Product Listings
Cymulate’s cybersecurity risk validation and exposure management solution provides security professionals with the tools to continuously challenge, validate, and optimize their on-premises and cloud security postures.
The platform offers end-to-end visualization across the MITRE ATT&CK framework, enabling a clear view of potential threats and vulnerabilities. With automated, expert, and threat intelligence-driven risk assessments, Cymulate is simple to deploy and accessible to organizations at any level of cybersecurity maturity.
In addition, it features an open framework that supports the automation of red and purple teaming exercises, allowing security teams to generate tailored penetration scenarios and advanced attack campaigns that align with their unique environments and security policies. By leveraging these capabilities, organizations can proactively identify and address security gaps, ensuring a stronger, more resilient cybersecurity posture.
Pentera specializes in Automated Security Validation. Its main objective is to enable organizations to effortlessly examine the robustness of all their cybersecurity frameworks, revealing real-time security vulnerabilities at any scale. Pentera's services are utilized by numerous security professionals and service providers globally to direct remediation processes and eliminate security loopholes before they are taken advantage of.
Picus Security is the pioneer of Breach and Attack Simulation (BAS). The Picus Complete Security Control Validation Platform is trusted by leading organizations worldwide to continuously validate the effectiveness of security controls against cyber-attacks and supply actionable mitigation insights to optimize them. Picus has offices in North America, Europe and APAC and is supported by a global network of channel and alliance partners. The company is dedicated to helping security professionals become more threat-centric and via its Purple Academy offers free online training to share the latest offensive and defensive cybersecurity strategies.
Vonahi Security’s vPenTest is a SaaS platform that automates and simplifies network penetration testing. It helps organizations see how real-world attacks could exploit their environments by simulating adversarial behavior and testing the strength of existing controls. vPenTest enables managed service providers and internal IT teams to run on-demand, continuous assessments without time-consuming manual work. It delivers clear insights into risk and exposure, helping teams improve prevention, detection and response. With an intuitive interface and automated testing, it supports frequent validation of security defenses at lower cost. vPenTest makes offensive security practical and affordable for businesses of all sizes, helping teams stay ahead of threats and strengthen their overall security posture.
Ridge Security provides an innovative solution for security testing through its product, RidgeBot, an Intelligent Penetration Testing Robot. RidgeBot utilizes advanced techniques to breach systems, similar to those used by hackers. When integrated into a system, RidgeBot seeks out, exploits and documents any vulnerabilities it uncovers. It operates within a predefined scope and can instantly adapt to highly complex structures. Ridge Security's offerings serve enterprise and web application teams, ISVs, government entities, educational institutions or any other party tasked with maintaining software security, allowing them to test their systems in an affordable and efficient manner.
Horizon3.ai is a fusion of former U.S. Special Operations cyber operators, startup engineers, and formerly frustrated cybersecurity practitioners. We're committed to helping solve our common security problems: ineffective security tools, false positives resulting in alert fatigue, blind spots, "checkbox” security culture, cybersecurity skills shortage, and the long lead time and expense of hiring outside consultants. Founded in 2019, Horizon3.ai is headquartered in San Francisco, CA.
BreachLock is a cyber security provider who offers Penetration Testing as a Service (PTaaS), Attack Surface Management (ASM), and Automated Penetration Testing and Red Teaming in one integrated platform. BreachLock seamlessly combines human-delivered, AI-powered, and automated solutions to accelerate vulnerability prioritization and remediation accuracy across your entire security ecosystem.
PTaaS for Security Control Validation: Identify and validate vulnerabilities across you internal and external attack surface for prioritization and remediation.
ASM for Risk Prioritization and Exposure Management: Prioritize exposed assets and associated vulnerabilities - known and unknown - across your entire attack surface, including Shadow IT and Dark Web exposures.
Automated Pentesting and Red Teaming for Attack Path Validation: Run real-world attacks and TTPs to evaluate your security readiness with automated penetration testing and Red Teaming as a Service (RTaaS).
AttackIQ focuses on the provision of breach and attack simulation products utilized for security control validation. The company emulates the tactics, techniques, and procedures of adversaries in line with the MITRE ATT&CK framework. Additionally, it offers insights into the performance of security systems through data-driven analysis and presents guidance for mitigation. The firm has designed a variety of products such as Enterprise, Ready!, and Flex to cater to diverse security testing needs. It provides assistance to organizations that are new to security testing and those who prefer a managed service or require help in conducting their own tests.
SafeBreach is a prominent entity in the field of breach-and-attack simulation (BAS). Its main focus lies in the execution of continuous security validation. By initiating regular attacks, the platform can highlight potential security gaps. In turn, these findings are used to provide an understanding of which areas require remediation. SafeBreach utilizes its Hacker’s Playbook™, a large database of attack data supported by thorough threat intelligence research. This allows the company to encourage a more proactive approach to security issues within organizations, using factual data as a basis for establishing effective security measures.
Rapid7, Inc. aims to create a safer digital world by simplifying and making cybersecurity simpler and more accessible. Rapid7 empowers security professionals worldwide to manage a modern attack surface through its technology, research, and broad, strategic expertise. Rapid7’s comprehensive security solutions help over 11,000 customers unite cloud risk management with threat detection and response to reduce attack surfaces and eliminate threats quickly and precisely.
PortSwigger is a company that specializes in developing software tools used for security testing of web applications. The company's primary focus lies in the web security industry, and it's known for the creation of the Burp Suite, a tool commonly utilized by professionals in this field. The company is based near Manchester, UK and has a steady team of Java and .NET developers who contribute to maintaining and advancing the capabilities of the tools developed by the company.
Edgescan is a comprehensive CTEM (Continuous Threat Exposure Monitoring) solution which combines five crucial cybersecurity solutions. External Attack Surface Management (EASM), Risk prioritized Vulnerability Management (VM), Application Security Testing (AST), API Security Testing, and Penetration Testing as a Service (PTaaS). Using a combination of cyber analytics and human validation, Edgescan delivers near false positive free vulnerablity and exposure intel. The accuracy of the solution helps identify critical issues to speed up remediation. Organizations can experience reduced operational complexity, faster remediation times, and lower operating costs. Edgescan's platform also prioritizes risk by delivering validated vulnerability data combining EPSS, CISA KEV and EXF (Edgescan eXposure Factor) to provide simple priortization of vulnerabilities. Edgescans CTEM solution helps orgs achieve visibility and discovery in real time improving accuracy and reducing cost.
XM Cyber is a continuous exposure management company that focuses on reducing risk by focusing on the fixes with the highest impact on risk. XM Cyber provides a transformative approach to exposure management by identifying potential vulnerabilities, identity exposures and misconfigurations in AWS, Azure, GCP, and on prem environments. Mapping all potential attack paths into an attack graph allows prioritizing exposure remediation based on its exploitability and impact on critical assets. The primary objective is to facilitate the most effective remediation of exposures with minimum effort. XM Cyber has expanded its operations to North America, EMEA, APJ, and LATAM.
AppCheck is a Dynamic Application Security Testing (DAST) solution, developed and supported by experienced penetration testers. We approach security testing as a hacker would, leveraging multiple proprietary crawling engines to analyse target behaviour across both modern and traditional technologies, including Single Page Applications (SPAs), APIs, and complex authentication flows such as SSO, 2FA, and TOTP. Organisations can conduct unlimited security assessments across web applications, APIs, cloud services, networks, and internal or external assets.
Supporting production and UAT testing, AppCheck also enables ‘shift left’ security by integrating with CI/CD pipelines and build servers, including ADO, GitHub, Jenkins, TeamCity, CircleCI, TravisCI, Bamboo, and GitLab CI/CD. Allowing automated security testing throughout development, identifying risks as soon as changes are introduced.
AppCheck is also a CVE Numbering Authority (CNA), contributing to global security research
Astra Pentest is comprehensive platform featuring an automated vulnerability scanner, manual pentest capabilities, and an all-purpose vulnerability management dashboard that helps you streamline every step of the pentest process - from detection and prioritizations of vulnerabilities to collaborative remediation. Our Pentest platform emulates hackers behavior to find critical vulnerabilities in your application Web App, Mobile App, SaaS, APIs, Cloud Infrastructure (AWS/Azure/GCP), Network Devices (Firewall, Router, Server, Switch, Printer, Camera, etc), Blockchain/Smart Contract, and more proactively.
NetSPI is a penetration testing company built to help enterprise Security, IT, and Business decision-makers to develop & manage their risk through its integrated platform. The NetSPI Platform combines the expertise of security professionals with AI and automation for modern penetration testing, along with attack surface & detective controls testing capabilities to continuously identify, prioritize, & remediate vulnerabilities at scale. With 350+ in-house security experts, NetSPI has completed 21K+ engagements, tested 4M+ assets, and reported 1.5M+ vulnerabilities.
The NetSPI Platform simplifies pentest scoping, delivers real-time high-fidelity findings, and accelerates remediation with advanced dashboards, integrations, and attack path visualizations. By reducing false positives, alert fatigue, and manual effort, NetSPI empowers security and IT leaders to streamline compliance, enhance security posture, and stay ahead of evolving threats with reduced risk and improved resilience.
Founded more than 20 years ago in Sunnyvale, California, Fortinet continues to be a driving force in the evolution of cybersecurity and the convergence of networking and security. Securing people, devices, and data everywhere is our mission. To that end, our portfolio of over 50 enterprise-grade products is the largest integrated offering available, delivering proven cybersecurity everywhere you need it. More than 680,000 customers trust Fortinet solutions, which are among the most deployed, most patented, and most validated in the industry.
Keysight Technologies empowers innovators to bring world-changing technologies to life. As an S&P 500 company, Keysight is delivering design, emulation, and test solutions to help engineers develop and deploy faster, with less risk, throughout the entire product lifecycle. Keysight is a global innovation partner enabling customers in communications, industrial automation, aerospace and defense, automotive, semiconductor, and general electronics markets to accelerate innovation to connect and secure the world.
Keysight offers Visibility, Security, and Testing solutions to enhance both physical and virtual network elements for enterprises, governments, service providers, and network equipment manufacturers. Keysight Visibility & Security Solutions assist organizations in improving their network monitoring insights and security posture and enables organizations to assess network security and resilience by validating devices and defenses through real-world application and attack traffic.
Pentest-Tools.com helps security professionals find, validate, and communicate vulnerabilities faster and with greater confidence - whether they’re internal teams defending at scale, MSPs juggling clients, or consultants under pressure.
With comprehensive coverage across network, web, API, and cloud assets, and built-in exploit validation, it turns every scan into credible, actionable insight.
Trusted by over 2,000 teams in 119 countries and used in more than 6 million scans annually, it delivers speed, clarity, and control - without bloated stacks or rigid workflows.
Strobes is a cybersecurity platform designed for end-to-end continuous threat exposure management. This ensures that organizations are equipped with cutting-edge tools and methodologies to address evolving cyber threats. Our integrated solutions deliver unmatched visibility, control, and scalability for your protection. Strobes help you discover assets, perform vulnerability scans, conduct pen tests, and meet compliance requirements faster than ever before.