Best IT Security Software for Eclipse IDE

Security Solutions For Your DevOps Process. Automatically scan your code to identify and remediate vulnerabilities. Compliant with the most stringent security standards, such as OWASP and CWE, Kiuwan Code Security covers all important languages and integrates with leading DevOps tools. Effective static application security testing and source code analysis, with affordable solutions for teams of all sizes. Kiuwan includes a variety of essential functionality in a single platform that can be integrated directly into your internal development infrastructure. Fast Vulnerability Detection: Easy and instant setup. Start scanning and get results in just minutes. DevOps Approach To Code Security: Integrate Kiuwan with your Ci/CD/DevOps pipeline to automate your security process. Flexible Licensing Options: Plenty of options, one time scans or continuous scanning. Kiuwan also offers a Saas or On-Premise model.

Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world. Our developer-first approach ensures organizations can secure all of the critical components of their applications from code to cloud, leading to increased developer productivity, revenue growth, customer satisfaction, cost savings and an overall improved security posture. Snyk’s Developer Security Platform automatically integrates with a developer’s workflow and is purpose-built for security teams to collaborate with their development teams. Snyk is used by 1,200 customers worldwide today, including industry leaders such as Asurion, Google, Intuit, MongoDB, New Relic, Revolut and Salesforce. Snyk is recognized on the Forbes Cloud 100 2021, the 2021 CNBC Disruptor 50 and was named a Visionary in the 2021 Gartner Magic Quadrant for AST.

The YAG-Suite is a French made innovative tool which brings SAST one step beyond. Based on static analysis and machine learning, YAGAAN offers customers more than a source code scanner : it offers a smart suite of tools to support application security audits as well as security and privacy by design DevSecOps processes. Beyond classic vulnerability detection, the YAG-Suite focuses the team attention on the problems that really matter in their business context, it supports developers in their understanding of the vulnerability causes and impacts. Its contextual remediation support them in fixing efficiently the problems while improving their secure coding skills. Additionally, YAG-Suite's unprecedented 'code mining' support security investigations of an unknown application with mapping all relevant code features and security mechanisms and offers querying capabilities to search for 0-days or non automatically detectable risks. PHP, Java and Python are supported. JS, C/C++ coming soon

IRI FieldShield® is powerful and affordable data discovery and masking software for PII in structured and semi-structured sources, big and small. Use FieldShield utilities in Eclipse to profile, search and mask data at rest (static data masking), and the FieldShield SDK to mask (or unmask) data in motion (dynamic data masking). Classify PII centrally, find it globally, and mask it consistently. Preserve realism and referential integrity via encryption, pseudonymization, redaction, and other rules for production and test environments. Delete, deliver, or anonymize data subject to DPA, FERPA, GDPR, GLBA, HIPAA, PCI, POPI, SOX, etc. Verify compliance via human- and machine-readable search reports, job audit logs, and re-identification risk scores. Optionally mask data as you map it. Apply FieldShield functions in IRI Voracity ETL, federation, migration, replication, subsetting, or analytic jobs. Or, run FieldShield from Actifio, Commvault or Windocks to mask DB clones.

Voracity is the only high-performance, all-in-one data management platform accelerating AND consolidating the key activities of data discovery, integration, migration, governance, and analytics. Voracity helps you control your data in every stage of the lifecycle, and extract maximum value from it. Only in Voracity can you: 1) CLASSIFY, profile and diagram enterprise data sources 2) Speed or LEAVE legacy sort and ETL tools 3) MIGRATE data to modernize and WRANGLE data to analyze 4) FIND PII everywhere and consistently MASK it for referential integrity 5) Score re-ID risk and ANONYMIZE quasi-identifiers 6) Create and manage DB subsets or intelligently synthesize TEST data 7) Package, protect and provision BIG data 8) Validate, scrub, enrich and unify data to improve its QUALITY 9) Manage metadata and MASTER data. Use Voracity to comply with data privacy laws, de-muck and govern the data lake, improve the reliability of your analytics, and create safe, smart test data

Reduce MTTD & MTTR with full coverage within minutes of using. Full DevSecOps toolchain across your all environments, implementing and collecting evidence as part of your continuous security. Unified and de-duplicated across all the layers we orchestrate. One line to add several thousand checks + AI. It was built with security in mind, and we have avoided common security mistakes and pitfalls. Understands modern technologies. All are callable via REST API. Integrateable with CI/CD systems, lightweight and fast. You can self-host it for 100% code control and transparency, or run source available binary only in your own CI/CD. Use a source-available solution for complete control and transparency. Trivial setup, no software installation, compatible with many programming languages. Detects more than several thousand code and infrastructure issues and counting. You can review the issues, mark them as false positives, and collaborate on issues.

Take control of your open source software management. Empower your organization to manage open source software (OSS) and third-party components. FlexNet Code Insight helps development, legal and security teams to reduce open source security risk and manage license compliance with an end-to-end system. FlexNet Code Insight is a single integrated solution for open source license compliance and security. Find vulnerabilities and remediate associated risk while you build your products and during their entire lifecycle. Manage open source license compliance, add automation to your processes, and implement a formal OSS strategy that balances business benefits and risk management. Integrate with build tools, CI/CD and SCM tools, artifact repositories, external repositories or build your own integrations using the FlexNet Code Insight REST API framework to make code scanning easy and effective.

The Checkmarx Software Security Platform provides a centralized foundation for operating your suite of software security solutions for Static Application Security Testing (SAST), Interactive Application Security Testing (IAST), Software Composition Analysis (SCA), and application security training and skills development. Built to address every organization’s needs, the Checkmarx Software Security Platform provides the full scope of options: including private cloud and on-premises solutions. Allowing a range of implementation options ensures customers can start securing their code immediately, rather than going through long processes of adapting their infrastructure to a single implementation method. The Checkmarx Software Security Platform transforms the standard for secure application development, providing one powerful resource with industry-leading capabilities.

A new kind of security designed for the way software is created. Resolve security issues minutes after installation by integrating security into your toolchain. Because Contrast agents monitor code and report from inside the application, developers can finally find and fix vulnerabilities without requiring security experts. That frees up security teams to focus on providing governance. Contrast Assess deploys an intelligent agent that instruments the application with smart sensors. The code is analyzed in real time from within the application. Instrumentation minimizes the false positives that slow down developers and security teams. Resolve security issues minutes after installation by integrating security into your toolchain. Contrast Assess integrates seamlessly into the software life cycle and into the tool sets that development and operations teams are already using, including native integration with ChatOps, ticketing systems and CI/CD tools, and a RESTful API.

The industry’s first IAST solution with active verification and sensitive-data tracking for web-based applications. Automatically retests identified vulnerabilities and validates whether they are real and can be exploited. Is more accurate than traditional dynamic testing. Provides a real-time view of the top security vulnerabilities. Sensitive-data tracking shows you where your most critical information is stored without sufficient encryption, helping ensure compliance with key industry standards and regulations, including PCI DSS and GDPR. Seeker is easy to deploy and scale in your CI/CD development workflows. Native integrations, web APIs, and plugins provide seamless integration with the tools you use for on-premises, cloud-based, microservices-based, and container-based development. You’ll get accurate results out of the box, without extensive configuration, custom services, or tuning.

Platform for detecting security vulnerabilities and analyzing code quality of applications. bugScout was born in 2010, with the objective of promoting global application security through audit and DevOps processes. Our purpose is to promote a culture of safe development and thus provide protection for your company’s information, assets and reputation. Designed by ethical hackers and reputable security auditors, bugScout® follows international security rules and standards and is at the forefront of cybercrime techniques to keep our customers’ applications safe and secure. We combine security with quality, offering the lowest false positive rate on the market and the fastest analysis. Lightest platform on the market, 100% integrated with SonarQube. A platform that unites SAST and IAST, promoting the most complete and versatile source code audit on the market for the detection of Application Security Vulnerabilities.

Defensics is a comprehensive, versatile, automated black box fuzzer that enables organizations to efficiently and effectively discover and remediate security weaknesses in software. Identify defects and zero-day vulnerabilities in services and protocols​. The generational fuzzer takes an intelligent, targeted approach to negative testing. Advanced file and protocol template fuzzers enable users to build their own test cases. The SDK allows expert users to use the Defensics framework to develop their own test cases. Defensics is a black box fuzzer, meaning it doesn’t require source code to run. With Defensics, users can secure their cyber supply chain to ensure the interoperability, robustness, quality, and security of software and devices before introducing them into IT or lab environments. Properly executed fuzzing techniques can provide a low-cost, efficient means of finding vulnerabilities, covering more code paths and value iterations than a manual analysis can perform.

Onapsis is the industry standard for business application cybersecurity. Integrate your SAP and Oracle business applications into your existing security & compliance programs. Assess your attack surface to discover, analyze, & prioritize SAP vulnerabilities. Control and secure your SAP custom code development lifecycle, from development to production. Defend your landscape with SAP threat monitoring, fully integrated into your SOC. Comply with industry regulations and audits with less effort by harnessing the power of automation. Onapsis offers the only cybersecurity and compliance solution endorsed by SAP. Cyber threats evolve by the hour. Business applications don’t face static risk, you need a team of experts tracking, identifying, and defending against emerging threats. We are the only organization with an offensive security team dedicated to the unique threats affecting ERP and core business applications, from zero-days to TTPs of internal and external threat actors.

Veracode offers a holistic, scalable way to manage security risk across your entire application portfolio. We are the only solution that can provide visibility into application status across all testing types, including SAST, DAST, SCA, and manual penetration testing, in one centralized view.