The 36 tools that SaaS can use to keep their product and data safe from malicious hackers (manual research)

Hey everyone,

I’ve compiled a list of the top cybersecurity tools that SaaS apps can use. This took me around 5 hours. I’ve organized them under different categories, and highlighted the free and open-source tools.

I hope this is useful for you. Feel free to add any others you like in the comments.

External Attack Surface Management (EASM) Tools:

• Detectify

• ShockWave

• Crowdstrike Falcon Surface

• Randori

• HackerOne Assets

• Ethiack

Static Application Security Testing (SAST) Tools:

• Veracode

• Checkmarx

• SonarQube

• Fortify

• CodeSonar

• ESLint (free, open-source option)

• Bandit (for Python, open-source and free)

• Snyk

Dynamic Application Security Testing (DAST) Tools:

• Invicti (formerly Netsparker)

• Indusface WAS

• Acunetix

• Intruder

• Astra Pentest

• OWASP ZAP (open source)

Interactive Application Security Testing (IAST) Tools:

• Contrast Security Assess

• Quotium Seeker

• Contrast Security Protect

Software Component Analysis (SCA) Tools:

• Black Duck

• Snyk

• Mend.io (former WhiteSource)

• FOSSA

• OWASP Dependency-Check (open source)

Pentesting Tools:

• Nmap

• Metasploit

• Burp Suit

• WPSCAN

• DirSearch

• Subfinder

• SQLMap

• REcollapse

• FFUF

• Hydra

• Sublist3r

• Aircrack-ng

• Nuclei

• Ethiack

Ethical Hacking Platforms:

• Intigriti

• Ethiack

• HackerOne

• BugCrowd

Third-Party Vulnerability Assessment Tools:

• Qualys

• Tenable

• Rapid7

• Acunetix

API Testing Tools:

• Postman

• SoapUI

• JMeter

• Swagger

• Insomnia

And that's it. Let me know if you have more recommendations.