Best IT Security Software for JavaScript - Page 2
View:
Compare the Top IT Security Software that integrates with JavaScript as of July 2025 - Page 2
Sort By:
This a list of IT Security software that integrates with JavaScript. Use the filters on the left to add additional filters for products that have integrations with JavaScript. View the products that work with JavaScript in the table below.
-
1
Auth.js
Auth.js
Auth.js is an open-source authentication library designed to integrate seamlessly with modern JavaScript frameworks, providing a flexible and secure authentication experience. It supports various authentication methods, including OAuth (e.g., Google, GitHub), credentials, and WebAuthn, allowing developers to choose the most suitable approach for their applications. Auth.js is compatible with multiple frameworks, such as Next.js, SvelteKit, Express, Qwik, and SolidStart, enabling developers to implement authentication across different platforms. The library offers built-in support for popular databases like Prisma, Drizzle ORM, Supabase, Firebase, and TypeORM, facilitating user data management. Security features include signed cookies, CSRF token validation, and encrypted JSON Web Tokens (JWTs), ensuring robust protection for user data. Auth.js is designed to operate efficiently in serverless environments and provides comprehensive documentation and examples.Starting Price: Free -
2
OpenFGA
The Linux Foundation
OpenFGA is an open source authorization solution that enables developers to implement fine-grained access control using a user-friendly modeling language and APIs. Inspired by Google's Zanzibar paper, it supports various access control models, including Relationship-Based Access Control (ReBAC), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC). OpenFGA offers SDKs for multiple programming languages, such as Java, .NET, JavaScript, Go, and Python, facilitating seamless integration into diverse applications. The platform is designed for high performance, capable of processing authorization checks in milliseconds, making it suitable for projects ranging from small startups to large enterprises. Operating under the Cloud Native Computing Foundation (CNCF) as a sandbox project, OpenFGA emphasizes transparency and community collaboration, inviting contributions to its development and governance.Starting Price: Free -
3
GitHub Advanced Security
GitHub
With AI-powered remediation, static analysis, secret scanning, and software composition analysis, GitHub Advanced Security helps developers and security teams work together to eliminate security debt and keep new vulnerabilities out of code. Code scanning with Copilot Autofix detects vulnerabilities, provides contextual explanations, and suggests fixes in the pull request and for historical alerts. Solve your backlog of application security debt. Security campaigns target and generate autofixes for up to 1,000 alerts at a time, rapidly reducing the risk of application vulnerabilities and zero-day attacks. Secret scanning with push protection guards over 200 token types and patterns from more than 150 service providers, even elusive secrets like passwords and PII. Powered by security experts and a global community of more than 100 million developers, GitHub Advanced Security provides the insights and automation you need to ship more secure software on schedule.Starting Price: $49 per month per user -
4
Zebra Enterprise Browser
Zebra Technologies
Zebra's Enterprise Browser is an Android-based industrial browser that enables the development of web-based applications tailored to leverage the full capabilities of Zebra devices. It allows developers to create feature-rich applications using standard web technologies such as HTML5, CSS, and JavaScript, ensuring compatibility across various Zebra devices, including mobile computers, tablets, kiosks, wearables, and vehicle-mounted devices. The browser provides access to Zebra's extensive API library, facilitating seamless integration with device features like barcode scanning, RFID, and cameras. Additionally, Enterprise Browser supports integration with leading Enterprise Resource Planning (ERP) systems, such as SAP, through the Zebra Picking Plus API, enabling real-time updates to backend databases and streamlining operational workflows. By offering a consistent and intuitive user interface, Enterprise Browser enhances worker productivity and simplifies the development process.Starting Price: Free -
5
Qwiet AI
Qwiet AI
The Fastest Code Analysis, Hands Down. 40X faster scan times so developers never have to wait for results after submitting pull requests. The Most Accurate Results. Qwiet AI has the highest OWASP Benchmark score, which is nearly triple the commercial average and more than double the 2nd highest score. Developer-Centric Security Workflows. 96% of developers report that disconnected security and development workflows inhibit their productivity. Implementing developer-centric AppSec workflows decreases mean-time-to-remediation (MTTR), typically by 5X - enhancing both security and developer productivity. Automatically Find Business Logic Flaws in Dev. Identify vulnerabilities that are unique to your code base before they reach production. Achieve Compliance. Demonstrate and maintain compliance with security and privacy regulations such as SOC 2, PCI-DSS, GDPR, and CCPA.Starting Price: Free -
6
GuardRails
GuardRails
Empowering modern development teams to find, fix and prevent vulnerabilities related to source code, open source libraries, secret management and cloud configuration. Empowering modern development teams to find, fix, and prevent security vulnerabilities in their applications. Continuous security scanning reduces cycle times and speeds up the shipping of features. Our expert system reduces the amount of false alerts and only informs about relevant security issues. Consistent security scanning across the entire product portfolio results in more secure software. GuardRails provides a completely frictionless integration with modern Version Control Systems like Github and GitLab. GuardRails seamlessly selects the right security engines to run based on the languages in a repository. Every single rule is curated to decide whether it has a high security impact issue resulting in less noise. Has built an expert system that detects false positives that is continuously tuned to be more accurate.Starting Price: $35 per user per month -
7
ActiveState
ActiveState
ActiveState delivers Intelligent Remediation for vulnerability management, which enables DevSecOps teams to not only identify vulnerabilities in open source packages, but also to automatically prioritize, remediate, and deploy fixes into production without breaking changes, ensuring that applications are truly secured. Existing tools overwhelm DevSecOps teams with excessive vulnerability data, false positives, and a lack of prioritization, often leading to inaction and increased exposure to exploits. ActiveState’s solution provides your DevSecOps with a comprehensive view of open source vulnerability status across your application portfolio, enabling them to prioritize the vulnerabilities that matter, assess the risk of updates, and choose recommended remediation paths. The ActiveState platform centers on open source languages packaged as runtimes that can be deployed in various form factors. Low-to-no CVE container images are also available for plug-in and play needs. -
8
Phylum
Phylum
Phylum defends applications at the perimeter of the open-source ecosystem and the tools used to build software. Its automated analysis engine scans third-party code as soon as it’s published into the open-source ecosystem to vet software packages, identify risks, inform users and block attacks. Think of Phylum like a firewall for open-source code. Phylum’s database of open-source software supply chain risks is the most comprehensive and scalable offering available, and can be deployed throughout the development lifecycle depending on an organization’s infrastructure and appsec program maturity: in front of artifact repository managers, directly with package managers or in CI/CD pipelines. The Phylum policy library allows users to toggle on the blocking of critical vulnerabilities, attacks like typosquats, obfuscated code and dependency confusion, copyleft licenses, and more. Users can also leverage OPA to create custom policies. -
9
DexProtector
Licel
Instant protection for iOS and Android apps from static and dynamic attacks. A global leader in app and SDK defense with over ten billion installations. DexProtector’s approach to defending your apps is unique. Its Runtime Application Self Protection (RASP) native engine works at a system level deep within the app. From there, it interacts directly with the OS components. This helps it to control key processes and secure the most sensitive parts of your apps and libraries. DexProtector builds layers of protection on top of one another, creating a solid shield around your valuable code and assets. This hardens your apps and prevents real-time attacks. Instant, one-click integration into your CI/CD with no coding required. Protects your apps as well as the communication channel with servers. Provides a secure layer between your app and the operating system. Defends your app against both static and dynamic attacks. -
10
FortiIsolator
Fortinet
FortiIsolator allows organizations to keep their most critical, high-value targets secure from the onslaught of threats. Remote browser isolation allows users to browse the web in an isolated environment, which renders safe content in a remote container. FortiIsolator is a complete remote browser isolation solution that does not require an install on a user’s computer or device. User activity on the web passes through a remote isolation environment, protecting the end user. Clientless browser isolation quickly renders safe web content for the end user. This added layer of advanced protection increases security for your high-value data. Rendering lighter-weight web content can help prevent PC issues and let personnel focus on support. -
11
Kontra
Security Compass
Kontra was built by industry veterans who invented and pioneered the first interactive application security training platform. We don't offer secure coding quizzes, that are effectively re-skinned multiple-choice questions. If that's your idea of educating developers about software security, we are not the company for you. Developers are who we serve. Adding artificial metrics, meaningless rewards, and silly badges is not what we do. We respect their time far too much to patronize them with these gimmicks. The days of heavily scripted OWASP Top 10 training videos with robotic voice-overs are over. Interactive storytelling with realness and purpose in short bursts is what puts developers in the middle of the action and drives a truly engaging learning experience. Developers are more engaged in training if the content has a basis in reality rather than contrived examples. We set out to design the most beautiful application security training experience ever built.Starting Price: $400 per year -
12
CredoLab
CredoLab
Help your risk, fraud, and marketing teams make better decisions with advanced behavioral analytics based on smartphone and web metadata. Join 150+ financial companies, banks, and fintech unicorns already using CredoLab platform to enrich their data and unlock revenue opportunities for sustainable growth and innovation. Designed to be seamlessly embedded into your products, providing unparalleled real-time data-driven solutions for your business needs. Greater predictive power, 100% hit rate, lower cost of risk, higher approval rate. Top-of-the-funnel data, real-time device velocity checks, and predictive behavior-based scores. Better user engagement with personality-based and outcome-based marketing campaigns. Granular and real-time behavioral insights for a deeper understanding of all users. Once embedded in your products, it delivers value across the entire organization. It also works as a standalone or as a complement to existing risk, fraud, and marketing solutions.Starting Price: $600 per month -
13
DeviceID
DeviceID
Our ML-powered platform instantly reveals your traffic allowing you to identify your users even if they try to hide their identity. detect attacks and bots, access extensive real-time analytics, and enjoy the most advanced identification method. We support the most popular browsers and programming languages so you can easily identify your users across all devices and browsers. The culmination of our meticulous identification process is the delivery of a comprehensive response. This response includes a unique and persistent identifier for the device, ensuring reliable user recognition across sessions. Furthermore, you'll receive a detailed analysis of the client's device, encompassing a wealth of information gleaned from our advanced fingerprinting techniques and machine learning analysis. This includes data points such as the user's browser version, operating system, and potential threat scores.Starting Price: $50 per month -
14
Imperva Client-Side Protection
Imperva
Client-Side Protection provides real-time monitoring of all client-side resources and JavaScript behavior. Gain control over all first and third-party JavaScript code embedded on your website. Actionable insights make it easy to identify risky resources and scripts that should not load on your client side. And if any JavaScript code is compromised, your security team is the first to know. Provides comprehensive inventorying, authorization, dynamic integrity verification, and real-time monitoring, helping streamline regulatory compliance with the new client-side security requirements introduced in PCI DSS 4.0. Protect your website against client-side attacks and streamline regulatory compliance with PCI DSS 4.0. Client-side attacks increase as web applications shift to client-side logic and incorporate more third-party code and resources. These attacks can directly steal sensitive customer data, resulting in breaches and noncompliance with data privacy regulations. -
15
Client-Side Protection helps protect against end-user data exfiltration and shield websites from JavaScript threats. It analyzes script behavior in real-time, provides actionable insights in a single dashboard view, and delivers alerts to mitigate harmful script activity. Designed for PCI DSS v4.0, the solution helps businesses meet new script security requirements and safeguards against client-side attacks. Inject simple scripts into each monitored page without meaningfully impacting performance. Monitor and assess script activity from the browser while machine learning techniques analyze the risk of unauthorized action. Get real-time alerts, with detailed information about mitigation, if an active threat or attack is found. Immediately restrict malicious scripts from accessing and exfiltrating sensitive data on protected pages with one click. Defend your site from client-side threats. Ease compliance with PCI DSS v4.0. Strengthen your web page integrity.
-
16
ZeroThreat
ZeroThreat
ZeroThreat.ai is an advanced AI-driven cybersecurity platform designed to help organizations proactively detect, prevent, and respond to cyber threats before they cause damage. Focused on human risk management, ZeroThreat.ai addresses the growing challenge of social engineering attacks, such as phishing and spear-phishing, which often target employees as entry points for breaches. By using artificial intelligence and machine learning, ZeroThreat.ai monitors communication channels in real-time, identifying suspicious behaviors, risky links, and potentially malicious content. The platform provides automated threat detection and alerts, enabling security teams to act quickly and neutralize risks. Additionally, ZeroThreat.ai includes personalized training modules that help educate employees on how to recognize and avoid cyber threats, creating a security-aware workforce. Its intuitive dashboard offers clear analytics and risk scoring. -
17
Pixee
Pixee
Pixee is an AI-powered automated product security engineer that integrates seamlessly into your development workflow, monitoring repositories and pull requests to provide high-quality fixes instantly. It triages scanner alerts from tools like Sonar, Snyk, and Semgrep, delivering code fixes and unlocking the velocity of GenAI-driven development. Pixee operates like a trusted specialist teammate, fitting into your workflow and current tooling without being a distraction, supporting languages such as Java, Python, JavaScript, Node.js, .NET/C#, and Go. It provides expert security context on each finding to filter out false positives, elevate true positives, and recommend actions, freeing your team from endless manual review. Pixee turns findings into actionable pull requests that developers can review and merge, enabling auto-remediation at scale without the grind.Starting Price: $29 per month -
18
BlueClosure
Minded Security
BlueClosure can analyse any codebase written with JavaScript frameworks like Angular.js, jQuery, Meteor.js, React.js and many more. Realtime Dynamic Data Tainting. BlueClosure Detect uses an advanced Javascript Instrumentation engine to understand the code. By leveraging our proprietary technology the BC engine can inspect any code, no matter how obfuscated it is. Scanning Automation. BlueClosure technology can automatically scan an entire website. This is the fastest way to scan and analyse BIG enterprise portals with rich Javascript content as a tester would with his browser. Near-Zero False Positives. Data Validation and Context Awareness makes the use of a dynamic runtime tainting model on strings even more powerful, as it understands if a client side vulnerability is actually exploitable. -
19
Edgio
Edgio
Securely deliver sub-second web applications, stream high quality OTT and live events, or distribute large file quickly to customers around the globe. Supported by Edgio experts in security, web applications, CDN, and managed streaming services. Edgio Uplynk: Optimize streaming with Edgio Uplynk our streaming management and orchestration platform backed by our OTT/live event services team. Cut costs, increase ad revenue, and delivery high quality experiences Edgio Delivery: Power your streaming media and large file downloads on one of the world’s largest, most advanced global CDNs. Edgio Open Edge: Improve the viewing experience by embedding the edge into your own network with Edgio’s fully managed CDN. -
20
Code Intelligence
Code Intelligence
Our platform uses various security techniques, including coverage-guided and feedback-based fuzz testing, to automatically generate millions of test cases that trigger hard-to-find bugs deep within your application. This white-box approach protects against edge cases and speeds up development. Advanced fuzzing engines generate inputs that maximize code coverage. Powerful bug detectors check for errors during code execution. Uncover true vulnerabilities only. Get the input and stack trace as proof, so you can reliably reproduce errors every time. AI white-box testing uses data from all previous test runs to continuously learn the inner-workings of your application, triggering security-critical bugs with increasingly high precision. -
21
Riscure True Code
Riscure
True Code helps development teams efficiently deliver secure code by automating vulnerability identification in the SDLC and DevSecOps process. True Code enables natural collaboration between security evaluators and the development team to discover vulnerabilities as early as possible and resolve issues with better efficiency to make the shift to the left. Leveraging years of experience in connected device security in many industries to prevent hacks that bring down customer trust, cause revenue loss and costly mitigations after the product release. Up until now the process of software evaluation was a manual task with correspondingly high costs and long lead times. It is also quite common that an evaluation takes place at the end of the development cycle causing higher costs to resolve issues as opposed to when issues would have been found in the development phase. -
22
Symantec Web Isolation
Broadcom
Symantec Web Isolation executes web sessions away from endpoints, sending only a safe rendering of information to users’ browsers thereby preventing any website-delivered zero-day malware from reaching your devices. When combined with Symantec Secure Web Gateways, policies drive traffic from uncategorized sites or URLs with suspicious or potentially unsafe risk profiles through Isolation for safe browsing. By integrating with Symantec messaging solutions, Web Isolation isolates links in email to prevent phishing threats and credential attacks. Web Isolation protects against emails with links to malicious websites, so they cannot deliver malware, ransomware and other advanced attacks. It also prevents users from submitting corporate credentials and other sensitive information to unknown and malicious websites by rendering pages in read-only mode. -
23
TrueZero Tokenization
Spring Labs
TrueZero’s vaultless data privacy API replaces sensitive PII with tokens allowing you to easily reduce the impact of data breaches, share data more freely and securely, and minimize compliance overhead. Our tokenization solutions are leveraged by leading financial institutions. Wherever PII is stored, and however it is used, TrueZero Tokenization replaces and protects your data. More securely authenticate users, validate their information, and enrich their profiles without ever revealing sensitive data (e.g. SSN) to partners, other internal teams, or third-party services. TrueZero minimizes your in-scope environments, speeding up your time to comply by months and saving you potentially millions in build/partner costs. Data breaches cost $164 per breached record, tokenize PII & protect your business from data loss penalties and loss of brand reputation. Store tokens and run analytics in the same way you would with raw data. -
24
Rebuff AI
Rebuff AI
Store embeddings of previous attacks in a vector database to recognize and prevent similar attacks in the future. Use a dedicated LLM to analyze incoming prompts and identify potential attacks. Add canary tokens to prompts to detect leakages, allowing the framework to store embeddings about the incoming prompt in the vector database and prevent future attacks. Filter out potentially malicious input before it reaches the LLM. -
25
Syhunt Hybrid
Syhunt
Syhunt dynamically injects data in web applications and analyzes the application response to determine if the application code is vulnerable, automating the web application security testing and proactively guarding your organization's Web infrastructure against several kinds of web application security threats. Syhunt Hybrid follows simple GUI standards, prioritizing ease of use and automation and thus requiring minimal to no user intervention before or during scans despite a large number of customization options. Compare past scan sessions to determine new, unchanged or removed vulnerabilities. Generate a comparison report that displays the evolution of vulnerabilities over time by automatically comparing previous scan session data related to a specific target. -
26
AppSec Labs
AppSec Labs
AppSec Labs is a dedicated application security organization, positioned in the top 10 application security companies worldwide. Our mission is to share our hands-on experience, by providing cutting-edge penetration tests, training/academy & consulting. Full cycle application security consulting services, from design to production. Penetration testing and security assessment services for web, desktop, and mobile applications. High-end, hands-on, training in secure coding and penetration testing on a variety of platforms. We work with a multitude of clients from different industry vectors. In addition to our high-profile customers, we work with small companies and young start-ups. Working with a diverse range of companies from the fields of technology, finance, commerce, HLS, and many more, enables us to allocate the best-suited, experienced, and most naturally-inclined team member to each client, guaranteeing the highest level of service. -
27
IPQS Device Fingerprinting
IPQualityScore
Access over 25 data points for device fingerprinting details to analyze risk and device info. Device Fingerprinting by IPQS offers an unparalleled fraud detection solution capable of detecting even the most advanced fraudsters, bad actors, and cyber criminals. Scan over 300 data points (like operating system, screen resolution, fonts) to accurately identify fake devices, location spoofing, and high-risk behavior in a user's online fingerprint. Identify bots, automated behavior, device spoofing, & other high-confidence signals that the user is likely to engage in fraudulent behavior. Deploy JavaScript device fingerprinting for web devices or use our SDKs for mobile devices on iOS or Android. Robust risk scoring will accurately identify fake accounts, chargebacks, credential stuffing, bot behavior, and similar abuse. IPQS Device Fingerprinting can reveal advanced fraud techniques including the latest emulator software. -
28
Protect against Magecart, formjacking, skimming, PII harvesting, and other critical security vulnerabilities. Fill the gap in your security defenses. Gain visibility and control of third-party JavaScript libraries running in your web applications to keep customers’ personal and financial data out of the hands of criminals. Mitigate risk by monitoring JavaScript libraries in real time to identify vulnerabilities and anomalous behavior that could compromise customer data. Avoid customer fraud and compliance fines. Protect against data theft that would undermine customer confidence and damage your brand. Stop software supply chain attacks. Detect and track all third-party scripts running on your site to identify suspicious scripts or changes in the behavior of trusted scripts. Prevent credential stuffing on the client side to block account takeover attempts. Proactively monitor web apps in the browser to catch criminals in the act.
-
29
Radware Client-Side Protection
Radware
Cybercriminals are targeting an unmonitored source for personal and financial data, the application supply chain. This includes the dozens of automatically trusted third-party services embedded in your application environments that can expose user-entered addresses, credit card numbers, and more. Protect the data path between end users’ browsers and third-party services by extending Radware’s blanket of security to your application supply chain. Our advanced client-side protection complies with new PCI-DSS 4.0 requirements, so you can keep your customer data safe, and your reputation intact. Discover third-party scripts and services running on the browser side of your application. Receive real-time activity tracking alerts and threat-level assessments according to multiple indicators (compliant with PCI-DSS 4 regulations). Prevent data leakage by blocking destinations that are unknown or have illegitimate parameters. -
30
otto-js
otto
otto-js understands what it takes to work with small & mid-sized businesses. While many SMBs choose otto-js directly through one of our many no-code platform plugins, for large partners, who also service the SMB market, we have a flexible, robust, API capable of onboarding thousands of customers in a flash. We work with others to help consolidate vendor sprawl, consolidating costs & integration time. otto-js is committed to being there when you need us, regardless of platforms, stack, and integrations. That's why we've kept our learning curb low and our return on value high. Shoppers are more than 90% more likely to buy online from brands they trust. Proving you are a safe and compliant website is one of the number one ways to develop trust quickly and increase conversions.
