Static Application Security Testing
Static Application Security Testing (SAST) tools for static code analysis that detect security vulnerabilities and coding flaws in source code during development.
Explore 74 curated cybersecurity tools, with 14,802+ visitors searching for solutions
FEATURED
Password manager with end-to-end encryption and identity protection features
VPN service providing encrypted internet connections and privacy protection
Fractional CISO services for B2B companies to accelerate sales and compliance
Get Featured
Feature your product and reach thousands of professionals.
RELATED TASKS
A Fastify plugin that provides utilities and middleware to protect web applications against Cross-Site Request Forgery (CSRF) attacks.
A Fastify plugin that provides utilities and middleware to protect web applications against Cross-Site Request Forgery (CSRF) attacks.
A library for forward compatibility with PHP password functions.
A library for forward compatibility with PHP password functions.
A tool that reveals invisible links within JavaScript files
A tool that combines multiple open source Git scanning utilities to detect and list secrets stored in Git repositories for security audits and compliance checks.
A tool that combines multiple open source Git scanning utilities to detect and list secrets stored in Git repositories for security audits and compliance checks.
A security-focused general purpose memory allocator providing the malloc API with hardening against heap corruption vulnerabilities.
A security-focused general purpose memory allocator providing the malloc API with hardening against heap corruption vulnerabilities.
Find leaked credentials by scanning repositories for high entropy strings.
Find leaked credentials by scanning repositories for high entropy strings.
Protect against Prototype Pollution vulnerabilities in your application by freezing JavaScript objects.
Protect against Prototype Pollution vulnerabilities in your application by freezing JavaScript objects.
Argus-SAF is a static analysis framework for security vetting Android applications.
Argus-SAF is a static analysis framework for security vetting Android applications.
Detect trojan source attacks that employ unicode bidi attacks to inject malicious code.
Detect trojan source attacks that employ unicode bidi attacks to inject malicious code.
A key and secret validation workflow tool built in Rust, supporting over 30 providers and exporting to JSON or CSV.
A key and secret validation workflow tool built in Rust, supporting over 30 providers and exporting to JSON or CSV.
A static code analysis tool for parsing common data formats to detect hardcoded credentials and dangerous functions.
A static code analysis tool for parsing common data formats to detect hardcoded credentials and dangerous functions.
ESLint plugin to prevent Trojan Source attacks.
ESLint plugin to prevent Trojan Source attacks.
A bash script that analyzes executable files to check security properties like PIE, RELRO, canaries, ASLR, and Fortify Source protections.
A bash script that analyzes executable files to check security properties like PIE, RELRO, canaries, ASLR, and Fortify Source protections.
A Python command line tool that scans directories for AWS credentials in files, designed for CI/CD integration to prevent credential exposure in builds.
A Python command line tool that scans directories for AWS credentials in files, designed for CI/CD integration to prevent credential exposure in builds.
A security feature to prevent unexpected manipulation of fetched resources.
A security feature to prevent unexpected manipulation of fetched resources.
FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications.
FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications.
A secrets detection tool that scans GitHub, GitLab, and Bitbucket repositories to identify API keys, access tokens, and other sensitive information in source code.
A secrets detection tool that scans GitHub, GitLab, and Bitbucket repositories to identify API keys, access tokens, and other sensitive information in source code.
A static analysis tool for Android apps that detects malware and other malicious code
A static analysis tool for Android apps that detects malware and other malicious code
A PHP 5.x polyfill for random_bytes() and random_int() created by Paragon Initiative Enterprises.
A PHP 5.x polyfill for random_bytes() and random_int() created by Paragon Initiative Enterprises.
ASH is an automated security scanning tool that integrates multiple open-source security scanners to perform preliminary security checks on code, infrastructure, and IAM configurations during development.
ASH is an automated security scanning tool that integrates multiple open-source security scanners to perform preliminary security checks on code, infrastructure, and IAM configurations during development.
A library for generating random numbers and strings of various strengths, useful in security contexts.
A library for generating random numbers and strings of various strengths, useful in security contexts.
Static security code scanner (SAST) for Node.js applications with Docker support and integrations with Slack.
Static security code scanner (SAST) for Node.js applications with Docker support and integrations with Slack.
Gitleaks is a SAST tool for detecting and preventing hardcoded secrets in git repos.
Gitleaks is a SAST tool for detecting and preventing hardcoded secrets in git repos.
A CLI tool that performs security assessments on Joi validator schemas by testing them against various attack vectors including XSS, SQL injection, RCE, and SSRF.
A CLI tool that performs security assessments on Joi validator schemas by testing them against various attack vectors including XSS, SQL injection, RCE, and SSRF.
TRENDING CATEGORIES
Stay Updated with Mandos Brief
Get the latest cybersecurity updates in your inbox
POPULAR
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Security platform that provides protection, monitoring and governance for enterprise generative AI applications and LLMs against various threats including prompt injection and data poisoning.
A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.