Our Vendors

All Penetration Testing Application Pen Testers PCI / HIPAA / FFIEC / GLBA Security Consultations Social Engineering Managed Security Services Application Security Testing Tools Vulnerability Scanning Tools Web Application Firewalls Cyber Insurance


RedHawk Security
https://www.redhawksecurity.com/

Services: Penetration Testing, PCI / HIPAA / FFIEC / GLBA,

Summary:

A holistic provider of security services in the Pacific Northwest.

Rapid7
https://www.rapid7.com

Services: Penetration Testing, Application Security Testing Tools,

Summary:

Rapid7 uses the DREAD methodology to provide a prioritized list of issues, based on the damage potential, reproducibility, exploitability, number of affected users, and discoverability of each finding.  You'll receive a detailed description and proof of concept for each finding, as well as an actionable remediation plan.

Black Hills Information Security
https://www.blackhillsinfosec.com

Services: Penetration Testing,

Summary:

BHIS does security testing and penetration testing for hundreds of companies annually, including a vast majority of Fortune 50 companies, DOD and civilian government agencies, financial institutions, healthcare, and high tech e-commerce organizations.  We have also trained over 10,000 security professionals in understanding hacker techniques, exploits and incident handling.  BHIS does not just provide outstanding deliverables in penetration testing, active defense and hunt teaming engagements, we also ensure that our customers understand our processes. Training is at the core of what we do, so knowledge transfer, from our team to yours, is one of our key differentiators.

NTTSecurity
https://www.solutionary.com/

Services: PCI / HIPAA / FFIEC / GLBA,

Summary:

NTT Security services help financial institutions to cost-effectively comply with financial industry requirements. NTT Security services support GLBA, FFIEC, FDIC IT-RMP and NCUA.

Dell SecureWorks
http://www.secureworks.com/enterprise/managed.html

Services: Managed Security Services,

Summary:

Entrust your security to the experts who protect thousands of organizations, from small and medium businesses to the Global 500.  With Dell™ SecureWorks® information security services, you gain a true security partner to help protect your IT assets, comply with regulations and reduce costs — without having to build your internal security expertise from scratch.

Veracode
http://www.veracode.com

Services: Application Security Testing Tools,

Summary:

Provides product lines for Static and runtime analysis.

IBM (AppScan)
http://www-03.ibm.com/software/products/en/appscan

Services: Application Security Testing Tools, Vulnerability Scanning Tools,

Summary:

Provides dynamic and static code analysis.

WhiteHat Security
https://www.whitehatsec.com/

Services: Application Security Testing Tools,

Summary:

Provides products for both Static and Dynamic code analysis.

Coverity
http://www.coverity.com/

Services: Application Security Testing Tools,

Summary:

Static and Runtime Code Analysis.

Burp Suite PortSwigger
https://portswigger.net/burp/

Services: Application Security Testing Tools,

Summary:

Dynamic code analysis.

SiteLock
https://www.sitelock.com/products

Services: Application Security Testing Tools,

Summary:

TrueCode Static Application Security Testing (SAST) is SiteLock's deepest source code analysis. Also known as "white-box" testing, TrueCode finds common vulnerabilities by analyzing 100% of the source code of your applications without actually executing them.

Trend Micro MARS
https://mars.trendmicro.com/

Services: Application Security Testing Tools,

Summary:

App store owners all over the world can upload their apps to Trend Micro Mobile App Reputation Service for security scanning and resource consumption evaluation.

Rogue Wave Software
https://www.roguewave.com/products-services/services/application-security-audits

Services: Penetration Testing,

Summary:

Our audits follow a comprehensive methodology developed over years of experience in analyzing web, PHP, Java, and C/C++ environments with a focus on identifying vulnerabilities in application’s custom code. The audit delivers a detailed evaluation of your code for vulnerabilities, non-secure programming practices, and protection against a wide spectrum of known attack techniques. It consists of automated and manual penetration tests, attack-prone code pattern identification, and application transaction flow review.

Acunetix
http://www.acunetix.com/

Services: Application Security Testing Tools, Vulnerability Scanning Tools,

Summary:

Acunetix tests for SQL Injection, XSS, XXE, SSRF, Host Header Injection and over 3000 other web vulnerabilities. It has the most advanced scanning techniques generating the least false positives possible. Inbuilt vulnerability management helps you prioritize and manage vulnerability resolution.

Trustwave
https://www.trustwave.com/Products/Application-Security/App-Scanner-Family/App-Scanner-Enterprise/

Services: Application Security Testing Tools, Vulnerability Scanning Tools,

Summary:

Protect all of your web applications with comprehensive vulnerability testing from Trustwave App Scanner Enterprise software.  App Scanner Enterprise lets you test as many applications as you would like for one fixed fee.  Patented, behavior-based scanning technology (Cenzic Hailstorm engine) provides the most accurate vulnerability detection results for fast, efficient remediation.

BeyondSecurity AVDS
https://www.scanmyserver.com/

Services: Application Security Testing Tools,

Summary:

Get a detailed security report on your website and server. Test for malware, SQL injection, XSS and other vulnerabilities

N-Stalker
http://www.nstalker.com/

Services: Application Security Testing Tools,

Summary:

WebApp Security Scanner to search for vulnerabilites such as SQL injection, XSS and known attacks.  Ideal for web server or application security.

CIRT Nikto
https://cirt.net/nikto2

Services: Application Security Testing Tools,

Summary:

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

Qualys
http://www.qualys.com

Services: Application Security Testing Tools, Vulnerability Scanning Tools,

Summary:

Cloud solution for continuous web app discovery and detection of vulnerabilities and misconfigurations. 

TripWire WebApp 360
http://www.tripwire.com/it-security-software/enterprise-vulnerability-management/web-application-vulnerability-scanning/

Services: Application Security Testing Tools,

Summary:

Protect against cyberattacks and data breaches with integrated security controls that discover assets, harden configurations, identify vulnerabilities and detect threats.

HP WebInspect
https://saas.hpe.com/de-de/software/webinspect

Services: Application Security Testing Tools,

Summary:

Automated dynamic application security testing (DAST) and interactive application security testing (IAST) technologies that mimics real-world hacking techniques and attacks, provides comprehensive dynamic analysis of complex web applications and services, and crawls more of the attack surface to exposes exploits.

W3AF
http://w3af.org/

Services: Application Security Testing Tools,

Summary:

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.  Our framework is proudly developed using Python to be easy to use and extend, and licensed under GPLv2.0.

OWASP ZED
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

Services: Application Security Testing Tools,

Summary:

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.

OWASP Xenotix XSS Exploit Framework
https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework

Services: Application Security Testing Tools,

Summary:

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. Xenotix provides Low False Positive XSS Detection by performing the Scan within the browser engines where in real world, payloads get reflected. Xenotix Scanner Module is incorporated with 3 intelligent fuzzers to reduce the scan time and produce better results. If you really don't like the tool logic, then leverage the power of Xenotix API to make the tool work like you wanted it to be. It is claimed to have the world’s 2nd largest XSS Payloads of about 4800+ distinctive XSS

F5 Networks
https://f5.com/products/big-ip/application-security-manager-asm

Services: Web Application Firewalls,

Summary:

BIG-IP Application Security Manager (ASM) enables you to defeat sophisticated, complex threats with 99.89% overall security effectiveness. At the same time, it improves app performance by offloading SSL and preventing malicious content from being cached.

Akamai Kona WAF
https://www.akamai.com/us/en/resources/waf.jsp

Services: Web Application Firewalls,

Summary:

Globally-distributed across the Akamai Intelligent Platform™, Kona WAF can easily scale to defend against massive application attacks. Deployed at the edge of your network rather than in a data center, Kona WAF can identify and mitigate suspicious traffic without affecting performance or availability of the origin server. Security rules for Kona WAF are continuously refined by Akamai’s Threat Intelligence Team to protect against known attacks and respond to emerging threats.

Imperva SecureSphere WAF
https://www.imperva.com/Products/WebApplicationFirewall-WAF

Services: Web Application Firewalls,

Summary:

Imperva SecureSphere Web Application Firewall (WAF) analyzes all user access to your business-critical web applications and protects your applications and data from cyber attacks. SecureSphere WAF dynamically learns your applications’ “normal” behavior and correlates this with the threat intelligence crowd-sourced from around the world and updated in real time to deliver superior protection.

FORTINET FortiWeb WAF
https://www.fortinet.com/products/web-application-firewall/fortiweb.html

Services: Web Application Firewalls,

Summary:

Web Application Security Service from FortiGuard Labs uses information based on the latest application vulnerabilities, bots, suspicious URL and data patterns, and specialized heuristic detection engines to keep your applications safe.

Citrix NetScaler AppFirewall
https://www.citrix.com/products/netscaler-appfirewall/

Services: Web Application Firewalls,

Summary:

NetScaler AppFirewall protects web applications and sites from both known and unknown attacks, including all application-layer and zero-day threats.

Cloudfare WAF
https://www.cloudflare.com/waf/

Services: Web Application Firewalls,

Summary:

Cloudflare’s web application firewall (WAF) protects your Internet property from common vulnerabilities like SQL injection attacks, cross-site scripting, and cross-site forgery requests with no changes to your existing infrastructure.

Barracuda WAF
https://www.barracuda.com/products/webapplicationfirewall

Services: Web Application Firewalls,

Summary:

The Barracuda Web Application Firewall provides comprehensive, reverse-proxy-based protection for applications deployed in physical, virtual, or public cloud environments data centers. In addition to applications hosted on-premises, Barracuda Web Application Firewall can natively scale and migrate with applications deployed in public cloud platforms like Amazon Web Services (AWS) and Microsoft Azure.

Radware WAF
https://www.radware.com/products/cloud-waf-service/

Services: Web Application Firewalls,

Summary:

Radware’s Cloud WAF Service provides enterprise-grade, continuously adaptive web application security protection. Based on Radware’s ICSA Labs certified, market-leading web application firewall, it provides full coverage of OWASP Top-10 threats and automatically adapts protections to evolving threats and protected assets.

DenyAll WAF
https://www.denyall.com/products/web-application-firewall/

Services: Web Application Firewalls,

Summary:

DenyAll uses negative and postive security models, along with in-context and user behavior analysis.

Amazon WAF
https://aws.amazon.com/waf/

Services: Web Application Firewalls,

Summary:

AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application.

AIG
https://www.aig.com/business/insurance/cyber-insurance

Services: Cyber Insurance,

Summary:

Insures against cyber extortion, business interruption, data risk, and more.

Chubb
https://www2.chubb.com/us-en/business-insurance/cyber-products.aspx

Services: Cyber Insurance,

Summary:

Provide a variety of cyber and business insurance solutions.

XL Catlin
http://xlcatlin.com/insurance/insurance-coverage/professional-insurance/cyber-and-technology

Services: Cyber Insurance,

Summary:

XL Catlin’s cyber and technology insurance policy comes with expanded coverage and even broader terms to protect against today’s emerging risks. We offer coverage for data protection risks, both for the third-party claims and first-party mitigation costs following a technology or cyber event.

AXIS PRO® Insurance
http://www.axiscapital.com/en-us/insurance/us/professional-lines/axis-pro

Services: Cyber Insurance,

Summary:

AXIS PRO® is a leader in providing Media, Entertainment, Technology, Network Security & Privacy and Miscellaneous Professional Liability coverage. We provide innovative solutions, exceptional service and responsive claims handling for all sizes of risk on an admitted and non-admitted basis.

Beazley
https://www.beazley.com/usa/specialty_lines/professional_liability/technology_media_and_business_services/beazley_breach_response.html

Services: Cyber Insurance,

Summary:

Information security and data breach insurance.

Travelers
https://www.travelers.com/cyber-insurance

Services: Cyber Insurance,

Summary:

Offers a variety of cyber coverages.

CNA
https://www.cna.com

Services: Cyber Insurance,

Summary:

Cyber Insurance provider.

Allied World Insurance
https://www.alliedworldinsurance.com/usa-professional-liability-cyber-liability

Services: Cyber Insurance,

Summary:

Offers end-to-end solutions: comprehensive and flexible insurance coverage options, proactive risk management support that helps mitigate risk, and should a privacy breach occur, turnkey data breach response services from top industry vendors.

Tenable
http://www.tenable.com/

Services: Vulnerability Scanning Tools,

Summary:

One of the leading vulnerability scanning solutions, with several sales offerings to meet different business needs.


Follow Us
Newsletter

Newsletter: Receive the latest updates via weekly email!