Top application security tools for 2019

Checking for security flaws in your applications is essential. These tools can help find and fix them.

The 2018 Verizon Data Breach Investigations Report says most hacks still happen through breaches of web applications. For this reason, testing and securing applications has become a priority for many organizations. That job is made easier by a growing selection of application security tools. Below is a list of some of the best application security tools available, with descriptions of the situations where they can be most effective.

To compile this list, we consulted several sources, including:

We highlight both commercial and free products. The commercial products very rarely provide list prices are often bundled with other tools from the vendor with volume or longer-term licensing discounts. Some of the free tools, such as Burp Suite, also have fee-based versions that offer more features.

Here are our 13 favorites, listed in alphabetical order:

Arxan Application Protection

This tool can be used for Runtime Applications Self Protection (RASP). Arxan Application Protection shields against reverse engineering and code tampering, particularly useful for mobile apps.

Target audience: Experienced developers
App focus: RASP
Packaging: Mac, Windows, Android, iOS, Linux
Pricing: Contact vendor

Black Duck from Synopsys

Black Duck automates open-source security and license compliance during application development. It can be used to detect, monitor, remediate and manage your entire open-source app portfolio. Synopsys has been buying up other app security vendors such as Coverity and Codenomicon.

Gartner MQ Leader
Target audience: Open-source developers
App focus: Open-source app testing
Packaging: SaaS
Pricing: Live demo, contact vendor

Burp Suite from PortSwigger

Burp Suite is one of the more popular penetration testing tools and has been widely extended and enhanced over the years.  All the tools share a common framework for handling and displaying HTTP messages, persistence, authentication, proxies, logging and alerting. The paid versions include more automated and manual testing tools and integration with various other frameworks such as Jenkins and with a well-documented REST API.

ITCS rank #7
Target audience: Experienced developers
App focus: Web app penetration testing and vulnerability scanner
Packaging: Mac, Windows, Linux, JAR
Pricing: Versions ranging from free to $4,000 per year, with 60-day free trials

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!