Sold by: Bright SecurityÂ
Deployed on AWS
Vendor Insights
Safeguard your applications and APIs against both technical and business logic vulnerabilities with minimal false positives at the speed and efficiency of DevOps. Eliminate the risk of security becoming a mere afterthought or a bottleneck in your DevOps workflow with Bright's developer-centric Enterprise grade dynamic application security testing (DAST) solution.
Overview
Note: This is a contract listing for use with a Private Offer only. This listing is not meant to be transacted outside of an AWS Private Offer. To inquire about Private Offers, please contact us at apn-sales@brightsec.comÂ
Bright's dynamic application security testing (DAST) solution, based on an extensive library of over 8,000 attack payloads, is the only DAST solution built from the ground up to cater to both developers and AppSec professionals. Unlike other DAST tools that are based on the ZAP (formerly OWASP) open-source scan engine, Bright fully developed and enhances its scan engine providing Enterprises with a single point of ownership and ensuring full vendor supply-chain accountability.
Bright empowers developers with the unique capability to initiate DAST scans right from their Integrated Development Environment (IDE). Moreover, Bright's versatile design allows for automation at any stage within the SDLC pipeline (Jenkins, GitHub Actions, Gitlab, Azure DevOps). Through Bright, organizations can seamlessly shift application testing earlier into the SDLC, identifying vulnerabilities well before they reach production.
Highlights
- With Bright's Enterprise grade DAST, organizations of all sizes can truly shift application testing left. Developers can use Bright's unique plugin for popular integrated development environments (IDE) directly, or as an integrated component of their Unit Testing processes and in their CI/CD pipelines. With Bright, developers can easily see verified vulnerabilities, such as code subject to SQL injection attacks or cross-site scripting, and the detailed mitigation steps.
- Bright stands out by offering API testing capabilities early in the Software Development Life Cycle (SDLC), thus providing a proactive approach to security. Its contemporary solution supports REST, SOAP, and GraphQL APIs, ensuring a comprehensive coverage for API testing. Bright excels in detecting an array of API vulnerabilities, including but not limited to injection threats and absence of rate limiting, among others featured on the OWASP API Security Top 10 list.
- Bright is reshaping the landscape of Dynamic Application Security Testing (DAST) by significantly reducing false positives and providing documented proof of vulnerabilities found (for example: screen captures). Bright's solution, crafted specifically for developers, enhances not only the trust in the system but also bolsters developer productivity. By alleviating 'alert fatigue' and the resultant complacency, Bright fosters a more engaged and efficient development environment.
Details
Sold by
Categories
Delivery method
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(2)
SOC2
ISO27001
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Enterprise | Maximum 3 Concurrent Scans | $105,000.00 |
Vendor refund policy
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
If you have any questions, please contact your assigned Customer Success Manager or Engineer. For support-related issues, please report them or open tickets at https://support.brightsec.com or email: support@brightsec.com or use in-app live messaging in Bright Platform. support@brightsec.comÂ
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Bright Security
By StackHawk, Inc.
By Fluid Attacks
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Dynamic Application Security Testing
Comprehensive security scanning solution with an extensive library of over 8,000 attack payloads for identifying vulnerabilities
IDE Integration
Native plugin capability allowing developers to initiate security scans directly from their integrated development environment
API Security Testing
Supports comprehensive testing for REST, SOAP, and GraphQL APIs with detection of vulnerabilities from OWASP API Security Top 10 list
Scan Engine Technology
Proprietary scan engine fully developed in-house, providing enhanced scanning capabilities beyond open-source ZAP engine
CI/CD Pipeline Automation
Seamless integration with multiple DevOps automation tools including Jenkins, GitHub Actions, GitLab, and Azure DevOps for continuous security testing
Dynamic Application Security Testing
Automated DAST scanning tool capable of testing REST, GraphQL, and SOAP APIs throughout the software development pipeline
CI/CD Security Integration
Native integration with AWS CodeBuild and CodePipeline for automated security testing during software delivery
Vulnerability Detection
Docker-based application security scanner with generative AI technology for identifying hidden APIs and potential security vulnerabilities
Multi-Protocol API Support
Comprehensive testing capabilities for REST, GraphQL, SOAP, and gRPC protocols with custom test data generation
Security Automation Framework
Includes CLI tool, custom scan discovery, and support for automated vulnerability findings triage and reproduction
Security Testing Techniques
Comprehensive multi-vector security testing integrating automated tools, AI, and ethical hacking across SAST, DAST, SCA, CSPM, PTaaS, and reverse engineering
Continuous Security Integration
CI/CD agent that continuously reviews source code changes and breaks build to prevent deployment of vulnerable software
Cloud Platform Security
Seamless security integration with major cloud platforms including AWS, Microsoft Azure, and Google Cloud Platform for infrastructure vulnerability assessment
Vulnerability Remediation
AI-powered vulnerability detection and remediation with customized fix options, including automatic code fixes and expert consulting
Software Supply Chain Analysis
Detailed component and dependency inventory tracking with dynamic SBOM updates across software development lifecycle changes
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
-
-
No security profile
No security profile
Standard contract
No
No
No
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.