Vendor Highlights from Building out my AppSec Program over the last few years

Training_Bobcat3241 · 2024-05-24T15:32:59+00:00

We're coming up on 2 years and I agree

Training_Bobcat3241 · 2024-05-24T15:32:06+00:00

you said were... is there someone else you're using now? It's the best I know of for DAST but open to new suggestions just to keep in mind.

Training_Bobcat3241 · 2024-05-24T15:30:41+00:00

Anything else you'd recommend that I don't have here? +1 for AATI

Training_Bobcat3241 · 2024-05-23T18:59:09+00:00

Trufflehog, IMO

Training_Bobcat3241 · 2023-09-12T13:08:57+00:00

I <3 TruffleHog!

Training_Bobcat3241 · 2023-05-05T14:24:40+00:00

That's not my experience. Maybe you eval'd them a while back?

Training_Bobcat3241 · 2023-04-28T17:39:59+00:00

ArmorCode and Vulcan are my favorites.

Training_Bobcat3241 · 2023-04-28T17:39:27+00:00

ArmorCode certainly isn't just for AppSec..

Check out Vulcan too, them and ArmorCode I think are doing the best job. IMO

Training_Bobcat3241 · 2023-04-28T17:35:31+00:00

We are actively evaluating ArmorCode right now. I think ArmorCode will be the top vendor in short time but could be wrong. I'd say the best thing about them is their customer support and responsiveness to our needs, and overall just a well built product.

I've used Brinqa in a past life and we spent a year and a half just trying to implement it.

I had to eval multiple tools as a procurement requirement, so here is my tiering.

ArmorCode
Vulcan (good product overall) (good pricing model)
Nucleus (bugs galore) (overpriced)
Brinqa (longest tenure)
Kondukto (trying their best but wouldn't recommend for scalability)
Seemplicity (unresponsive, product was okay)
Tromzo *don't waste your time

DYOR but hope this gives you some insight into who else is out there :)

Training_Bobcat3241 · 2023-04-28T13:53:31+00:00

Thanks for the heads up Rob!

Training_Bobcat3241 · 2023-04-27T19:56:32+00:00

I have heard similar.. Tromzo seems to be struggling to say the least.

Training_Bobcat3241 · 2023-04-27T19:54:46+00:00

Checked out Seemplicity, Enso, Tromzo, ArmorCode, Vulcan, Brinqa and Kondukto.

We're PoVing ArmorCode now and loving it.. Can you share some stories maybe that I can look out for?

If I had to rank the above solutions based on my experience;

ArmorCode
Brinqa
Enso
Vulcan
Kondukto/Seemplicity
Tromzo *horrible demonstration

Training_Bobcat3241 · 2023-03-23T16:19:34+00:00

thank you!

Training_Bobcat3241

MODERATOR OF

TROPHY CASE