulnerability Database |
France |
|
| VulHunter |
SecZone |
Interactive Application Security Testing Platform |
China |
|
| Vulinsight supply chain risk intelligence platform |
Beijing Vulinsight Technology Co., Ltd |
Vulnerability knowledge base system |
China |
|
| WebLayers Center Security Policy Library |
WebLayers, Inc. |
Software Development Lifecycle (SDLC) Governance |
United States |
|
| World Laboratory of Bugtraq (WLB) 2 |
CXSecurity |
Vulnerability Database |
Poland |
|
| WuKong SAST |
Beijing ZHONGKE TIANQI Information Technology Co.,Ltd. |
SAST(Static Application Security Testing) |
China |
|
| Xcheck OSS threat management platform |
Beijing Anpro Information Technology Co. LTD |
Assessment and Remediation Tool |
China |
|
| Xcheck Software Composition Analysis Platform |
Beijing Anpro Information Technology Co. LTD |
Assessment and Remediation Tool |
China |
|
| Xfuse ASOC Agile Security Platform |
Beijing Anpro Information Technology Co. LTD |
Software Development Practices |
China |
|
| Xfuse CARTA SDLC Empower ment Platform |
Beijing Anpro Information Technology Co. LTD |
Software Development Practices |
China |
|
| Xmaze AI Pen-Testing Extension |
Beijing Anpro Information Technology Co. LTD |
Assessment and Remediation Tool |
China |
|
| Xmaze Breach and Attack Simulation Platform |
Beijing Anpro Information Technology Co. LTD |
Assessment and Remediation Tool |
China |
|
| Xmaze IAST security testing platform |
Beijing Anpro Information Technology Co. LTD |
Assessment and Remediation Tool |
China |
|
| Xmaze Static Application Security Testing Platform |
Beijing Anpro Information Technology Co. LTD |
Assessment and Remediation Tool |
China |
|
| Xmaze Threat Modeling Automation Platform |
Beijing Anpro Information Technology Co. LTD |
Assessment and Remediation Tool |
China |
|
| Xshark RASP Self-Adaptive Threat Immunity Platform |
Beijing Anpro Information Technology Co. LTD |
Application-Level Firewall |
China |
|
| Yishi Firmware Supply Chain Security Management System |
Anban Information Technology Co., Ltd |
TOOL |
China |
|
| ZBG-SAST |
CodeForce(Beijing)Software Technology Co., Ltd |
Static Application Security Testing |
China |
|
| ZBG-SCA |
CodeForce(Beijing)Software Technology Co., Ltd |
Software Composition Analysis |
China |
|
|
| Architectural and Design Risk Management |
Cigital, Inc. |
Software Security Architecture and Design Risk Assessment and
Management
|
United States |
Available
|
| Cenzic Hailstorm Enterprise ARC |
Cenzic, Inc. |
Web Application Security Risk Management Platform |
United States |
Available
|
| Cenzic Hailstorm Professional |
Cenzic, Inc. |
Web Application Penetration Testing and Vulnerability Management
System
|
United States |
Available
|
| Certification of Software Lifecycle Personnel |
ISC2 The International Information Systems Security Certification
Consortium |
Professional Certification |
United States |
Available
|
| cIFrex |
CXSecurity |
Free Security Research Tool |
Poland |
Available
|
| Code Dx Enterprise Edition |
Code Dx, Inc. |
Software Vulnerability Assessment Tool |
United States |
Available
|
| Code Dx Standard Edition |
Code Dx, Inc. |
Software Vulnerability Assessment Tool |
United States |
Available
|
| CodeSecure Enterprise |
Armorize Technologies, Inc. |
Web Application Source Code Analysis Tool |
United States |
Available
|
| CodeSecure Verifier |
Armorize Technologies, Inc. |
Web Application Source Code Analysis Suite |
United States |
Available
|
| CodeSecure Workbench |
Armorize Technologies, Inc. |
Web Application Source Code Analysis Tool |
United States |
Available
|
| COREvidence |
NETpeas, SA |
Cloud-Based, Multi-Engines Vulnerability Management Service |
France |
Available
|
| Cppcheck |
CppCheck Development Team |
A tool for static C/C++ code analysis |
Ireland |
Available
|
| CxCloud |
Checkmarx |
Static Code Analysis On Demand |
Israel |
Available
|
| CxEnteprise |
Checkmarx |
Static Code Analysis On Premise |
Israel |
Available
|
| CxSuite |
Checkmarx |
Static Application Security Testing/Application Security Code Review |
Israel |
Available
|
| DEFENSICS X |
Codenomicon Ltd. |
Fuzz Testing Tool with Integrated Capability to Report CWE Identifiers and
Descriptions for Found Vulnerabilities
|
Finland |
Available
|
| EMC Product Security Policy (PSP) |
EMC Corporation and RSA (The Security Division of EMC) |
Enterprise Policy for Secure Product Development |
United States |
Available
|
| EMC Security Development Lifecycle (SDL) |
EMC Corporation and RSA (The Security Division of EMC) |
Enterprise Secure Development Lifecycle |
United States |
Available
|
| EMC Vulnerability Response Policy (VRP) |
EMC Corporation and RSA (The Security Division of EMC) |
Enterprise Response Policy for Product Vulnerabilities |
United States |
Available
|
| IBM Security AppScan Enterprise |
IBM Security Systems |
Enterprise Web Application Security Assessment Tool |
United States |
Planned
|
| IBM Security AppScan Source |
IBM Security Systems |
Source Code Testing Tool |
United States |
Available
|
| JVN iPedia |
Information-technology Promotion Agency, Japan (IPA) |
Vulnerability Countermeasure Information Database |
Japan |
Available
|
| MyJVN |
Information-technology Promotion Agency, Japan (IPA) |
Filtered Vulnerability Countermeasure Information Tool |
Japan |
Available
|
| PVS-Studio C/C++/C# static code analyzer |
OOO "Program Verification Systems" (Co Ltd) |
Static code analyzer |
Russia |
Available
|
| SDElements |
SD Elements |
Secure Application Lifecycle Management (SALM) Tool |
United States |
Available
|
| Secure Code Review |
Astyran Pte Ltd. |
Secure Code Review |
Singapore |
Available
|
| Secure Code Review with Automated Tools |
Cigital, Inc. |
Security Code Assessment |
United States |
Available
|
| Secure Design Review |
Astyran Pte Ltd. |
Secure Design Review |
Singapore |
Available
|
| Secure Development Lifecycle |
Apple, Inc. |
Secure Development Lifecycle |
United States |
Available
|
| Secure programming class, CS390S |
CERIAS/Purdue University |
Secure Programming Class and Publicly Available Teaching Materials |
United States |
Available
|
| Security Training and Awareness (various courses) |
Cigital, Inc. |
Software Security Training and Awareness Courses |
United States |
Available
|
| SecurityAlert |
SecurityReason |
Web Application Security Risk Management Platform |
Poland |
Available
|
| SofCheck Inspector for Ada |
SofCheck Inc. |
Static Analysis and Fault Detection Tool |
United States |
Planned
|
| Software Assurance Assessment |
KDM Analytics |
Software Assurance Assessment Service |
United States |
Available
|
| Symantec Product Security |
Symantec Corporation |
Symmunize (Symantec's Secure Development Lifecycle Process) |
United States |
Available
|
| Tool Output Integration Framework (TOIF) |
KDM Analytics |
Open Source Vulnerability Detection Platform |
United States |
Available
|
| Web Application Vulnerability Assessment |
Astyran Pte Ltd. |
Application Vulnerability Assessment |
Singapore |
Available
|
| Zed Attack Proxy (ZAP) |
Open Web Application Security Project (OWASP) |
Integrated Penetration Testing Tool for Finding Vulnerabilities in Web
Applications
|
United Kingdom |
Available
|
|
| EC-Council Certified Secure Programmer |
EC-Council |
Secure Programmer Certification Program |
United States |
Planned
|
| QA*CPP - CWE Compliance Module for C++ Programming Language |
Programming Research, Inc. |
Source Code Static Analysis Product Suite |
United States |
Planned
|
| Rational AppScan Tester Edition |
IBM Rational |
Development-Time Web Application Security Testing Tool |
United States |
Planned
|
| Secure Application Development Training Courses |
SkillBridge, LLC |
Instructor Led Training |
United States |
Planned
|
| Secure Programming Exams/Assessments |
SANS Institute |
Professional Secure Programming Examination |
United States |
Planned
|
