Application Security Tools

Best Application Security Tools include:

Rencore and Veracode.

Application Security Tools TrustMap

TrustMaps are two-dimensional charts that compare products based on trScore and research frequency by prospective buyers. Products must have 10 or more ratings to appear on this TrustMap.

Application Security Tools Overview

What are Application Security Tools?

Application Security Tools are designed to protect software applications from external threats throughout the entire application lifecycle. Enterprise applications sometimes contain vulnerabilities that can be exploited by bad actors. The purpose of this class of tools is to protect the many different kinds of application against data theft or other nefarious intent. These include legacy, desktop, cloud, and mobile apps used by both internal employees and also partners and customers. Modern application security solutions must cover the gamut of application types and provide security testing that is easy to use and deploy.

Application security can also be enhanced by creating a security profile for each application that identifies and prioritizes potential threats and documenting actions taken to counter malicious or unplanned events.


  • Source code analysis/scanning
  • Open source component monitoring
  • Vulnerability detection
  • Optimized vulnerability remediation
  • Integration with source code repositories, build management server, bug tracking tools and major IDEs
  • Training resources to sharpen developer security skills

Pricing Details

Pricing varies widely depending on whether the product is a cloud-based solution, cloud + professional services, or an on-premises tool. In general though, application security platforms price by the number of applications and enterprise platforms can be expensive. Entry level pricing is in the region of $40,000 per year.

Application Security Products

(1-25 of 52) Sorted by Most Reviews

27 ratings
54 reviews
Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix security defects.
13 ratings
13 reviews
Armor is a cloud and mobile security solution. The vendor’s value proposition is that this solution was purpose-built to deliver the highest level of defense and control for an organization’s critical data, no matter where it’s hosted. The vendor says they are so confident in the ability of their so…
6 ratings
11 reviews
Many organizations that use Office 365 are exposed to security risks that they are unaware of. As they extend SharePoint to meet their business needs, they build applications using technologies that range from end-user Microsoft Flow to developer-focused SharePoint Framework. Unfortunately, all of t…
Qualys Cloud Platform (formerly Qualysguard)
24 ratings
7 reviews
The Qualys Cloud Platform (formerly Qualysguard), from San Francisco-based Qualys, is network security and vulnerability management software featuring app scanning and security, network device mapping and detection, vulnerability prioritization schedule and remediation, and other features to provide…
VMware AppDefense
2 ratings
7 reviews
VMware AppDefense is a hypervisor-native workload protection platform for enterprise virtualization and security teams that promises to deliver the most secure virtual infrastructure and simplify micro-segmentation planning by providing deep application visibility, reputation scoring, and security. …
11 ratings
6 reviews
Metasploit is open source network security software described by Rapid7 as the world’s most used penetration testing framework, designed to help security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness.
22 ratings
5 reviews
SonarQube (formerly Sonar) is an open source application security solution.
Qualys Web Application Scanning (WAS)
5 ratings
3 reviews
Qualys Web Application Scanning (WAS) (formerly QualysGuard WAS), from Qualys headquartered in Redwood City, California, scans web apps for security threats.
Trend Micro Cloud App Security
4 ratings
2 reviews
The Trend Micro Cloud App Security application secures Microsoft Office 365 and other cloud storage applications.
2 ratings
2 reviews
Netsparker, from the UK company of the same name (formerly Mavituna Security, named for CEO Ferruh Mavituna), is an application security and testing platform.
Quixxi Security
1 rating
1 review
Quixxi Security provides codeless app protection against hackers looking to clone, tamper, inject malicious code, or exploit a mobile app. A simple drag & drop feature applies a sophisticated set of security layers, for quick & easy mobile app protection.Quixxi is also a monitoring tool with…
8 ratings
1 review
Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software delivered via the Checkmarx Software Security Platform. Individual modules and capabilities include Checkmarx Static Application Security Testing, Checkmarx Software Composition Analysis, C…
7 ratings
1 review
AcuSensor from Maltese company Acunetix is application security and testing software.
VMware Carbon Black App Control (formerly Cb Protection)
4 ratings
1 review
VMware Carbon Black App Control (formerly CB Protection) is an application control product, used to lock down servers and critical systems, prevent unwanted changes and ensure continuous compliance with regulatory mandates. VMware acquired Carbon Black October 2019.
CAST Highlight
0 ratings
1 review
CAST headquartered in New York offers Highlight, an application portfolio management solution providing software component analysis , application security, application benchmarking, and technical due diligence.
V-Key V-OS
V-Key from the company of the same name in Redwood City, California, is a tamper protection system for mobile applications, providing authentication and cryptography.
IMMUNIO is a Runtime Application Self-Protection (RASP) solution that supports multiple frameworks such as Scala, PHP, Python, Ruby, Node.JS, and Java. After a 2 minute installation, IMMUNIO is equipped to detect and block threats to web applications as they occur in realtime - mitigating account ta…
vArmour is a network, application and data center security solution that provides security solutions specifically aimed at enterprises running services and apps across multiple clouds.
Arxan Application Protection
Arxan Application Protection shield apps from reverse engineering, tampering, API exploits and other attacks that can put your business, your customers and your bottom line at risk. It is offered by, the company formed from the April 2020 merger of XebiaLabs, Arxan, and CollabNet VersionO…
SWAT (the Secure Web Application Tactics) is a continuous vulnerability management solution for web applications.According to the vendor, capabilities include:Automated vulnerability scanning and manual penetration testing by Outpost24 security experts.SWAT adjusts its scanning to any changes in the…
Appsec Scale
Appsec Scale is an automated web application security testing solution. According to the vendor, capabilities include:Adapts itself to applications changes and newly discovered threats. Tests continuously the application.Customers keep control of the solution. Goes further than application testing a…
Proofpoint Mobile Defense
Proofpoint Mobile Defense integrates with enterprise MDM applications to prevent malicious attacks through mobile application security data and access prevention.
CenturyLink Security Log Monitoring (SLM)
CenturyLink® Security Log Monitoring service provides comprehensive security log traffic monitoring using people, technology and processes to analyze security log traffic 24 hours a day, 7 days a week and includes access to a portal for queries, reports, and other service-related activities. Thi…
Mercury Systems headquartered in Andover offers CodeSEAL, a development environment for designing automated anti-tamper solutions for applications.
Imperva Runtime Application Self-Protection (RASP), formerly Prevoty
Imperva now offers Runtime Application Self-Protection, RASP (formerly Prevoty RASP), for application security and protection against zero day vulnerabilities. Imperva acquired Prevoty in July 2018.