Security testing tools are typically built around a particular platform and/or technology. There is little open source pressure for security testing, so these are usually expensive, specialized tools that include heavy services. Here are the top security testing tools to consider:
HP Fortify On Demand
Provides application security as a service with a single platform to view and manage security risk, develop security testing schedules and run remediation projects. Fortify on Demand runs automated tests with a full audit of results and includes support for the SAST, DAST and IAST spaces (due to addition of the legacy WebInspect tool) as well as limited support for MAST.
Strongest set of combined offerings with full support across languages
Includes RASP support
What you really need to know: HP is undoubtedly the largest player in the security space, with tools for SAST, DAST, IAST and MAST. For more information: To learn more, visit the HP Fortify website. Reviews: Visit ITCentralStation.com for a list of reviews. Pricing: Plans start at $2000 per application with 4 pricing tiers. Request pricing here.
Veracode offers tools for SAST, DAST, IAST and MAST. Its binary static analysis is built toward Agile, while its DAST and IAST tools offer true cloud hosting and web perimeter monitoring. Additionally, almost all of its offerings are targeted to mobile.
Strongest player for cloud and mobile technologies
Integrates with numerous bug tracking and QA tools, such as TFS
Includes RASP support
What you really need to know: Veracode is the largest player in the security space without its own testing and SDLC tools. For more information: Learn more at Veracode.com. Reviews: Head over to Gartner.com to read reviews for Veracode.
IBM Application Security APPScan
Offers a single console for testing, reporting and policies and automates the correlation of static, dynamic and interactive security testing. IBM’s AppScan static testing tool is well known in the security space, although its DAST tools rely on third party solutions and its IAST tools only work with .Net and Java.
Strong in SAST
Includes a complete suite of offerings
What you really need to know: IBM competes with HP as a similar full service offering, with some focus on downstream security tools like SIEM. For more information: Head over to IBMs website to learn more. Reviews: Visit ITCentralStation.com or Gartner.com for reviews. Pricing: Plans start at $10,700 per install. Request pricing here.