Reviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
30 reviews
from
External reviews are not included in the AWS star rating for the product.
Modern, Insightful, and Seamlessly Fits Our Workflow
What do you like best about the product?
The best thing is that it actually fits into how we work. Most scanners feel like they were built in 2005, but Bright feels modern. It doesn't scream about 500 "vulnerabilities" that turn out to be nothing. It only pings us for stuff that actually matters. Also, the remediation tips are actually written for human beings, not just robots, so my team knows exactly what to fix without a three-hour meeting.
What do you dislike about the product?
The UI can feel a little dense at first. There’s a lot going on in the dashboard, and it took me a few tries to find exactly where some of the scan settings were buried.
What problems is the product solving and how is that benefiting you?
We needed a way to scale our security testing without hiring three more security engineers. This lets our current team handle way more code than they could manually.
Seamless Security Testing That Fits Perfectly Into Development
What do you like best about the product?
I really like how Bright Security makes dynamic application and API security testing feel seamless in a developer’s day-to-day, with an intuitive interface, fast scans, real-time vulnerability validation, and minimal false positives that let me focus on real issues rather than noise it’s what makes security actually usable during development rather than only at the end
What do you dislike about the product?
While Bright’s scans and reports are solid, I wish it had better built-in mapping of API endpoints and deeper support for single-page apps, and sometimes linking results into broader enterprise-wide tools feels a bit limited compared to some legacy platforms
What problems is the product solving and how is that benefiting you?
Bright Security solves the problem of finding critical web and API vulnerabilities early in the software development lifecycle so that security doesn’t become a bottleneck before release meaning our teams can ship safe features faster without having to do manual late-stage penetration tests.
Reliable and Developer-Friendly Security Solution
What do you like best about the product?
Bright Security has been a game-changer for our development workflow. The biggest advantage is how seamlessly it integrates into CI/CD pipelines without slowing down deployments. The platform is intuitive, and the automated scanning is fast yet thorough. I also appreciate the developer-focused approach issues are explained clearly with actionable remediation steps, which makes fixing vulnerabilities much easier. Their customer support has been responsive and helpful whenever we needed guidance.
What do you dislike about the product?
While the overall experience is great, the initial setup took a bit longer than expected because of the learning curve around configuring custom scan profiles. Also, the reporting dashboard could use more flexibility in customizing views for different stakeholders.
What problems is the product solving and how is that benefiting you?
Before Bright Security, we struggled with manual security checks that delayed releases and often missed critical vulnerabilities. Bright Security solved this by automating the entire process and embedding security into our development lifecycle. Now, we catch issues early in the pipeline, reducing risk and saving countless hours. This has improved both our product security and team efficiency significantly.
Absolutely Flawless Experience
What do you like best about the product?
The "Shift-Left" capability is genuine here, not just a marketing term. The support for modern architectures like GraphQL and REST APIs is excellent, and the customer success team is incredibly responsive—they’ve actually helped us build out our custom integrations rather than just sending us a link to a FAQ page.
What do you dislike about the product?
actually, pretty mucI’d love to see them expand their ecosystem more. Currently, they are top-tier for DAST (Dynamic Testing), but I wish they offered native SCA or SAST modules so I could manage my entire application security posture under one single vendor/contract rather than juggling multiple tools.h nothing which i do not like.
What problems is the product solving and how is that benefiting you?
t’s solving the problem of "Application Blind Spots." We used to worry about "Shadow APIs"—endpoints our developers created but never documented. Bright’s discovery engine finds these automatically. It has essentially reduced our manual penetration testing costs because we’re catching the low-hanging fruit and even complex business logic flaws automatically before the auditors even show up.
Developer-Friendly and CI/CD-Ready Security Tool
What do you like best about the product?
I use Bright Security mainly for automated application security testing in our development workflow, and it helps us catch security issues early, preventing discoveries in later stages like staging or production. What stands out for me is how developer-friendly it is, with a clean dashboard and straightforward integration with CI tools. The API-first approach and the clear explanation of issues enable developers to address them quickly. I appreciate the automatic scans during builds and the relevant results that align with modern architectures, which reduce manual effort and result in actionable feedback rather than generic reports. Compared to traditional DAST tools, Bright Security is less noisy, more focused on real issues, and fits well into agile development and CI/CD workflows.
What do you dislike about the product?
Initial setup takes some time if you’re new to security tools, especially understanding scan configurations. Some advanced features also have a learning curve. Better onboarding documentation and more real-world examples would make it easier for first-time users.
What problems is the product solving and how is that benefiting you?
I use Bright Security to automate application security testing in our CI/CD workflow, reducing manual effort and catching vulnerabilities early. It fits agile development perfectly, providing actionable feedback without slowing releases, and integrates smoothly with modern tools, enhancing our security posture.
Enhancing Web App Security
What do you like best about the product?
Near real-time vulnerability detection as well as automated security testing.
What do you dislike about the product?
Complexity in setting up the tool where the appsec team is lean it gets difficult to scale.
What problems is the product solving and how is that benefiting you?
1. Real time scanning
2. Reduction of FP
3. Vulnerability detection.
2. Reduction of FP
3. Vulnerability detection.
Senior Product Security Engineer
What do you like best about the product?
Ease of use, Product efficiency, Support team on-ground
What do you dislike about the product?
As it is a DAST tool, sometimes the tool's necessity gets diluted because engineering team's consider it as a overhead.
What problems is the product solving and how is that benefiting you?
We are able to find out the vulnerabilities which really matter as Bright usually does not generate false positives.
Amazing Enterprise support with most options provided for running Authenticated Scans
What do you like best about the product?
Technical Support
Options for Authenticated Scan
Coverage
Options for Authenticated Scan
Coverage
What do you dislike about the product?
Nothing specific but pointing out the overall market problem that DAST scans struggle with Authenticated scans running smoothly because of complex Auth flows like SSO, oAuth and of course the MFA conf options to be configured within any DAST tool
What problems is the product solving and how is that benefiting you?
Accomplishing mandatory requirements to have DAST coverage in our org.
Excellent product
What do you like best about the product?
It helps to improve API security and provides good vulnerability assessment
What do you dislike about the product?
hard for the dev team lo learn hot to use
What problems is the product solving and how is that benefiting you?
API securety
This company provides DAST scanning solution no other company can in a direct focused way
What do you like best about the product?
Scanning and testing capabilities for frontend of your application are next level
Flexibility in reports generation
Constant meaningful improvements in Ease of Use in last year, for example Incremental app that analyzes entrypoints and triggers scans without having to set up the parameters relevant to each.
Customer Support is very helpful even when I am not from the security field. Support also are crucial for Ease of implementation, and follow up on a weekly basis on progress.
Flexibility in reports generation
Constant meaningful improvements in Ease of Use in last year, for example Incremental app that analyzes entrypoints and triggers scans without having to set up the parameters relevant to each.
Customer Support is very helpful even when I am not from the security field. Support also are crucial for Ease of implementation, and follow up on a weekly basis on progress.
What do you dislike about the product?
More challenging for products that require frequent reinstall
Could use better integration with API scanning, like entrypoint discovery with target's swagger page
Need to improve flexibility in entrypoint management for a given project (mass edit, mass delete etc)
I would also suggest diversifying the licensing options:
I need to run multiple scans in short amount of time once every 2 months to test all products. Currently the license is for one engine, which means I can use it 24/7 but am limited to one running scan. Having an option for several engines that are time limited with frequency required would be useful, even a pay-as-you-go format would work well for these use cases.
Could use better integration with API scanning, like entrypoint discovery with target's swagger page
Need to improve flexibility in entrypoint management for a given project (mass edit, mass delete etc)
I would also suggest diversifying the licensing options:
I need to run multiple scans in short amount of time once every 2 months to test all products. Currently the license is for one engine, which means I can use it 24/7 but am limited to one running scan. Having an option for several engines that are time limited with frequency required would be useful, even a pay-as-you-go format would work well for these use cases.
What problems is the product solving and how is that benefiting you?
Bright helps me meet my company's security requirements for the product my group develops.
showing 1 - 10