Cyber Security Application Security Products

Go To Services

“Winmill can help you to select the products that best suit your environment and your budget.”

Though most application security solutions are similar, and the ultimate goal is the same, each solution has critical differences in capabilities, supported platforms, and pricing. Does your technology cover web services and APIs? Does it support mobile apps? Is the latest version of Javascript supported by your current solution? Would licensing by application or by user better align with your requirements? Winmill can help you to select the products that best suit your environment and your budget.

We are constantly evaluating new products. If you are interested in a product that isn’t listed below, contact us to find out if our App Sec Team is supporting your preferred technology.

"I have not had a bad recommendation from them."

Winmill Client Survey

Static Application Security Testing (SAST)

Static application security testing (SAST) is a set of technologies designed to analyze application source code, byte code and binaries for coding and design conditions that are indicative of security vulnerabilities. SAST enables development teams and engineers to assess applications in non-runtime environment and is commonly referred to as “white box” testing. This method of security testing can detect flaws in the software’s inputs and outputs that cannot be seen through dynamic web scanning alone.

Products

Checkmarx CxSAST
Veracode Static Analysis
MicroFocus Fortify SCA

Dynamic Application Security Testing (DAST)

DAST is also known as “black box” testing because it is performed without the ability to look into the internal source code or application architecture. DAST essentially uses the same techniques that an attacker would use to find potential weaknesses. A dynamic test can look for a broad range of vulnerabilities, including input/output validation issues that could leave an application vulnerable to cross-site scripting or SQL injection, in addition to a wide variety of configuration mistakes, errors and other specific problems with applications.

Products

Acunetix
Veracode Dynamic Analysis
MicroFocus Fortify WebInspect (and MicroFocus FOD Dynamic)
Rapid7 Insight AppSec
Invicti

Interactive Application Security Testing (IAST)

IAST is the emerging technology which is rapidly transforming application security testing. IAST enables a fully automatic process that identifies code and configuration vulnerabilities that have emerged during development. IAST technology works by hooking into the application and analyzing it – from within – as it runs. IAST monitors code execution in memory and seeks out specific events such as database queries, file system access, web service calls, input validations, and more. These events are analyzed to see how they may lead to vulnerabilities.

Products

Contrast Security Assess
Checkmarx CxIAST
Acunetix AcuSensor
Invicti Shark

Software Composition Analysis (SCA)

Software Composition Analysis (a.k.a. Open Source Analysis) technologies are used to identify open source security risks and vulnerabilities of third-party components. SCA solutions assess the open-source libraries used in your applications, complete with versions, licenses, and vulnerabilities present.

Products

Veracode SCA
Checkmarx CxOSA

Run-time Application Self Protection (RASP)

Runtime application self-protection (RASP) technology identifies and blocks application security threats in real time. By adding detection and protection features to the application runtime environment, RASP enables applications to “self-protect”, implementing continuous security analysis, with the system responding immediately to any recognized attacks. This context-aware capability also enables RASP to be deployed with minimal up-front tuning or ongoing maintenance. Runtime Application Self-Protection provides instant visibility into real application attacks and can prevent exploits from reaching a live application environment. RASP typically uses instrumentation to automatically and accurately weave visibility and protection directly into applications, without requiring any application changes. The result: applications can defend themselves against attacks in real-time.

Products

Contrast Protect
MicroFocus App Defender

Vulnerability Management

Vulnerability management is the practice of identifying, classifying, remediating, and mitigating software vulnerabilities. Utilizing SAST, DAST, and IAST solutions is critical, but what do you do with the results? How do you combine results from multiple tools, eliminate duplicates, prioritize and assign, and confirm remediation without doubling the number of Jira tickets?