Best Application Development Software for Startups - Page 71

x
View:
Open Source Commercial

Compare the Top Application Development Software for Startups as of November 2025 - Page 71

Sort By:
Startup Application Development Clear Filters
  • 1
    Honggfuzz
    Honggfuzz is a security-oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW-based). It’s multi-process and multi-threaded, there’s no need to run multiple copies of your fuzzer, as Honggfuzz can unlock the potential of all your available CPU cores with a single running instance. The file corpus is automatically shared and improved between all fuzzed processes. It’s blazingly fast when the persistent fuzzing mode is used. A simple/empty LLVMFuzzerTestOneInput function can be tested with up to 1mo iteration per second on a relatively modern CPU. Has a solid track record of uncovered security bugs, the only (to date) vulnerability in OpenSSL with the critical score mark was discovered by Honggfuzz. As opposed to other fuzzers, it will discover and report hijacked/ignored signals from crashes (intercepted and potentially hidden by a fuzzed program).
    Starting Price: Free
    View Software
  • 2
    Boofuzz

    Boofuzz

    Boofuzz

    Boofuzz is a fork of and the successor to the venerable Sulley fuzzing framework. Besides numerous bug fixes, Boofuzz aims for extensibility. Like Sulley, Boofuzzincorporates all the critical elements of a fuzzer like easy and quick data generation, instrumentation and failure detection, target reset after failure, and recording of test data. Much easier install experience and support for arbitrary communications mediums. Built-in support for serial fuzzing, ethernet- and IP-layer, UDP broadcast. Better recording of test data, consistent, thorough, and clear. Test result CSV export and extensible instrumentation/failure detection. Boofuzz installs as a Python library used to build fuzzer scripts. It is strongly recommended to set up Boofuzz in a virtual environment.
    Starting Price: Free
    View Software
  • 3
    Ffuf

    Ffuf

    Ffuf

    Ffuf is a fast web fuzzer written in Go. You can also practice your Ffuf scans against a live host with different lessons and use cases either locally by using the Docker container or against the live-hosted version. Provides virtual host discovery (without DNS records). In order to tell Ffuf about different inputs to test out, a wordlist is needed. You can supply one or more wordlists on the command line, and in case you wish (or are using multiple wordlists) you can choose a custom keyword for them. You can supply Ffuf with multiple wordlists (remember to configure a custom keyword for them though). The first word of the first wordlist is tested against all the words from the second wordlist before moving along to test the second word in the first wordlist against all the words in the second wordlist. In short, all of the different combinations are tried out. There are quite a few different ways to customize the request.
    Starting Price: Free
    View Software
  • 4
    ToothPicker

    ToothPicker

    Secure Mobile Networking Lab

    ToothPicker is an in-process, coverage-guided fuzzer for iOS. It was developed to specifically target iOS's Bluetooth daemon and to analyze various Bluetooth protocols on iOS. As it is built using FRIDA, it can be adapted to target any platform that runs FRIDA. This repository also includes an over-the-air fuzzer with an exemplary implementation to fuzz Apple's MagicPairing protocol using InternalBlue. Additionally, it contains the ReplayCrashFile script that can be used to verify crashes the in-process fuzzer has found. This is a very simple fuzzer that only flips bits and bytes of inactive connections. No coverage, no injection, but nice as a demo and stateful. Runs just with Python and Frida, no modules or installation are required. ToothPicker is built on the codebase of frizzer. It is recommended to set up a virtual Python environment for frizzer. Starting from the iPhone XR/Xs, PAC has been introduced.
    Starting Price: Free
    View Software
  • 5
    afl-unicorn

    afl-unicorn

    Battelle

    afl-unicorn lets you fuzz any piece of binary that can be emulated by Unicorn Engine. If you can emulate the code you’re interested in using the Unicorn Engine, you can fuzz it with afl-unicorn. Unicorn Mode works by implementing the block-edge instrumentation that AFL’s QEMU mode normally does into Unicorn Engine. Basically, AFL will use block coverage information from any emulated code snippet to drive its input generation. The whole idea revolves around the proper construction of a Unicorn-based test harness. The Unicorn-based test harness loads the target code, sets up the initial state, and loads in data mutated by AFL from disk. The test harness then emulates the target binary code, and if it detects that a crash or error occurred it throws a signal. AFL will do all its normal stuff, but it’s actually fuzzing the emulated target binary code. Only tested on Ubuntu 16.04 LTS, but it should work smoothly with any OS capable of running both AFL and Unicorn.
    Starting Price: Free
    View Software
  • 6
    Fuzzbuzz

    Fuzzbuzz

    Fuzzbuzz

    The Fuzzbuzz workflow is very similar to other CI/CD testing workflows. However, unlike other testing workflows, fuzz testing requires multiple jobs to run simultaneously, which results in a few extra steps. Fuzzbuzz is a fuzz testing platform. We make it trivial for developers to add fuzz tests to their code and run them in CI/CD, helping them catch critical bugs and vulnerabilities before they hit production. Fuzzbuzz completely integrates into your environment, following you from the terminal to CI/CD. Write a fuzz test in your environment and use your own IDE, terminal, or build tools. Push to CI/CD and Fuzzbuzz will automatically start running your fuzz tests against your latest code changes. Get notified when bugs are found through Slack, GitHub, or email. Catch regressions as new changes are automatically tested and compared to previous runs. Code is built and instrumented by Fuzzbuzz as soon as a change is detected.
    Starting Price: Free
    View Software
  • 7
    BFuzz

    BFuzz

    RootUp

    BFuzz is an input-based fuzzer tool that takes HTML as an input, opens up your browser with a new instance, and passes multiple test cases generated by domato which is present in the recurve folder of BFuzz, more over BFuzz is an automation that performs the same task repeatedly and it doesn't mangle any test cases. Running BFuzz will ask for the option of whether to fuzz Chrome or Firefox, however, this will open Firefox from recurve and create the logs on the terminal. BFuzz is a small script that enables you to open the browser and run test cases. The test cases in recurve are generated by the domato generator and contain the main script. It contains additional helper code for DOM fuzzing.
    Starting Price: Free
    View Software
  • 8
    Sulley

    Sulley

    OpenRCE

    Sulley is a fuzzing engine and fuzz testing framework consisting of multiple extensible components. Sulley (IMHO) exceeds the capabilities of most previously published fuzzing technologies, commercial and public domain. The goal of the framework is to simplify not only data representation but to simplify data transmission and instrumentation. A pure-Python fully automated and unattended fuzzing framework. Sulley not only has impressive data generation but has taken this a step further and includes many other important aspects a modern fuzzer should provide. Sulley watches the network and methodically maintains records. Sulley instruments and monitors the health of the target, capable of reverting to a known good state using multiple methods. Sulley detects, tracks, and categorizes detected faults. Sulley can fuzz in parallel, significantly increasing test speed. Sulley can automatically determine what unique sequence of test cases triggers faults.
    Starting Price: Free
    View Software
  • 9
    Radamsa

    Radamsa

    Aki Helin

    Radamsa is a test case generator for robustness testing or fuzzer. It is typically used to test how well a program can withstand malformed and potentially malicious inputs. It works by reading sample files of valid data and generating interestingly different outputs from them. The main selling points of Radamsa are that it has already found a slew of bugs in programs that actually matter, it is easily scriptable, and, easy to get up and running. Fuzzing is one of the techniques to find unexpected behavior in programs. The idea is simply to subject the program to various kinds of inputs and see what happens. There are two parts to this process: getting the various kinds of inputs and how to see what happens. Radamsa is a solution to the first part, and the second part is typically a short shell script. Testers usually have a more or less vague idea of what should not happen, and they try to find out if this is so.
    Starting Price: Free
    View Software
  • 10
    APIFuzzer
    APIFuzzer reads your API description and step-by-step fuzzes the fields to validate if your application can cope with the fuzzed parameters, and it does not require coding. Parse API definition from a local file or remote URL. JSON and YAML file format support. All HTTP methods are supported. Fuzzing of the request body, query string, path parameter, and request header is supported. Relies on random mutations and supports CI integration. Generate JUnit XML test report format. Send a request to an alternative URL. Support HTTP basic auth from the configuration. Save the report of the failed test in JSON format into the pre-configured folder.
    Starting Price: Free
    View Software
  • 11
    Jazzer

    Jazzer

    Code Intelligence

    Jazzer is a coverage-guided, in-process fuzzer for the JVM platform developed by Code Intelligence. It is based on libFuzzer and brings many of its instrumentation-powered mutation features to the JVM. You can use Docker to try out Jazzer's autofuzz mode, which automatically generates arguments to a given Java function and reports unexpected exceptions and detected security issues. You can also use GitHub release archives to run a standalone Jazzer binary that starts its own JVM configured for fuzzing.
    Starting Price: Free
    View Software
  • 12
    FuzzDB

    FuzzDB

    FuzzDB

    FuzzDB was created to increase the likelihood of finding application security vulnerabilities through dynamic application security testing. It's the first and most comprehensive open dictionary of fault injection patterns, predictable resource locations, and regex for matching server responses. FuzzDB contains comprehensive lists of attack payload primitives for fault injection testing. These patterns, categorized by the attack and where appropriate platform type, are known to cause issues like OS command injection, directory listings, directory traversals, source exposure, file upload bypass, authentication bypass, XSS, HTTP header crlf injections, SQL injection, NoSQL injection, and more. For example, FuzzDB catalogs 56 patterns that can potentially be interpreted as a null byte and contains lists of commonly used methods and name-value pairs that trigger debug modes.
    Starting Price: Free
    View Software
  • 13
    Google ClusterFuzz
    ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software. Google uses ClusterFuzz to fuzz all Google products and as the fuzzing backend for OSS-Fuzz. ClusterFuzz provides many features to seamlessly integrate fuzzing into a software project’s development process. Fully automatic bug filing, triage, and closing for various issue trackers. Supports multiple coverages guided fuzzing engines for optimal results (with ensemble fuzzing and fuzzing strategies). Statistics for analyzing fuzzer performance, and crash rates. Easy to use web interface for management and viewing crashes. Support for various authentication providers using Firebase. Support for black-box fuzzing, test case minimization, and regression finding through bisection.
    Starting Price: Free
    View Software
  • 14
    go-fuzz

    go-fuzz

    dvyukov

    Go-fuzz is a coverage-guided fuzzing solution for testing Go packages. Fuzzing is mainly applicable to packages that parse complex inputs (both text and binary) and is especially useful for hardening systems that parse inputs from potentially malicious users (anything accepted over a network). go-fuzz has recently added preliminary support for fuzzing Go Modules. If you encounter a problem with modules, please file an issue with details. Data is a random input generated by go-fuzz, note that in most cases it is invalid. The function must return 1 if the fuzzer should increase the priority of the given input during subsequent fuzzing if the input must not be added to the corpus even if it gives new coverage, and 0 otherwise; other values are reserved for future use. The fuzz function must be in a package that go-fuzz can import. This means the code you want to test can't be in package main. Fuzzing internal packages is supported, however.
    Starting Price: Free
    View Software
  • 15
    Atheris

    Atheris

    Google

    Atheris is a coverage-guided Python fuzzing engine. It supports fuzzing of Python code, but also native extensions written for CPython. Atheris is based on libFuzzer. When fuzzing native code, Atheris can be used to catch extra bugs. Atheris supports Linux (32- and 64-bit) and Mac OS X, with Python versions 3.6-3.10. It comes with a built-in libFuzzer, which is fine for fuzzing Python code. If you plan to fuzz native extensions, you may need to build from source to ensure the libFuzzer version in Atheris matches your Clang version. Atheris relies on libFuzzer, which is distributed with Clang. Apple Clang doesn't come with libFuzzer, so you'll need to install a new version of LLVM. Atheris is based on a coverage-guided mutation-based fuzzer (LibFuzzer). This has the advantage of not requiring any grammar definition for generating inputs, making its setup easier. The disadvantage is that it will be harder for the fuzzer to generate inputs for code that parses complex data types.
    Starting Price: Free
    View Software
  • 16
    Wfuzz

    Wfuzz

    Wfuzz

    Wfuzz provides a framework to automate web application security assessments and could help you secure your web applications by finding and exploiting web application vulnerabilities. You can also run Wfuzz from the official Docker image. Wfuzz is based on the simple concept that it replaces any reference to the fuzz keyword with the value of a given payload. A payload in Wfuzz is a source of data. This simple concept allows any input to be injected in any field of an HTTP request, allowing it to perform complex web security attacks in different web application components such as parameters, authentication, forms, directories/files, headers, etc. Wfuzz’s web application vulnerability scanner is supported by plugins. Wfuzz is a completely modular framework and makes it easy for even the newest Python developers to contribute. Building plugins is simple and takes little more than a few minutes.
    Starting Price: Free
    View Software
  • 17
    Fuzzapi

    Fuzzapi

    Fuzzapi

    Fuzzapi is a tool used for REST API pentesting and uses API Fuzzer and provides UI solutions for gem.
    Starting Price: Free
    View Software
  • 18
    API Fuzzer

    API Fuzzer

    Fuzzapi

    API Fuzzer allows to fuzz-request attributes using common pentesting techniques and lists vulnerabilities. API Fuzzer gem accepts an API request as input and returns vulnerabilities possible in the API. Cross-site scripting vulnerability, SQL injection, blind SQL injection, XML external entity vulnerability, IDOR, API rate limiting, open redirect vulnerabilities, information disclosure flaws, info leakage through headers, and cross-site request forgery vulnerability.
    Starting Price: Free
    View Software
  • 19
    Wapiti

    Wapiti

    Wapiti

    Wapiti is a web application vulnerability scanner. Wapiti allows you to audit the security of your websites or web applications. It performs "black-box" scans (it does not study the source code) of the web application by crawling the webpages of the deployed web app, looking for scripts and forms where it can inject data. Once it gets the list of URLs, forms, and their inputs, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. Search for potentially dangerous files on the server. Wapiti supports both GET and POST HTTP methods for attacks. It also supports multipart forms and can inject payloads in filenames (upload). Warnings are raised when an anomaly is found (for example 500 errors and timeouts). Wapiti is able to make the difference between permanent and reflected XSS vulnerabilities. Generates vulnerability reports in various formats (HTML, XML, JSON, TXT, CSV).
    Starting Price: Free
    View Software
  • 20
    Echidna

    Echidna

    Crytic

    Echidna is a Haskell program designed for fuzzing/property-based testing of Ethereum smart contracts. It uses sophisticated grammar-based fuzzing campaigns based on a contract ABI to falsify user-defined predicates or Solidity assertions. We designed Echidna with modularity in mind, so it can be easily extended to include new mutations or test specific contracts in specific cases. Generates inputs tailored to your actual code. Optional corpus collection, mutation and coverage guidance to find deeper bugs. Powered by Slither to extract useful information before the fuzzing campaign. Source code integration to identify which lines are covered after the fuzzing campaign. Interactive terminal UI, text-only or JSON output. Automatic test case minimization for quick triage. Seamless integration into the development workflow. Maximum gas usage reporting of the fuzzing campaign. Support for a complex contract initialization with Etheno and Truffle.
    Starting Price: Free
    View Software
  • 21
    syzkaller
    syzkaller is an unsupervised coverage-guided kernel fuzzer. Supports FreeBSD, Fuchsia, gVisor, Linux, NetBSD, OpenBSD, and Windows. Initially, syzkaller was developed with Linux kernel fuzzing in mind, but now it's being extended to support other OS kernels as well. Once syzkaller detects a kernel crash in one of the VMs, it will automatically start the process of reproducing this crash. By default, it will use 4 VMs to reproduce the crash and then minimize the program that caused it. This may stop the fuzzing, since all of the VMs might be busy reproducing detected crashes. The process of reproducing one crash may take from a few minutes up to an hour depending on whether the crash is easily reproducible or non-reproducible at all.
    Starting Price: Free
    View Software
  • 22
    Devv

    Devv

    Devv

    Lightning-fast answers, documentation, and code snippets for your dev queries. AI-powered agents decipher your complex questions and craft tailored solutions. Seamlessly interact with your repositories for contextualized search and assistance. Unlock unlimited searches with the most powerful model GPT-4. Devv is the next-gen search engine for developers. Devv offers a new mode designed to deliver more accurate and detailed responses. Multi-agent architecture that employs different agents and language models based on the specific requirements of the task at hand. Now, you have the ability to generate Python code and execute it directly within Devv. Devv is solely dedicated to developing scenarios. This can let us focus more on building better search indices and models. Our mission is to create the premier information retrieval tool for developers.
    Starting Price: $12 per month
    View Software
  • 23
    Pynt

    Pynt

    Pynt

    Pynt is an innovative API Security Testing platform exposing verified API threats through simulated attacks. We help hundreds of companies such as Telefonica, Sage, Halodoc, and more, to continuously monitor, classify and attack poorly secured APIs, before hackers do. Pynt's leverages an integrated shift-left approach, and unique hack technology using home-grown attack scenarios, to detect real threats, discover APIs, suggest fixes to verified vulnerabilities, thereby eliminating the API attack surface risk. Thousands of companies rely on Pynt to secure the no. 1 attack surface - APIs, as part of their AppSec strategy.
    Starting Price: $1888/month
    View Software
  • 24
    Workflow Engine
    Embeddable .NET library for running workflows in .NET applications with integrated HTML5 graphical workflow designer. Designer allows you to easily create interactive workflows of any complexity, there’s no need to draft them programmatically. Workflow Engine is a backbone solution for business process management (BPM) which makes it feasible to automate the workflow design by using low-code visual builders. It is based on the .NET framework and JavaScript libraries. Workflow Engine enables workflow processing and correct integration by providing a graphic designer to create process workflow schemes and at the same time, this software component facilitates the management, execution, and visualization of workflow processes. Integration with solutions based on other technologies or databases is roughly the same and should not entail any difficulties. Workflow Engine offers its users all the components necessary to implement workflows of any complexity.
    Starting Price: $499 one-time payment
    View Software
  • 25
    Frontly

    Frontly

    Frontly

    Frontly is a modern no-code SaaS and web app builder, offering powerful features and a rapid app development process. Unlike other app builders, Frontly allows users to generate apps and components with AI, build and maintain their own library of reusable components, duplicate entire apps and pages, and even share and sell their designs in Frontly’s marketplace to earn revenue. Automate repetitive tasks, edit, and generate content with structured output using OpenAI. Turn your spreadsheets into stunning visual interfaces with tables, charts, forms, and more. Control exactly which data users can see, down to the row level with granular access controls. Add your logo, brand colors, and custom domain for professional client-facing portals. Build apps in minutes to display your data in a custom visual interface, filter data based on custom permissions, generate and revise with AI, and connect to your external systems through workflow automation integrations.
    Starting Price: $20 per month
    View Software
  • 26
    Buglab

    Buglab

    Buglab

    Automatically detect bugs and UI/UX discrepancies. Finding bugs is not only difficult but repetitive and boring too. With Buglab, you can easily detect UI/UX issues in websites, platforms, and web apps by automating the testing process. Accelerate development, and ensure client-facing software quality effortlessly while focusing on the important aspects of your business. Find UI bugs before they cost you. Buglab automates website testing by allowing you to simulate any kind of user action with just a few clicks, and without writing a single line of code. You can create any suitable sequence, to ensure your website changes are not causing any bugs or functionality changes. Once a test has been set, the system will display the results and highlight the differences between your base, and the new version of your website. Group your tests in logical suites and projects, and schedule them with different schedules.
    Starting Price: $39 per month
    View Software
  • 27
    Hooper

    Hooper

    Hooper

    Hooper brings powerful data orchestration to address distributed information across the enterprise. Its hyper-automation & low-code app platform manage & deliver information to the right people, at the right time. Hooper helps you execute strategies and processes with Rapid App Development (RAD), enabling you to design workflows for your business enterprise with a drag-and-drop-based visual designer. Manage teams and integrate with legacy systems for enhanced agility and frictionless functioning. With Hooper, you can create solutions that are tailored to your needs. From creating a complex sales management system or a simple registration portal, do it all, without coding. Hooper is a visual development-based platform, anyone can create apps and solutions without having to write code. Enable quick onboarding and collate teams with e-invites. Aided with a highly customizable privilege control system, manage visibility and interaction on a field-to-field basis.
    Starting Price: Free
    View Software
  • 28
    Reliv

    Reliv

    Reliv

    Reliv provides QA automation without a single line of code. Press the recording button and simply follow the scenario you want to test in your browser. The actions will be recognized, and a test will be automatically created. With just one click, run your test. Wait a moment, and you can check the results of the automatically executed test all at once. Run your tests before deployment, or on a daily basis. Anyone on your team can easily create and edit tests. Invite teammates to join in test management. Just write in plain text, and the AI will handle the rest. Simply describe the actions you want, the rest is taken care of by AI. You no longer need to manually check every deployment. Automate critical scenarios to prevent serious bugs. It’s 10 times faster than when developers automate using frameworks like Selenium. Run as many tests as you need without additional fees. Regularly run tests to monitor the status of your service at any time.
    Starting Price: $20 per month
    View Software
  • 29
    APIVerve

    APIVerve

    APIVerve

    Our startup revolutionizes API integration by offering a single subscription that provides access to countless APIs. With just one API key, developers can unlock a vast array of APIs without the need for multiple subscriptions or complicated setups. This innovative solution simplifies the development process, accelerates project timelines, and significantly reduces costs.
    Starting Price: $19.99
    View Software
  • 30
    Ply

    Ply

    Ply

    Build features, not apps. Supercharge work and streamline processes by building contextual, internal features into the apps you already use. Take workflows to the next level. With interfaces as steps, native support for tables, multi-level branching, and automatic performance optimization you can really build anything.
    Starting Price: $8 per month
    View Software

Related Categories