Data Theorem API Secure is an application security platform that provides comprehensive security testing and monitoring for APIs and modern applications throughout their development lifecycle. The platform combines multiple security testing methodologies including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), and Software Composition Analysis (SCA) to identify vulnerabilities across different stages of development. Key capabilities include automated API discovery and inventory management across cloud environments, continuous monitoring of application assets including mobile applications and web services, and software supply chain security assessment for third-party components and dependencies. The system generates Software Bill of Materials (SBOM) documentation and integrates with DevSecOps workflows and CI/CD pipelines to enable security testing within existing development processes. Security assessments are performed through automated scanning of code repositories, analysis of API endpoints for security issues, runtime environment monitoring for threats, evaluation of third-party dependencies, and compliance tracking with audit record maintenance. The platform maintains continuous visibility over application security posture through automated discovery processes and regular security assessments, enabling organizations to identify and address security issues across their application infrastructure.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
QIRA is a competitor to strace and gdb with MIT license, supporting Ubuntu and Docker for wider compatibility.
AndroBugs Framework is an Android vulnerability analysis system that scans mobile applications for security vulnerabilities, missing best practices, and dangerous shell commands.
A source code search engine for searching alphanumeric snippets, signatures, or keywords in web page HTML, JS, and CSS code.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.