AI in Security and Network Testing - GregLinthicum/From-Logistic-Regression-to-Long-short-term-memory-RNN GitHub Wiki

SAST (Static Application Security Testing)

Nessus - Jenkins, GitLab CI, CircleCI, Harness, Tenable Web App Scanning
Snyk - Jenkins, GitHub Actions, GitLab CI/CD, CircleCI, Azure Pipelines, Bitbucket Pipelines (AI)
Raven - GitHub Actions
QualysGuard - Jenkins, GitLab CI, Bamboo, Azure DevOps, Bitbucket Pipelines
Nexpose - Jenkins, GitLab CI, Bamboo, Azure DevOps

Checkmarks - IDEs: IntelliJ IDEA, Eclipse, and Visual Studio (AI)
SonarQube - IDEs: Visual Studio, Eclipse, and IntelliJ IDEA
Fortify Static Code Analyzer - IDEs: Eclipse and Visual Studio
Veracode - IDEs: VS, VSC, Eclipse, InteliJ IDEA; repos: Bitbucket, GitLab, GitHub, Azure Repos (AI)
Coverity - IDEs: IntelliJ IDEA, Eclipse, and Visual Studio, NetBins, Android Studio; Jenkins, Azure DevOps, GitLab CI, Bamboo; full repo scans:Subversion(SVN), Bitbucket, GitLab, GitHub
Klocwork - IDEs: Eclipse and Visual Studio

Acunetix - Known for its comprehensive scanning capabilities and ease of use. (AI)
Netsparker - Offers automated security testing with proof-based scanning. (AI)
Veracode - Provides a wide range of security testing services, including DAST. (AI)
IBM AppScan - A robust tool with extensive reporting and integration options.
Rapid7 AppSpider - Focuses on dynamic application security testing with detailed vulnerability reports.
Micro Focus Fortify WebInspect - Known for its deep scanning capabilities and integration with other security tools.

OWASP ZAP (Zed Attack Proxy) - One of the most popular open source DAST tools, maintained by the OWASP community.
Arachni - A feature-rich, modular web application security scanner.
Wapiti - A command-line tool that performs black-box scans to detect vulnerabilities.
Nikto - A web server scanner that checks for various vulnerabilities.
Vega - An open source web security scanner and testing platform.
Skipfish - A web application security reconnaissance tool.

Fortify on Demand by OpenText - A cloud-based solution that offers extensive security testing, including IAST.
Invicti - Combines DAST and IAST for enhanced vulnerability detection and reduced false positives
HCL AppScan - Known for its comprehensive security testing capabilities, including IAST, Eclipse and Visual Studio.
Synopsys Seeker - Offers deep code analysis and real-time feedback on security vulnerabilities, Eclipse and IntelliJ.
Contrast Assess - Provides real-time vulnerability detection and integrates seamlessly with CI/CD pipelines, Eclipse and IntelliJ.

OWASP ZAP (Zed Attack Proxy):A widely-used open source DAST tool that helps find security vulnerabilities in web applications during development and testing. (AI)
OWASP Dependency-Check: A software composition analysis tool that identifies project dependencies and checks if there are any known, publicly disclosed vulnerabilities.
OWASP Dependency-Track: A tool that allows organizations to identify and reduce risk in the software supply chain by tracking dependencies and their associated vulnerabilities.
OWASP SonarQube Plugin: Integrates with SonarQube to provide static analysis for security vulnerabilities, leveraging OWASP rules.
OWASP Security Knowledge Framework (SKF): An open source web application that helps developers learn and integrate secure coding practices into their projects.
OWASP ESAPI (Enterprise Security API): A library of security controls that help developers build secure applications by providing a set of APIs for common security tasks.
OWASP DefectDojo: An open source application vulnerability management tool that helps manage security findings and streamline the remediation process.