Sold by: Bright SecurityÂ
Deployed on AWS
Vendor Insights
Bright STAR (Security Testing & Auto Remediation), is an enterprise-grade, AI-powered AppSec platform.
We help organizations replace legacy SAST & DAST solutions by automatically finding, fixing, & validating fixes for Web, APIs, business logic & LLMs vulnerabilities in both AI and human generated code.
Overview
Note: This is a contract listing for use with a Private Offer only. This listing is not meant to be transacted outside of an AWS Private Offer. To inquire about Private Offers, please contact us at apn-sales@brightsec.comÂ
Application and API security is falling behind the pace of modern development. Enterprise teams are shipping faster, writing more code, and increasingly relying on AI tools like GitHub Copilot to meet demand. But the security stack has not kept up. Traditional AST tools such as SAST, DAST, SCA, and IAST are fragmented, slow to act, and heavily dependent on manual workflows that does not scale. The rise of AI-generated code has amplified the problem. Copilot now contributes nearly half of all developer code, yet this code is four times more likely to contain vulnerabilities. Existing tools were not designed for this shift and are overwhelmed by the volume, velocity, and complexity introduced by AI-assisted development. Meanwhile, developers lack the time or expertise to triage and fix issues on their own, and AppSec teams are vastly outnumbered. This creates a growing remediation gap, with high-risk vulnerabilities slipping into production and critical fixes delayed for weeks. Bright Security solves this with an AI-powered AppSec platform that integrates across the SDLC to detect, fix vulnerabilities, and validate the fix early. To close the remediation gap, we launched Bright STAR, the first Autonomous Security Testing & Auto Remediation platform. STAR detects, prioritizes, remediates, and validates vulnerabilities automatically, minimizing manual intervention while increasing speed and accuracy. Unlike static solutions that guess while attempting to remediate a vulnerability, STAR provides the AI code generation tool with all the required context to be confident the vulnerability was fixed and then runs a Dynamic validation scan to make sure the issue was fixed. As AI-generated code becomes the new standard, the need for automated, intelligent security grows. Bright STAR meets this challenge with continuous, scalable AppSec that protects applications without slowing innovation.
Highlights
- Real Dynamic Validation Eliminates False Security: Bright STAR uses a dynamic approach to validate application and API vulnerability fixes in real time using dynamic security unit tests, ensuring remediation is both effective and broad. If a patch is generated, the platform re-runs tests to confirm the issue is fully resolved, iterating the fix if necessary, guaranteeing full-class remediation. No other AppSec, or coding assistant solution can perform dynamic security unit tests.
- Zero False Positives and Focused Findings: Unlike traditional SAST (Static Application Security Testing) solutions that drown teams in false positives, the developer-centric Dynamic AppSec (DAST) engine from Bright highlights issues that are actually exploitable by exercising the running application, cutting alert fatigue. No vulnerabilities are presented to users without validation and proof of exploit.
- Shift-Left Security in CI/CD: Bright STAR moves Dynamic security testing directly into the unit-testing and code level, eliminating the sole reliance on legacy DAST which often finds issues too late in the pipeline. The dynamic security unit tests from Bright STAR combined with the quick incremental scans or full attestation scans from Bright DAST provide AppSec and Developer teams with the complete AppSec picture that is missing with DAST and SAST solutions today.
Details
Sold by
Categories
Delivery method
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(2)
ISO27001
SOC2
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Enterprise | Maximum 3 Concurrent Scans | $105,000.00 |
Vendor refund policy
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
If you have any questions, please contact your assigned Customer Success Manager or Engineer. For support-related issues, please report them or open tickets at https://support.brightsec.com or email: support@brightsec.com .
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Bright Security
By StackHawk, Inc.
By Fluid Attacks
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Dynamic Security Validation
Performs real-time dynamic security validation using security unit tests to confirm vulnerability remediation with iterative testing capabilities
AI-Powered Vulnerability Detection
Utilizes AI-driven techniques to detect vulnerabilities in web applications, APIs, business logic, and AI-generated code with high accuracy
Continuous Security Testing
Integrates security testing across software development lifecycle (SDLC) with incremental and full attestation scanning capabilities
Multi-Code Generation Vulnerability Analysis
Supports vulnerability detection and remediation for both human-generated and AI-generated code across different development environments
Automated Remediation Engine
Automatically generates, prioritizes, and validates vulnerability fixes with contextual AI code generation and dynamic validation scanning
Dynamic Application Security Testing
Automated DAST scanning tool capable of testing REST, GraphQL, and SOAP APIs throughout the software development pipeline
CI/CD Security Integration
Native integration with AWS CodeBuild and CodePipeline for automated security testing during software delivery
Vulnerability Detection
Docker-based application security scanner with generative AI technology for identifying hidden APIs and potential security vulnerabilities
Multi-Protocol API Support
Comprehensive testing capabilities for REST, GraphQL, SOAP, and gRPC protocols with custom test data generation
Security Automation Framework
Includes CLI tool, custom scan discovery, and support for automated vulnerability findings triage and reproduction
Security Testing Techniques
Comprehensive multi-vector security testing integrating automated tools, AI, and ethical hacking across SAST, DAST, SCA, CSPM, PTaaS, and reverse engineering
Continuous Security Integration
CI/CD agent that continuously reviews source code changes and breaks build to prevent deployment of vulnerable software
Cloud Platform Security
Seamless security integration with major cloud platforms including AWS, Microsoft Azure, and Google Cloud Platform for infrastructure vulnerability assessment
Vulnerability Remediation
AI-powered vulnerability detection and remediation with customized fix options, including automatic code fixes and expert consulting
Software Supply Chain Analysis
Detailed component and dependency inventory tracking with dynamic SBOM updates across software development lifecycle changes
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
-
-
No security profile
No security profile
Standard contract
No
No
No
Customer reviews
0 ratings
0 AWS reviews
|
25 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Nishant S.
Enhancing Web App Security
Reviewed on Aug 21, 2024
Review provided by G2
What do you like best about the product?
Near real-time vulnerability detection as well as automated security testing.
What do you dislike about the product?
Complexity in setting up the tool where the appsec team is lean it gets difficult to scale.
What problems is the product solving and how is that benefiting you?
1. Real time scanning
2. Reduction of FP
3. Vulnerability detection.
2. Reduction of FP
3. Vulnerability detection.
Kruthika H.
Senior Product Security Engineer
Reviewed on Aug 21, 2024
Review provided by G2
What do you like best about the product?
Ease of use, Product efficiency, Support team on-ground
What do you dislike about the product?
As it is a DAST tool, sometimes the tool's necessity gets diluted because engineering team's consider it as a overhead.
What problems is the product solving and how is that benefiting you?
We are able to find out the vulnerabilities which really matter as Bright usually does not generate false positives.
Security and Investigations
Amazing Enterprise support with most options provided for running Authenticated Scans
Reviewed on Aug 16, 2024
Review provided by G2
What do you like best about the product?
Technical Support
Options for Authenticated Scan
Coverage
Options for Authenticated Scan
Coverage
What do you dislike about the product?
Nothing specific but pointing out the overall market problem that DAST scans struggle with Authenticated scans running smoothly because of complex Auth flows like SSO, oAuth and of course the MFA conf options to be configured within any DAST tool
What problems is the product solving and how is that benefiting you?
Accomplishing mandatory requirements to have DAST coverage in our org.
Transportation/Trucking/Railroad
Excellent product
Reviewed on Jun 10, 2024
Review provided by G2
What do you like best about the product?
It helps to improve API security and provides good vulnerability assessment
What do you dislike about the product?
hard for the dev team lo learn hot to use
What problems is the product solving and how is that benefiting you?
API securety
Dmitrey G.
This company provides DAST scanning solution no other company can in a direct focused way
Reviewed on Jun 09, 2024
Review provided by G2
What do you like best about the product?
Scanning and testing capabilities for frontend of your application are next level
Flexibility in reports generation
Constant meaningful improvements in Ease of Use in last year, for example Incremental app that analyzes entrypoints and triggers scans without having to set up the parameters relevant to each.
Customer Support is very helpful even when I am not from the security field. Support also are crucial for Ease of implementation, and follow up on a weekly basis on progress.
Flexibility in reports generation
Constant meaningful improvements in Ease of Use in last year, for example Incremental app that analyzes entrypoints and triggers scans without having to set up the parameters relevant to each.
Customer Support is very helpful even when I am not from the security field. Support also are crucial for Ease of implementation, and follow up on a weekly basis on progress.
What do you dislike about the product?
More challenging for products that require frequent reinstall
Could use better integration with API scanning, like entrypoint discovery with target's swagger page
Need to improve flexibility in entrypoint management for a given project (mass edit, mass delete etc)
I would also suggest diversifying the licensing options:
I need to run multiple scans in short amount of time once every 2 months to test all products. Currently the license is for one engine, which means I can use it 24/7 but am limited to one running scan. Having an option for several engines that are time limited with frequency required would be useful, even a pay-as-you-go format would work well for these use cases.
Could use better integration with API scanning, like entrypoint discovery with target's swagger page
Need to improve flexibility in entrypoint management for a given project (mass edit, mass delete etc)
I would also suggest diversifying the licensing options:
I need to run multiple scans in short amount of time once every 2 months to test all products. Currently the license is for one engine, which means I can use it 24/7 but am limited to one running scan. Having an option for several engines that are time limited with frequency required would be useful, even a pay-as-you-go format would work well for these use cases.
What problems is the product solving and how is that benefiting you?
Bright helps me meet my company's security requirements for the product my group develops.