Black Duck is present in 6 markets with 15 products. Black Duck has 500 reviews with an overall average rating of 4.4.
API Protection
Gartner defines API protection products as a category of specialized stand-alone security products focusing on protecting APIs from exploits, abuse and access violations, and assisting in remediating API exposures. These products offer features such as API discovery, API security testing, API posture management and runtime protection utilizing behavioral analysis. They should provide coverage for the internal- and external-facing APIs, and third-party APIs that organizations may consume. API protection products are delivered as cloud-based and on-premises solutions. Deployment can be offered in-line by intercepting ingress/egress API calls or out-of-band by deploying agents on application workloads and/or scanning code repositories.
Black Duck has 1 product in API Protection market
Application Security Testing
Gartner defines the application security testing (AST) market as consisting of providers of products that enable organizations to assess applications for the presence and management of risk. These products identify risk by evaluating source code, performing runtime tests and inspecting supply chain components. AST products can be integrated throughout development workflows for continuous assessment or be used to perform ad hoc evaluations. They enable organizations to manage application risks by providing an integrated set of capabilities for risk identification, prioritization and triage, policy evaluation and enforcement, and remediation assistance. Market offerings are available in on-premises, SaaS and hybrid delivery models. Organizations leverage AST products to assess applications for the presence of security vulnerabilities and other risks (e.g., legal and operational) throughout their life cycle. These assessments are used to measure and manage the risks within individual applications, application components or groups of applications in the context of their business criticality and other key attributes (e.g., environment, sensitive data handling, etc.). AST products further enable organizations to evaluate software for compliance with internal policies as well as regulatory requirements established by governments or authoritative industry groups.
Black Duck has 7 products in Application Security Testing market
- 5 more products
IT Security
IT Security refers to products and services that protect digital systems and data from cyber threats and unauthorized access. This category includes markets that focus on network security, identity management, data protection, and cloud security, enabling organizations to reduce risk, ensure compliance, and operate securely in a digital world.
Black Duck has 3 products in IT Security market
- 1 more product
Mobile Application Security Testing
The mobile AST market is composed of buyers and sellers of products and services that analyze and identify vulnerabilities in applications used with mobile platforms (iOS, Android and Windows 10 Mobile) during or post development. Many variations and flavors of techniques exist, but fundamentally mobile AST solutions test applications in three main ways: (1) SAST: These solutions statically analyze the source, binary or bytecode of an application to identify vulnerabilities. (2) Behavioral testing: Mobile AST solutions use behavioral analysis to observe the behavior of the app during runtime and identify actions that could be exploited by an attacker. (3) DAST: These solutions also use dynamic analysis to test the app in its runtime state. DAST simulates attacks against an application and analyzes the application's reactions, determining whether it is vulnerable.
Black Duck has 1 product in Mobile Application Security Testing market
Secure Code Training Tools
Secure Code Training Tools are designed to educate developers on best practices and techniques for writing secure code, helping to prevent vulnerabilities in software. They provide interactive lessons, coding challenges, and real-world scenarios focused on security best practices, common vulnerabilities, and their mitigation strategies. Developers are trained in secure code practices for comprehensive coding languages using different methods like optimized content, gamified lessons, videos, workshops, challenges, and expert assessments. Through engaging learning experiences and direct application of security principles, developers are better equipped to address and mitigate security risks in their coding projects. They also offer role-specific educational content and programming-specific information for developers. By integrating security best practices into every phase of the Software Development Life Cycle (SDLC), these tools help ensure that software is built with security considerations from the ground up.
Black Duck has 1 product in Secure Code Training Tools market
Software Supply Chain Security
Gartner defines software supply chain security (SSCS) tools as those that enable the building of secure software by protecting against compromises during development and delivery. These protections extend to source code, developer identities, development tools, delivery pipelines, and postdeployment patches. SSCS tools reduce third-party risks through policy-based curation of dependencies, software composition analysis (SCA) and software bill of materials (SBOM) inspection. They ensure artifact provenance and traceability with signing and verification as they pass through development and delivery pipelines. SSCS tools support SaaS and hybrid deployment models, and complement DevOps platforms in improving the organization’s DevSecOps maturity.
Black Duck has 2 products in Software Supply Chain Security market