Aikido Security surpasses its competitors by offering advanced threat detection, seamless integration, and user-friendly interfaces, ensuring comprehensive security solutions that maximize efficiency and enhance user experience, leveraging cutting-edge technology to protect against evolving cyber threats.
SentinelOne Singularity Cloud Security ensures cloud-native security with antivirus protection, endpoint monitoring, and threat detection. Its real-time detection and automated remediation enhance productivity. Users note the need for cost reduction and improved search functionality, while praising its integrations with AWS, Azure, and GCP. Enhanced support and legacy system compatibility are desired.
As a partner, we receive a discount on the licenses.
It's a fair price for what you get. We are happy with the price as it stands.
As a partner, we receive a discount on the licenses.
It's a fair price for what you get. We are happy with the price as it stands.
Wiz is a highly efficient solution for data security posture management (DSPM), with a 100% API-based approach that provides quick connectivity and comprehensive scans of platform configurations and workloads. The solution allows companies to automatically correlate sensitive data with relevant cloud context, such as public exposure, user identities, entitlements, and vulnerabilities.This integration enables them to understand data accessibility, configuration, usage, and movement within their internal environments.
The pricing is fair. Some of the more advanced features and functionalities and how the tiers are split can be somewhat confusing.
I wish the pricing was more transparent.
The pricing is fair. Some of the more advanced features and functionalities and how the tiers are split can be somewhat confusing.
I wish the pricing was more transparent.
Microsoft Defender for Cloud is a comprehensive security solution that provides advanced threat protection for cloud workloads. It offers real-time visibility into the security posture of cloud environments, enabling organizations to quickly identify and respond to potential threats. With its advanced machine learning capabilities, Microsoft Defender for Cloud can detect and block sophisticated attacks, including zero-day exploits and fileless malware.
I'm not privy to that information, but I know it's probably close to a million dollars a year.
We are using the free version of the Azure Security Center.
I'm not privy to that information, but I know it's probably close to a million dollars a year.
We are using the free version of the Azure Security Center.
Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.
The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security.
I believe pricing is better compared to other commercial tools.
The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security.
I believe pricing is better compared to other commercial tools.
I think that we pay approximately $100 USD per month.
The price is okay.
I think that we pay approximately $100 USD per month.
The price is okay.
Veracode is a cloud-based application security platform that enables organizations to detect, mitigate, and prevent vulnerabilities throughout the software development lifecycle while supporting scalability and integration with DevOps workflows.
Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background.
The pricing is pretty high.
Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background.
The pricing is pretty high.
CrowdStrike Falcon Cloud Security is a platform of cloud security solutions aimed at protecting organizations from breaches while simplifying cloud security management. The unified platform combines several cloud security functionalities for comprehensive protection. Built on the CrowdStrike Falcon Platform, it leverages the powerful agent and technology used in CrowdStrike's renowned endpoint protection solutions, extending its capabilities seamlessly to cloud environments.
The pricing is fair for what you get. I'd rate them a solid nine out of ten in terms of pricing.
I am not the one who handled the pricing. A different team worked on it, but it is pretty expensive.
The pricing is fair for what you get. I'd rate them a solid nine out of ten in terms of pricing.
I am not the one who handled the pricing. A different team worked on it, but it is pretty expensive.
JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime. The world’s top brands such as Amazon, Facebook, Google, Netflix, Uber, VMware, and Spotify are among the 4500 companies that already depend on JFrog to manage binaries for their mission-critical applications. JFrog is a privately-held, global company, and is a proud sponsor of the Cloud Native Computing Foundation [CNCF].
AWS Security Hub is a comprehensive security service that provides a centralized view of security alerts and compliance status across an AWS environment. It collects data from various AWS services, partner solutions, and AWS Marketplace products to provide a holistic view of security posture. With Security Hub, users can quickly identify and prioritize security issues, automate compliance checks, and streamline remediation efforts.
The price of the solution is not very competitive but it is reasonable.
The price of AWS Security Hub is average compared to other solutions.
The price of the solution is not very competitive but it is reasonable.
The price of AWS Security Hub is average compared to other solutions.
The current licensing model, which relies on active commitments, poses challenges, particularly in predicting and managing growth.
The solution is expensive.
The current licensing model, which relies on active commitments, poses challenges, particularly in predicting and managing growth.
The solution is expensive.
Acunetix Web Vulnerability Scanner is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross site scripting, and other exploitable vulnerabilities.
Acunetix was around the same price as all the other vendors we looked at, nothing special.
The costs aren't very expensive. It costs around $3000 or $4000.
Acunetix was around the same price as all the other vendors we looked at, nothing special.
The costs aren't very expensive. It costs around $3000 or $4000.
Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend.io reduce enterprise application security risk, it also helps developers meet deadlines faster.
We are paying a lot of money to use WhiteSource. In our company, it is not easy to argue that it is worth the price.
The version that we are using, WhiteSource Bolt, is a free integration with Azure DevOps.
We are paying a lot of money to use WhiteSource. In our company, it is not easy to argue that it is worth the price.
The version that we are using, WhiteSource Bolt, is a free integration with Azure DevOps.
OWASP Zap is a powerful tool used for security and vulnerability testing of applications. Its primary use case includes scanning pipelines, dynamic testing, penetration testing, and vulnerability scanning. OWASP Zap's most valuable functionality is its ability to scan and fix vulnerabilities, provide clear explanations in reports, and discover more vulnerabilities compared to other tools. It helps organizations by improving application security, reducing the need for external testers, and strengthening overall security.
It is highly recommended as it is an open source tool.
It's free and open, currently under the Apache 2 license. If ZAP does what you need it to do, selling a free solution is a very easy.
It is highly recommended as it is an open source tool.
It's free and open, currently under the Apache 2 license. If ZAP does what you need it to do, selling a free solution is a very easy.
Burp Suite Professional, by PortSwigger, is the world’s leading toolkit for web security testing. Over 52,000 users worldwide, across all industries and organization sizes, trust Burp Suite Professional to find more vulnerabilities, faster. With expertly-engineered manual and automated tooling, you're able to test smarter - not harder.
This is a value for money product.
The cost is approximately $500 for a single license, and there are no additional costs beyond the standard licensing fees.
This is a value for money product.
The cost is approximately $500 for a single license, and there are no additional costs beyond the standard licensing fees.
Trivy is an open-source product.
Trivy is an open-source product.
Aqua Security stops cloud native attacks, preventing them before they happen and stopping them when they happen. Dedicated cloud native threat research and the most loved cloud native security open source community in the world put innovation at your fingertips so you can transform your business. Born cloud native, The Aqua Platform is the most integrated Cloud Native Application Protection Platform (CNAPP), securing from day one and protecting in real-time. Aqua has been stopping real cloud native attacks on hundreds of thousands of production nodes across the world since 2015.
Aqua Security is not cheap, and it's not very expensive, such as Splunk, they are in the middle.
The pricing of this solution could be improved.
Aqua Security is not cheap, and it's not very expensive, such as Splunk, they are in the middle.
The pricing of this solution could be improved.
IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.
AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost.
With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level.
AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost.
With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level.
Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.
It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders.
Try the free trial of the product to understand the basic working mechanisms.
It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders.
Try the free trial of the product to understand the basic working mechanisms.
In the cloud, every second counts. Attacks move at warp speed, and security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real time, instantly detecting changes in risk with runtime insights, a unique AI architecture, and open source Falco. Sysdig delivers live visibility by correlating signals across cloud workloads, identities, and services to uncover hidden attack paths. By knowing what is running, teams can prioritize the vulnerabilities, misconfigurations, permissions, and threats that matter most. From prevention to defense, Sysdig helps enterprises move faster and focus on what matters: innovation.
The solution's pricing depends on the agents...In short, the price depends on the environment of its user.
It is quite costly compared to other tools.
The solution's pricing depends on the agents...In short, the price depends on the environment of its user.
It is quite costly compared to other tools.
Invicti helps DevSecOps teams automate security tasks and save hundreds of hours each month by identifying web vulnerabilities that matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss with 99.98% accuracy, delivering on the promise of Zero Noise AppSec. Invicti helps discover all web assets — even ones that are lost, forgotten, or created by rogue departments. With an array of out-of-the-box integrations, DevSecOps teams can get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively while reducing risk and hitting the ROI goals.
We never had any issues with the licensing; the price was within our assigned limits.
It is competitive in the security market.
We never had any issues with the licensing; the price was within our assigned limits.
It is competitive in the security market.
GitHub is a web-based Git repository hosting service. It offers all of the distributed revision control and source code management (SCM) functionality of Git as well as adding its own features. Unlike Git, which is strictly a command-line tool, GitHub provides a Web-based graphical interface and desktop as well as mobile integration. It also provides access control and several collaboration features such as bug tracking, feature requests, task management, and wikis for every project.
The private repositories are free, which is very good.
It is open-source. There is no license for GitHub.
The private repositories are free, which is very good.
It is open-source. There is no license for GitHub.
The JFrog DevOps Cloud Platform is a comprehensive solution that enhances the software development lifecycle by offering robust artifact management, CI/CD automation, and advanced security features. Its Artifactory is a universal repository supporting multiple package formats, crucial for managing binaries and dependencies seamlessly. Furthermore, JFrog's Xray scans artifacts for vulnerabilities, ensuring software integrity and compliance.
This platform not only automates software release processes to boost productivity and reduce errors but also supports strong version control, which is essential for managing different software versions effectively. The integration across various development tools improves CI/CD pipelines, while its scalability caters to both small teams and large enterprises.
Users report that JFrog significantly enhances organizational efficiency, promotes better collaboration and communication, and facilitates more streamlined processes, resulting in improved performance and operational outcomes.
Regarding pricing, I focus on the platform's interface and user communication rather than costs.
The product pricing is competitive but worth negotiating for volume discounts or longer-term contracts.
Regarding pricing, I focus on the platform's interface and user communication rather than costs.
The product pricing is competitive but worth negotiating for volume discounts or longer-term contracts.
Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.
The solution is expensive.
The product's pricing is low. I would rate it a two out of ten.
The solution is expensive.
The product's pricing is low. I would rate it a two out of ten.
GitHub Code Scanning is a moderately priced solution.
The minimum pricing for the tool is five dollars a month.
GitHub Code Scanning is a moderately priced solution.
The minimum pricing for the tool is five dollars a month.
Apiiro is the leader in application security posture management (ASPM), unifying risk visibility, prioritization, and remediation with deep code analysis and runtime context.
Initially, it used to be relatively expensive, starting at around four or five hundred dollars.
Initially, it used to be relatively expensive, starting at around four or five hundred dollars.
Cycode secures code throughout the development lifecycle by automating security standards and detecting misconfigurations in repositories. It addresses code scanning, fixes vulnerabilities, monitors insider threats, and secures CI/CD pipelines. Valued for robust security, efficient code scanning, integration with development tools, compliance checks, and detailed reports. Enhanced integration capabilities and clearer documentation needed.
Endor Labs streamlines data analytics and enhances predictive modeling with robust data integration, advanced machine learning algorithms, and efficient handling of large datasets. It excels in dependency management, security vulnerability detection, and detailed analytics. Users appreciate its seamless integration, advanced reporting, and code reliability but suggest better documentation, more frequent updates, and enhanced integration capabilities.
Ox Security is used for digital security management, focusing on threat detection, vulnerability management, and compliance monitoring. Users appreciate its real-time insights, automation features, and ease of integration. While its intuitive dashboard and customer support are strengths, some users desire more customization and system performance improvements.
Shipping secure code is painful and time-consuming – slowing down development teams and AppSec teams alike. ShiftLeft is on a mission to make vulnerabilities history. Our revolutionary Code Property Graph (CPG) enables us to seamlessly insert 10x faster code analysis, prioritized OSS vulnerability findings and real-time security education in one single SaaS platform integrated directly into modern development workflows. Combining our OWASP-benchmark dominating NG-SAST, Intelligent SCA, instant secrets detection, and contextual security education, ShiftLeft CORE code security platform turns every developer into an AppSec expert.
Jit.io offers a cloud-based platform to simplify and automate security testing throughout the software development lifecycle, focusing on a seamless developer experience. It integrates with popular developer tools and IDEs like GitHub Actions, GitLab, and cloud providers, enabling developers to run security scans and fix vulnerabilities without leaving their environment. Key features include change-based scanning for immediate feedback, fast scan times, and auto-remediation suggestions to reduce manual work. Jit.io provides comprehensive security coverage with tools for Static Application Security Testing (SAST), Software Composition Analysis (SCA), and API security testing. By embedding security into the development workflow, Jit.io aims to shift left security, reducing risks and developer burden, while promoting an open Application Security Platform (ASPM) for extended functionality and offering flexible pricing plans.
Arnica enhances collaboration with intuitive tools and real-time data integration. It offers efficient project management and streamlined workflows. Users appreciate its customizable features but note the need for improved customer support. While it provides robust functionalities, some find it lacking in advanced reporting capabilities.
Formerly HipTest: CucumberStudio is the leading collaboration platform for BDD - an easy-to-use tool to define ideas, test code, and learn in production from real-time insight.
DeepSource is the single platform that replaces all other tools that you use to write clean and secure code.
Analyze every pull-request to find and fix code quality issues before you merge to master. No CI setup required.
Prevent misconfigurations and security vulnerabilities in your infrastructure configuration. Host DeepSource on-prem or your private cloud and retain full control of your source code and privacy.
Automatically generate fixes for thousands of code quality and security issues with 100% reliability. Put code style formatting on autopilot with automated styling on every commit. Build integrations with other tools in your workflow using our GraphQL API and webhooks.
Kondukto is a security orchestration and automation platform that helps organizations improve their vulnerability management program. It does this by centralizing vulnerability data from a variety of sources, including security scanners, bug tracking systems, and configuration management tools. Kondukto then uses this data to automate the process of vulnerability remediation, freeing up security teams to focus on more strategic initiatives.
