Application Security Posture Management (ASPM) Tools Reviews and Ratings

I'm so happy we switched to Armorcode. It has been a game changer for our vulnerability management program. Before Armorcode, we had to have dedicated resources working full time just to manage our active findings. Now, we have reduced that need by 90% freeing up valuable resources to do more impactful work. The tool itself is feature rich and clearly being actively developed as new features become available all the time. On the rare case that I find functionality that isn't supported, Armorcode's support team has worked with us to deliver feature requests within a few sprints. The longer I have used the product, the more I enjoy working with it.

From selection to implementation, our Cycode reps were with us. We put the product through a long and strenuous formal set of POC and POV phases which were especially time consuming. We had 1st class treatment throughout and the product performed well above expectations. We were worried that post-procurement we would lose that level of customer support, but this was not the case at all and Cycode has been a top notch partner every step of the way now more than 6 months later.

Using Ivanti Neurons for ASOC is a journey that I believe will continue for as long as we can as a firm. This is due to the countless benefits we have gained ever since we started using it. It helped us evolve our application vulnerability management into a risk-based approach since it enables us to make swift informed decisions regarding where to direct the development to enhance our internal security and customer-facing applications. This is something that we have not achieved in a long time. It has also made possible immediate action prioritization based on threat risk as a way to measure risk and prioritize remediation in a process that involves the continuous correlation of our firms applications with threat intelligence, internal and external vulnerability data, manual pen-test and research-based results just to mention a few. Therefore, our decision making has been fully enhanced by use of this product and so far so good.

Dazz is an incomparable and invaluable ASPM tool. Dazz has allowed me (and my team) to analyze, organize, and prioritize vulnerabilities across multiple tools. The process for connecting various tools is simple and straightforward. The documentation for connections as well as features within Dazz is very helpful and detailed, but with the way Dazz is constructed and designed, I am almost always successful with navigating intuitively.

In an industry saturated with buzzwords like 'Unified Vulnerability Management' and ' Risk-Based Vulnerability Management', Phoenix focuses on understanding your unique needs and objectives. They collaborate closely with your team and offer valuable support to help you achieve your security goals. Furthermore, they take the time to educate you on innovative strategies, encouraging you to think beyond conventional vulnerability management practices. Phoenix doesn't just sell a product--they become a trusted partner in enhancing your security posture.

Kondukto has been a valuable addition to our application security toolkit, providing excellent capabilities in orchestrating and managing security vulnerabilities across various stages of the software development lifecycle (SDLC). The platform's integration with multiple security tools has significantly streamlined our vulnerability management processes, allowing us to maintain a more comprehensive view of our security posture. The user interface is intuitive, and the customizable dashboards provide the critical insights we need to act quickly. We have been particularly appreciative of the ever-expanding API which has enabled integration with various broader security processes. Although the platform's logging and documentation features are perhaps somewhat of a work in progress, these have not impacted its overall effectiveness, especially given support is always available when we need it and the continuous updates suggest ongoing improvements in these areas. Overall, Kondukto stands out as a highly advanced and powerful tool for application security management. The responsive customer support and consistent enhancements make it a strong choice for organizations looking to optimize their security.

My overall experience has been great! As an ASPM tool, Ox enables us to identify potential vulnerabilities early, triage them efficiently, and get them remediated quickly. With the help of Ox, we are able to more easily adopt the 'shift-left' methodology in our security testing, bringing critical security conversations to the early stages of the software development life cycle.

Apiiro sits at the centre of our AppSec program, providing context aware security visibility into our software engineering process. By highlighting key risks, we can focus on the most impactful areas, and do so without slowing down development teams. Integrations into a number of third party tools, coupled with Apiiro's native solutions make the platform an essential component of our security strategy now, and into the future.

Legit Security has helped us unify our organization's application security tooling across various SCM, CI/CD systems, and infrastructure. This has resulted in improved security consistency in detecting and remediating issues related to IaC misconfigurations, SCM security controls, user and token permissions, secrets, unsecure CI/CD plugins, package and image artifacts, and container misconfigurations

I had a great experience with the product. We were trying to understand what vulnerabilities our software had and Faraday was really useful for this.

The AppSoc ASPM solution focuses on A and machine-learning models when analyzing your codebase. This is the main selling point, as they are able to provide you with a prioritization system in the findings, allowing you to improve your team's efficiency by targeting "exploitable" bugs before going down the rabbit hole of more benign scanner findings. The platform is suitable for a DEV-SECOPS approach.

It's a good platform. I'm using it to discover problems in the code and its easy to use the interface. It displays interesting and pertinent points regarding security and poorly written code.

It's a pleasure working with the Boost team. We're in the process of rolling out their product to our entire engineering org. It works well, and it works better across time because of how skillfully the Boost team listens to and integrates our feedback.

In my experience it is a very powerful tool which helps in deep analytics of cloud applications and dependencies related to it. The discovery feature is an advantage and helps in saving time without any manual efforts. Its integration with DevOps helps in prioritising vulnerabilities based on risk, which helps to understand the risk involved. These are the best features of the tools which smooth and enhance the user experience.

Using the Nucleus Platform has significantly improved our risk management by automating processes and centralizing data, allowing us to respond more quickly to incidents and efficiently comply with regulations and laws.

Vulcan Cyber ExposureOS provides visibility of the Attack surface, helps identify threat landscapes and exposures, and prioritizes the defence system. It's an easy to use platform. It provides the visibility of all the assets which are under threat.

Arnica has provided me with a wealth of opportunities to learn and grow, honing my abilities to understand and respond to diverse queries

This product is a really seamless play and plug platform which provides our firm with instant value. This helped with side-by-side management of static and dynamic assets while indicating a breakdown of all AppSec efforts. It also helped with the elimination of AppSec silos through the assembly of of data from major security tools. It also provides us with the scope of the firm’s entire application inventory while at the same time automatically unifying and socializing the application risk data. I must state that this is one tool that I have never had second thoughts about purchasing.

I have found Sumeru to be a outstanding development partner. They have been critical to our success and we appreciate their efforts to help streamline our code devops with tools such as boman.ai

We are at an early stage of adoption of Rezilion platform for our products. Yet, Rezilion platform already brings a very rich set of capabilities concerning vulnerability management - from component discovery, over intelligent "noise" filtering, to automated workflows. Besides these sound concepts, Rezilion team demonstrated high interest on collaborative evolution of these and further capabilities as well as agility and fast delivery of improvements respecting agreed priorities.