Alternatives to Defensics Fuzz Testing
Compare Defensics Fuzz Testing alternatives for your business or organization using the curated list below. SourceForge ranks the best alternatives to Defensics Fuzz Testing in 2026. Compare features, ratings, user reviews, pricing, and more from Defensics Fuzz Testing competitors and alternatives in order to make an informed decision for your business.
-
1
LibFuzzer
LLVM Project
LibFuzzer is an in-process, coverage-guided, evolutionary fuzzing engine. LibFuzzer is linked with the library under test, and feeds fuzzed inputs to the library via a specific fuzzing entry point (or target function); the fuzzer then tracks which areas of the code are reached, and generates mutations on the corpus of input data in order to maximize the code coverage. The code coverage information for libFuzzer is provided by LLVM’s SanitizerCoverage instrumentation. LibFuzzer is still fully supported in that important bugs will get fixed. The first step in using libFuzzer on a library is to implement a fuzz target, a function that accepts an array of bytes and does something interesting with these bytes using the API under test. Note that this fuzz target does not depend on libFuzzer in any way so it is possible and even desirable to use it with other fuzzing engines like AFL and/or Radamsa.Starting Price: Free -
2
BlackArch Fuzzer
BlackArch
BlackArch is a Linux pentesting distribution based on ArchLinux. BlackArch Fuzzer provides packages that use the fuzz testing principle. -
3
Atheris
Google
Atheris is a coverage-guided Python fuzzing engine. It supports fuzzing of Python code, but also native extensions written for CPython. Atheris is based on libFuzzer. When fuzzing native code, Atheris can be used to catch extra bugs. Atheris supports Linux (32- and 64-bit) and Mac OS X, with Python versions 3.6-3.10. It comes with a built-in libFuzzer, which is fine for fuzzing Python code. If you plan to fuzz native extensions, you may need to build from source to ensure the libFuzzer version in Atheris matches your Clang version. Atheris relies on libFuzzer, which is distributed with Clang. Apple Clang doesn't come with libFuzzer, so you'll need to install a new version of LLVM. Atheris is based on a coverage-guided mutation-based fuzzer (LibFuzzer). This has the advantage of not requiring any grammar definition for generating inputs, making its setup easier. The disadvantage is that it will be harder for the fuzzer to generate inputs for code that parses complex data types.Starting Price: Free -
4
american fuzzy lop
Google
American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage for the fuzzed code. The compact synthesized corpora produced by the tool are also useful for seeding other, more labor or resource-intensive testing regimes down the road. Compared to other instrumented fuzzers, afl-fuzz is designed to be practical, it has a modest performance overhead, uses a variety of highly effective fuzzing strategies and effort minimization tricks, requires essentially no configuration, and seamlessly handles complex, real-world use cases, say, common image parsing or file compression libraries. It's an instrumentation-guided genetic fuzzer capable of synthesizing complex file semantics in a wide range of non-trivial targets.Starting Price: Free -
5
Honggfuzz
Google
Honggfuzz is a security-oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW-based). It’s multi-process and multi-threaded, there’s no need to run multiple copies of your fuzzer, as Honggfuzz can unlock the potential of all your available CPU cores with a single running instance. The file corpus is automatically shared and improved between all fuzzed processes. It’s blazingly fast when the persistent fuzzing mode is used. A simple/empty LLVMFuzzerTestOneInput function can be tested with up to 1mo iteration per second on a relatively modern CPU. Has a solid track record of uncovered security bugs, the only (to date) vulnerability in OpenSSL with the critical score mark was discovered by Honggfuzz. As opposed to other fuzzers, it will discover and report hijacked/ignored signals from crashes (intercepted and potentially hidden by a fuzzed program).Starting Price: Free -
6
ToothPicker
Secure Mobile Networking Lab
ToothPicker is an in-process, coverage-guided fuzzer for iOS. It was developed to specifically target iOS's Bluetooth daemon and to analyze various Bluetooth protocols on iOS. As it is built using FRIDA, it can be adapted to target any platform that runs FRIDA. This repository also includes an over-the-air fuzzer with an exemplary implementation to fuzz Apple's MagicPairing protocol using InternalBlue. Additionally, it contains the ReplayCrashFile script that can be used to verify crashes the in-process fuzzer has found. This is a very simple fuzzer that only flips bits and bytes of inactive connections. No coverage, no injection, but nice as a demo and stateful. Runs just with Python and Frida, no modules or installation are required. ToothPicker is built on the codebase of frizzer. It is recommended to set up a virtual Python environment for frizzer. Starting from the iPhone XR/Xs, PAC has been introduced.Starting Price: Free -
7
Boofuzz
Boofuzz
Boofuzz is a fork of and the successor to the venerable Sulley fuzzing framework. Besides numerous bug fixes, Boofuzz aims for extensibility. Like Sulley, Boofuzzincorporates all the critical elements of a fuzzer like easy and quick data generation, instrumentation and failure detection, target reset after failure, and recording of test data. Much easier install experience and support for arbitrary communications mediums. Built-in support for serial fuzzing, ethernet- and IP-layer, UDP broadcast. Better recording of test data, consistent, thorough, and clear. Test result CSV export and extensible instrumentation/failure detection. Boofuzz installs as a Python library used to build fuzzer scripts. It is strongly recommended to set up Boofuzz in a virtual environment.Starting Price: Free -
8
Awesome Fuzzing
secfigo
Awesome Fuzzing is a list of fuzzing resources including books, courses, both free and paid, videos, tools, tutorials, and vulnerable applications to practice in order to learn fuzzing and initial phases of exploit development like root cause analysis. Courses/training videos on fuzzing, videos talking about fuzzing techniques, tools, and best practices. Conference talks and tutorials, blogs, tools that help in fuzzing applications, and fuzzers that help in fuzzing applications that use network-based protocols like HTTP, SSH, SMTP, etc. Search and pick the exploits, that have respective apps available for download, and reproduce the exploit by using the fuzzer of your choice. Set of tests for fuzzing engines. Includes different well-known bugs. A corpus, including various file formats for fuzzing multiple targets in the fuzzing literature.Starting Price: Free -
9
ClusterFuzz
Google
ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software. Google uses ClusterFuzz to fuzz all Google products and as the fuzzing backend for OSS-Fuzz. ClusterFuzz provides many features to seamlessly integrate fuzzing into a software project’s development process. Fully automatic bug filing, triage, and closing for various issue trackers. Supports multiple coverages guided fuzzing engines for optimal results (with ensemble fuzzing and fuzzing strategies). Statistics for analyzing fuzzer performance, and crash rates. Easy to use web interface for management and viewing crashes. Support for various authentication providers using Firebase. Support for black-box fuzzing, test case minimization, and regression finding through bisection. -
10
Google ClusterFuzz
Google
ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software. Google uses ClusterFuzz to fuzz all Google products and as the fuzzing backend for OSS-Fuzz. ClusterFuzz provides many features to seamlessly integrate fuzzing into a software project’s development process. Fully automatic bug filing, triage, and closing for various issue trackers. Supports multiple coverages guided fuzzing engines for optimal results (with ensemble fuzzing and fuzzing strategies). Statistics for analyzing fuzzer performance, and crash rates. Easy to use web interface for management and viewing crashes. Support for various authentication providers using Firebase. Support for black-box fuzzing, test case minimization, and regression finding through bisection.Starting Price: Free -
11
BFuzz
RootUp
BFuzz is an input-based fuzzer tool that takes HTML as an input, opens up your browser with a new instance, and passes multiple test cases generated by domato which is present in the recurve folder of BFuzz, more over BFuzz is an automation that performs the same task repeatedly and it doesn't mangle any test cases. Running BFuzz will ask for the option of whether to fuzz Chrome or Firefox, however, this will open Firefox from recurve and create the logs on the terminal. BFuzz is a small script that enables you to open the browser and run test cases. The test cases in recurve are generated by the domato generator and contain the main script. It contains additional helper code for DOM fuzzing.Starting Price: Free -
12
Jazzer
Code Intelligence
Jazzer is a coverage-guided, in-process fuzzer for the JVM platform developed by Code Intelligence. It is based on libFuzzer and brings many of its instrumentation-powered mutation features to the JVM. You can use Docker to try out Jazzer's autofuzz mode, which automatically generates arguments to a given Java function and reports unexpected exceptions and detected security issues. You can also use GitHub release archives to run a standalone Jazzer binary that starts its own JVM configured for fuzzing.Starting Price: Free -
13
API Fuzzer
Fuzzapi
API Fuzzer allows to fuzz-request attributes using common pentesting techniques and lists vulnerabilities. API Fuzzer gem accepts an API request as input and returns vulnerabilities possible in the API. Cross-site scripting vulnerability, SQL injection, blind SQL injection, XML external entity vulnerability, IDOR, API rate limiting, open redirect vulnerabilities, information disclosure flaws, info leakage through headers, and cross-site request forgery vulnerability.Starting Price: Free -
14
OWASP WSFuzzer
OWASP
Fuzz testing or fuzzing is a software testing technique, that basically consists in finding implementation bugs using malformed/semi-malformed data injection in an automated fashion. Let’s consider an integer in a program, which stores the result of a user’s choice between 3 questions. When the user picks one, the choice will be 0, 1, or 2, which makes three practical cases. Integers are stored as a static size variable. If the default switch case hasn’t been implemented securely, the program may crash and lead to “classical” security issues. Fuzzing is the art of automatic bug finding, and its role is to find software implementation faults and identify them if possible. A fuzzer is a program that automatically injects semi-random data into a program/stack and detects bugs. The data-generation part is made of generators, and vulnerability identification relies on debugging tools. Generators usually use combinations of static fuzzing vectors. -
15
Peach Fuzzer
Peach Tech
Peach is a SmartFuzzer that is capable of performing both generation and mutation-based fuzzing. Peach requires the creation of Peach Pit files that define the structure, type information, and relationships in the data to be fuzzed. It additionally allows for the configuration of a fuzzing run including selecting a data transport (publisher), logging interface, etc. Peach has been under active development since 2004 and is in its third major version. Fuzzing continues to be the fastest way to find security issues and test for bugs. Effective hardware fuzzing with Peach will introduce students to the fundamentals of device fuzzing. Peach was designed to fuzz any type of data consumer from servers to embedded devices. Researchers, corporations, and governments already use Peach to find vulnerabilities in hardware. This course will focus on using Peach to target embedded devices and collect information from the device in the event of a crash.Starting Price: Free -
16
Sulley
OpenRCE
Sulley is a fuzzing engine and fuzz testing framework consisting of multiple extensible components. Sulley (IMHO) exceeds the capabilities of most previously published fuzzing technologies, commercial and public domain. The goal of the framework is to simplify not only data representation but to simplify data transmission and instrumentation. A pure-Python fully automated and unattended fuzzing framework. Sulley not only has impressive data generation but has taken this a step further and includes many other important aspects a modern fuzzer should provide. Sulley watches the network and methodically maintains records. Sulley instruments and monitors the health of the target, capable of reverting to a known good state using multiple methods. Sulley detects, tracks, and categorizes detected faults. Sulley can fuzz in parallel, significantly increasing test speed. Sulley can automatically determine what unique sequence of test cases triggers faults.Starting Price: Free -
17
go-fuzz
dvyukov
Go-fuzz is a coverage-guided fuzzing solution for testing Go packages. Fuzzing is mainly applicable to packages that parse complex inputs (both text and binary) and is especially useful for hardening systems that parse inputs from potentially malicious users (anything accepted over a network). go-fuzz has recently added preliminary support for fuzzing Go Modules. If you encounter a problem with modules, please file an issue with details. Data is a random input generated by go-fuzz, note that in most cases it is invalid. The function must return 1 if the fuzzer should increase the priority of the given input during subsequent fuzzing if the input must not be added to the corpus even if it gives new coverage, and 0 otherwise; other values are reserved for future use. The fuzz function must be in a package that go-fuzz can import. This means the code you want to test can't be in package main. Fuzzing internal packages is supported, however.Starting Price: Free -
18
Fuzzapi
Fuzzapi
Fuzzapi is a tool used for REST API pentesting and uses API Fuzzer and provides UI solutions for gem.Starting Price: Free -
19
Tayt
Crytic
Tayt is a StarkNet smart contract fuzzer. We recommend using a Python virtual environment. When starting you will see the properties to be checked and the external functions used to generate a sequence of transactions. Eventually, if a property is violated a call sequence will be presented with the order of functions to be called, the respective arguments passed, the caller address, and the events emitted. With Tayt, you can test a contract that deploys other contracts.Starting Price: Free -
20
Radamsa
Aki Helin
Radamsa is a test case generator for robustness testing or fuzzer. It is typically used to test how well a program can withstand malformed and potentially malicious inputs. It works by reading sample files of valid data and generating interestingly different outputs from them. The main selling points of Radamsa are that it has already found a slew of bugs in programs that actually matter, it is easily scriptable, and, easy to get up and running. Fuzzing is one of the techniques to find unexpected behavior in programs. The idea is simply to subject the program to various kinds of inputs and see what happens. There are two parts to this process: getting the various kinds of inputs and how to see what happens. Radamsa is a solution to the first part, and the second part is typically a short shell script. Testers usually have a more or less vague idea of what should not happen, and they try to find out if this is so.Starting Price: Free -
21
syzkaller
Google
syzkaller is an unsupervised coverage-guided kernel fuzzer. Supports FreeBSD, Fuchsia, gVisor, Linux, NetBSD, OpenBSD, and Windows. Initially, syzkaller was developed with Linux kernel fuzzing in mind, but now it's being extended to support other OS kernels as well. Once syzkaller detects a kernel crash in one of the VMs, it will automatically start the process of reproducing this crash. By default, it will use 4 VMs to reproduce the crash and then minimize the program that caused it. This may stop the fuzzing, since all of the VMs might be busy reproducing detected crashes. The process of reproducing one crash may take from a few minutes up to an hour depending on whether the crash is easily reproducible or non-reproducible at all.Starting Price: Free -
22
Wapiti
Wapiti
Wapiti is a web application vulnerability scanner. Wapiti allows you to audit the security of your websites or web applications. It performs "black-box" scans (it does not study the source code) of the web application by crawling the webpages of the deployed web app, looking for scripts and forms where it can inject data. Once it gets the list of URLs, forms, and their inputs, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. Search for potentially dangerous files on the server. Wapiti supports both GET and POST HTTP methods for attacks. It also supports multipart forms and can inject payloads in filenames (upload). Warnings are raised when an anomaly is found (for example 500 errors and timeouts). Wapiti is able to make the difference between permanent and reflected XSS vulnerabilities. Generates vulnerability reports in various formats (HTML, XML, JSON, TXT, CSV).Starting Price: Free -
23
Ffuf
Ffuf
Ffuf is a fast web fuzzer written in Go. You can also practice your Ffuf scans against a live host with different lessons and use cases either locally by using the Docker container or against the live-hosted version. Provides virtual host discovery (without DNS records). In order to tell Ffuf about different inputs to test out, a wordlist is needed. You can supply one or more wordlists on the command line, and in case you wish (or are using multiple wordlists) you can choose a custom keyword for them. You can supply Ffuf with multiple wordlists (remember to configure a custom keyword for them though). The first word of the first wordlist is tested against all the words from the second wordlist before moving along to test the second word in the first wordlist against all the words in the second wordlist. In short, all of the different combinations are tried out. There are quite a few different ways to customize the request.Starting Price: Free -
24
CI Fuzz
Code Intelligence
CI Fuzz ensures robust and secure code with test coverage up to 100%. Use CI Fuzz from the command line or in the IDE of choice to generate thousands of test cases automatically. CI Fuzz analyzes code as it runs, just like a unit test, but with AI support to efficiently cover all paths through the code. Uncover real bugs in real-time and say goodbye to theoretical issues and false positives. Find real issues with all the information needed to quickly reproduce and fix them. Test your code with maximum code coverage and automatically detect typical security-relevant bugs like injections and remote code executions automatically in one go. Get fully covered to deliver the highest quality software. Conduct real-time code analysis with CI Fuzz. Take unit tests to the next level. It employs AI for comprehensive code path coverage and the automatic generation of thousands of test cases. Maximize pipeline performance that doesn't compromise software integrity.Starting Price: €30 per month -
25
beSTORM
Beyond Security (Fortra)
Discover code weaknesses and certify the security strength of any product without access to source code. Test any protocol or hardware with beSTORM, even those used in IoT, process control, CANbus compatible automotive and aerospace. Realtime fuzzing, doesn’t need access to the source code, no cases to download. One platform, one GUI to learn, with over 250+ prebuilt protocol testing modules and the ability to add custom and proprietary ones. Find the security weaknesses before deployment that are most often discovered by external actors after release. Certify vendor components and your own applications in your own testing center. Self-learning software module and propriety software testing. Customization and scalability for any business sizes up or down. Automatically generate and deliver near-infinite attack vectors and document any product failures. Record every pass/fail and hand engineering the exact command that produced each fail.Starting Price: $50,000.00/one-time -
26
Mayhem
ForAllSecure
Advanced fuzzing solution that combines guided fuzzing with symbolic execution, a patented technology from CMU. Mayhem is an advanced fuzz testing solution that dramatically reduces manual testing efforts with autonomous defect detection and validation. Deliver safe, secure, reliable software with less time, cost, and effort. Mayhem’s unique advantage is in its ability to acquire intelligence of its targets over time. As Mayhem’s knowledge grows, it deepens its analysis and maximizes its code coverage. All reported vulnerabilities are exploitable, confirmed risks. Mayhem guides remediation efforts with in-depth system level information, such as backtraces, memory logs, and register state, expediting issue diagnosis and fixes. Mayhem utilizes target feedback to custom generate test cases on the fly -- meaning no manual test case generation required. Mayhem offers access to all of its test cases to make regression testing effortless and continuous. -
27
Code Intelligence
Code Intelligence
Our platform uses various security techniques, including coverage-guided and feedback-based fuzz testing, to automatically generate millions of test cases that trigger hard-to-find bugs deep within your application. This white-box approach protects against edge cases and speeds up development. Advanced fuzzing engines generate inputs that maximize code coverage. Powerful bug detectors check for errors during code execution. Uncover true vulnerabilities only. Get the input and stack trace as proof, so you can reliably reproduce errors every time. AI white-box testing uses data from all previous test runs to continuously learn the inner-workings of your application, triggering security-critical bugs with increasingly high precision. -
28
Echidna
Crytic
Echidna is a Haskell program designed for fuzzing/property-based testing of Ethereum smart contracts. It uses sophisticated grammar-based fuzzing campaigns based on a contract ABI to falsify user-defined predicates or Solidity assertions. We designed Echidna with modularity in mind, so it can be easily extended to include new mutations or test specific contracts in specific cases. Generates inputs tailored to your actual code. Optional corpus collection, mutation and coverage guidance to find deeper bugs. Powered by Slither to extract useful information before the fuzzing campaign. Source code integration to identify which lines are covered after the fuzzing campaign. Interactive terminal UI, text-only or JSON output. Automatic test case minimization for quick triage. Seamless integration into the development workflow. Maximum gas usage reporting of the fuzzing campaign. Support for a complex contract initialization with Etheno and Truffle.Starting Price: Free -
29
BlackRidge Transport Access Control
BlackRidge
Security is an arms race. Innovation happens simultaneously on the attack and protects sides of the environment. By authenticating identity and implementing security policy at the earliest possible time, on the first packet of a network session setup, BlackRidge provides deterministic, scalable, and cost-effective cyber defense. BlackRidge Transport Access Control (TAC), using our patented First Packet Authentication™, provides a new level of cyber defense for network and cloud resources. TAC operates pre-session, in real-time, before other security defenses engage. TAC is address and topology independent, supporting NAT and automatically adjusting to changing network topologies. Cyber-attacks are stopped dead in their tracks by preventing unauthorized users and attackers from performing reconnaissance of network and cloud resources, and by denying them the ability to communicate anonymously. -
30
Fuzzbuzz
Fuzzbuzz
The Fuzzbuzz workflow is very similar to other CI/CD testing workflows. However, unlike other testing workflows, fuzz testing requires multiple jobs to run simultaneously, which results in a few extra steps. Fuzzbuzz is a fuzz testing platform. We make it trivial for developers to add fuzz tests to their code and run them in CI/CD, helping them catch critical bugs and vulnerabilities before they hit production. Fuzzbuzz completely integrates into your environment, following you from the terminal to CI/CD. Write a fuzz test in your environment and use your own IDE, terminal, or build tools. Push to CI/CD and Fuzzbuzz will automatically start running your fuzz tests against your latest code changes. Get notified when bugs are found through Slack, GitHub, or email. Catch regressions as new changes are automatically tested and compared to previous runs. Code is built and instrumented by Fuzzbuzz as soon as a change is detected.Starting Price: Free -
31
Black Duck
Black Duck
Black Duck, part of the Synopsys Software Integrity Group, is a leading provider of application security testing (AST) solutions. Their comprehensive portfolio includes tools for static analysis, software composition analysis (SCA), dynamic analysis, and interactive analysis, enabling organizations to identify and mitigate security vulnerabilities throughout the software development life cycle. By automating the discovery and management of open-source software, Black Duck ensures compliance with security and licensing standards. Their solutions are designed to help organizations build trust in their software by managing application security, quality, and compliance risks at the speed their business demands. Black Duck empowers businesses to innovate securely and deliver software with confidence. -
32
Solidity Fuzzing Boilerplate
patrickd
Solidity Fuzzing Boilerplate is a template repository intended to ease fuzzing components of Solidity projects, especially libraries. Write tests once and run them with both Echidna and Foundry's fuzzing. Fuzz components that use incompatible Solidity versions by deploying those into a Ganache instance via Etheno. Use HEVM's FFI cheat code to generate complex fuzzing inputs or to compare outputs with non-EVM executables while doing differential fuzzing. Publish your fuzzing experiments without worrying about licensing by extending the shell script to download specific files. Turn off FFI if you don't intend to make use of shell commands from your Solidity contracts. Note that FFI is slow and should only be used as a workaround. It can be useful for testing against things that are difficult to implement within Solidity and already exist in other languages. Before executing tests of a project that has FFI enabled, be sure to check what commands are actually being executed.Starting Price: Free -
33
Google OSS-Fuzz
Google
OSS-Fuzz offers continuous fuzzing for open source software. Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow, can have serious security implications. Google has found thousands of security vulnerabilities and stability bugs by deploying guided in-process fuzzing of Chrome components, and we now want to share that service with the open source community. OSS-Fuzz aims to make common open source software more secure and stable by combining modern fuzzing techniques with scalable, distributed execution. Projects that do not qualify for OSS-Fuzz can run their own instances of ClusterFuzz or ClusterFuzzLite. Currently, OSS-Fuzz supports C/C++, Rust, Go, Python, and Java/JVM code. Other languages supported by LLVM may work too. OSS-Fuzz supports fuzzing x86_64 and i386 builds.Starting Price: Free -
34
FuzzDB
FuzzDB
FuzzDB was created to increase the likelihood of finding application security vulnerabilities through dynamic application security testing. It's the first and most comprehensive open dictionary of fault injection patterns, predictable resource locations, and regex for matching server responses. FuzzDB contains comprehensive lists of attack payload primitives for fault injection testing. These patterns, categorized by the attack and where appropriate platform type, are known to cause issues like OS command injection, directory listings, directory traversals, source exposure, file upload bypass, authentication bypass, XSS, HTTP header crlf injections, SQL injection, NoSQL injection, and more. For example, FuzzDB catalogs 56 patterns that can potentially be interpreted as a null byte and contains lists of commonly used methods and name-value pairs that trigger debug modes.Starting Price: Free -
35
WebScanner
DefenseCode
DefenseCode WebScanner is a DAST (Dynamic Application Security Testing, BlackBox Testing) solution for comprehensive security audits of active web applications (websites). WebScanner will test a website’s security by carrying out a large number of attacks using the most advanced techniques, just as a real attacker would. DefenseCode WebScanner can be used regardless of the web application development platform. It can be used even when application source code is no longer available. WebScanner supports major web technologies such as HTML, HTML5, Web 2.0, AJAX/jQuery, JavaScript and Flash. It is designed to execute more than 5000 Common Vulnerabilities and Exposures tests for various web server and web technology vulnerabilities. WebScanner is capable of discovering more than 60 different vulnerability types (SQL Injection, Cross Site Scripting, Path Traversal, etc.), including OWASP Top 10. -
36
APIFuzzer
PyPI
APIFuzzer reads your API description and step-by-step fuzzes the fields to validate if your application can cope with the fuzzed parameters, and it does not require coding. Parse API definition from a local file or remote URL. JSON and YAML file format support. All HTTP methods are supported. Fuzzing of the request body, query string, path parameter, and request header is supported. Relies on random mutations and supports CI integration. Generate JUnit XML test report format. Send a request to an alternative URL. Support HTTP basic auth from the configuration. Save the report of the failed test in JSON format into the pre-configured folder.Starting Price: Free -
37
afl-unicorn
Battelle
afl-unicorn lets you fuzz any piece of binary that can be emulated by Unicorn Engine. If you can emulate the code you’re interested in using the Unicorn Engine, you can fuzz it with afl-unicorn. Unicorn Mode works by implementing the block-edge instrumentation that AFL’s QEMU mode normally does into Unicorn Engine. Basically, AFL will use block coverage information from any emulated code snippet to drive its input generation. The whole idea revolves around the proper construction of a Unicorn-based test harness. The Unicorn-based test harness loads the target code, sets up the initial state, and loads in data mutated by AFL from disk. The test harness then emulates the target binary code, and if it detects that a crash or error occurred it throws a signal. AFL will do all its normal stuff, but it’s actually fuzzing the emulated target binary code. Only tested on Ubuntu 16.04 LTS, but it should work smoothly with any OS capable of running both AFL and Unicorn.Starting Price: Free -
38
Prelude
Prelude
Organizations of all sizes can use our tools to run continuous security tests against their systems to discover areas of weakness to fix. We do this in a way that's safe, transparent, and integrated with existing defensive tools to allow organizations to get ahead of real incidents, before they happen. Organizations of all sizes use Prelude to continuously test their defensive systems. For enterprises with security teams, Operator Enterprise offers continuous testing infrastructure, team collaboration and the ability to personalize attacks and agents to your organization. Are you an IT professional? Join our upskilling program to become an IT Security Engineer - bringing advanced security to your organization.Starting Price: $50 per month -
39
Lumen Adaptive Threat Intelligence
Lumen Technologies
Adaptive Threat Intelligence helps security specialists quickly neutralize threats before they attack. Leveraging our global network visibility, we provide high-fidelity intelligence correlated to your IP addresses, combined with Rapid Threat Defense to proactively stop threats and simplify security. Automated validation technology developed and deployed by Black Lotus Labs tests newly discovered threats and validates the fidelity of our threat data, minimizing false positives. Rapid threat defense automated detection and response capabilities block threats based on your risk tolerance. Comprehensive virtual offering eliminates the need to deploy or integrate devices and data, and provides a single escalation point. Easy-to-use security portal, mobile app, API feed and customizable alerts that allow you to manage threat visualization and response with context-rich reports and historical views. -
40
Morphisec
Morphisec
Prevent unknown attacks that can't be predicted and inflict the most damage. Moving Target Defense applies across attack vectors and threat types — no need for indicators, no waiting for patches or updates. Morphisec drives down risk exposure and significantly lowers technology costs. Rethink your security model and improve your ROI by adding Morphisec. Morphisec's patented moving target defense technology is designed to provide end-to-end protection against the most damaging cyberattacks. With the power of moving target defense, attackers are unable to accurately identify the resources they need to leverage in order to evade your current defenses. This proactive cyber defense solution guards your critical systems with a lightweight, easy to install agent that doesn't require any updates to keep securing critical infrastructure. -
41
Validato
Validato
Validato allows IT and Security teams to test the effectiveness of security controls by simulating adversarial behaviors based on known threat scenarios. Validato provides unbiased data and finding on how effective security controls are at detecting and protecting against exploitation of MITRE ATT&CK Techniques. If you are looking to implement a Threat-Informed Defense approach to cyber defense, then Validato is an excellent choice for you.Starting Price: $10,000/year -
42
Cyber Forza
Cyber Forza
Eagle Zero Trust Core provides Integrated Cloud AI Infrastructure Cyber Defense Platform. Provides highly integrated, holistic visibility, interoperable. Integrated Cloud AI Remote Office Cyber Defense. Provides tightly integrated with Firewall, CASB, UEBA, DLP ( Network &End Point), VPN, Endpoint, EDR, and cloud monitoring. Integrated Cloud AI Endpoint Cyber Defense. The Eagle Zero Trust Endpoint Platform is flexible and extensible when it comes to meeting your endpoint security needs. Integrated Cloud AI Threat Management provides highly integrated, holistic visibility, interoperable, and less complex solution. Integrated Cloud AI Cyber Risk Management Platform. Vulcanor is a comprehensive enterprise grade cyber-risk predictive platform. It covers IT, OT, Business & Applications risks. Integrated Cloud AI Identity Access Management software that helps companies to manage and secure user authentication into applications, and for developers to build identity controls into applications. -
43
Defense Llama
Scale AI
Scale AI is proud to announce Defense Llama, the Large Language Model (LLM) built on Meta’s Llama 3 that is specifically customized and fine-tuned to support American national security missions. Defense Llama, available exclusively in controlled U.S. government environments within Scale Donovan, empowers our service members and national security professionals to apply the power of generative AI to their unique use cases, such as planning military or intelligence operations and understanding adversary vulnerabilities. Defense Llama was trained on a vast dataset, including military doctrine, international humanitarian law, and relevant policies designed to align with the Department of Defense (DoD) guidelines for armed conflict as well as the DoD’s Ethical Principles for Artificial Intelligence. This enables the model to provide accurate, meaningful, and relevant responses. Scale is proud to enable U.S. national security personnel to use generative AI safely and securely for defense. -
44
Forcepoint SimShield
Forcepoint
Secure data transfer for training and testing environments. Included on the U.S. NCDSMO Baseline for SABI environments (since 2009) with native support for DIS, HLA, TENA, RTP and MPEG2-TS, and meets NSA Raise the Bar and NIST guidelines. Evaluated by the High Performance Computing Modernization Program Office (HPCMPO) for connection to Defense Research & Engineering Network (DREN) and Secure Defense Research & Engineering Network (SDREN). SimShield enables fully automated, predictable, controlled, and audited two-way communication and sanitization of events across segmented, air-gapped security domains. Always have the latest features without additional cost, vs. Government-Off-The-Shelf (GOTS) solutions. Train multiple national agencies or coalition forces at the same time in a single, real-world environment. Sanitized information sharing for faster detection and correction of issues and errors during Research, Development, Test & Evaluation (RDT&E). -
45
AppSecure Security
AppSecure Security
Anticipate and prevent system attacks from the most sophisticated adversaries with AppSecure’s offensive security stance. Discover critical exploitable vulnerabilities and continuously patch them with our advanced security solutions. Continuously fortify your security posture and uncover concealed vulnerabilities from a hacker’s perspective. Evaluate the efficacy of your security team’s readiness posture, detection, and response measures to tenacious hacker attacks on your network’s susceptible pathways. Identify and redress the key security lapses with our balanced approach that tests your APIs in accordance with the OWASP paradigm, along with tailored test cases for preventing any recurrences. Pentest as a service offers continuous, expert-led security testing to identify and remediate vulnerabilities, enhancing your website’s defenses against evolving cyber threats and making it secure, compliant, and reliable. -
46
Tidal Cyber
Tidal Cyber
Tidal Cyber's revolutionary threat-informed defense platform empowers enterprises to efficiently assess, organize and optimize their cyber defenses based on a deep understanding of the threats and adversaries that are most relevant to them. Tidal enables enterprise organizations and the solution providers that protect them to define, measure, and improve their ability to defend against the adversary behaviors that are most important to them and their customers. The endless cycle of patching vulnerabilities can overwhelm any cybersecurity team, without truly increasing security. There's a better way: threat-informed defense. Using information about the tactics, techniques, and procedures adversaries use to achieve their objectives, organizations can optimize their defenses against the methods most likely to target them. -
47
Fidelis Elevate
Fidelis Security
Fidelis Elevate is an active Open XDR (Extended Detection and Response) platform that fortifies cyber security by automating defense operations across diverse network architectures. It extends security controls from traditional networks to the cloud and endpoints, making it the powerhouse of a cyber-resilient environment. Fidelis Elevate uses threat intelligence, analytics, machine learning, threat hunting, and deception technologies to gain insights into threats impacting user's environment. This process enables security teams to continually tune their defenses and neutralize threats before they cause damage to business operations. Centralizes cybersecurity intelligence for IT, IoT (Internet of Things), data centers, and cloud systems into a unified view, with full visibility and control, ensuring that customers detect post-breach attacks. -
48
Symantec Web Security Service
Broadcom
Cloud-delivered network security service enforces comprehensive internet security and data compliance policies, regardless of location or device. Increasing web use, rapid cloud adoption, and greater numbers of mobile and remote users are exposing your network to additional risk. Symantec Web Security Service (WSS) is an indispensable line of defense against modern day cyber threats. It provides secure web services, enables enterprises to control access, protects users from threats, and secures their sensitive data. Moving to the cloud introduces new security and compliance risks, but it also enables tremendous new defensive strategies. Cloud-delivered network security adds flexibility and boosts performance, while protecting users with consistent threat prevention and data compliance policies—wherever they go. -
49
Frontline.Cloud
Fortra
We are native to the cloud, and through the evolution of our technology and market demand, Digital Defense’s Frontline.Cloud platform continues to provide organizations with a robust, yet easy to deploy security solutions that can be trusted to deliver unparalleled results, while lifting the administrative burden associated with premise and hybrid solutions. As the creators of the original SaaS security platform – well before cloud security services became all the rage, and long before competitive companies saw the light – Digital Defense continues to set the standard for the delivery of SaaS solutions and services. The Frontline.Cloud security Software as a Service (SaaS) platform supports multiple systems including Frontline Vulnerability Manager™ (Frontline VM™), Frontline Pen Testing™ (Frontline Pen Test™), Frontline Web Application Scanning™ (Frontline WAS™) and a new offering, Frontline Active Sweep (Frontline ATS™). -
50
Razberi
Razberi
Razberi makes it simple to deploy, manage and cyber secure video surveillance systems and IoT devices. We provide video server appliances, combined with cybersecurity and health management software to enterprise customers. We save customers' install and maintenance costs and reduce the likelihood of a costly cyber breach. Razberi products are installed alongside 3rd party IP cameras and compatible Video Management Software (VMS) products in a simple plug-and-play format, making it easier for anyone to install a video surveillance solution. All-in-one Windows appliances, server, switching, storage. Connect to 3rd party IP cameras and IoT devices. Appliances for a wide range of deployment options. Monitor™ for on-premise visibility or via the cloud. CameraDefense™ to defend IP cameras against cyber attacks. ApplianceDefense™ to defend against attacks on appliances. Get started with a free demo of our simple, secure video surveillance and IoT solutions.
