Listing Thumbnail

    Developer-centric enterprise dynamic application security testing (DAST)

     Info
    Sold by: Bright Security 
    Vendor Insights
    Safeguard your applications and APIs against both technical and business logic vulnerabilities with minimal false positives at the speed and efficiency of DevOps. Eliminate the risk of security becoming a mere afterthought or a bottleneck in your DevOps workflow with Bright's developer-centric Enterprise grade dynamic application security testing (DAST) solution.
    0 AWS reviews
    |
    25 external reviews
    View purchase options
    Listing Thumbnail

    Developer-centric enterprise dynamic application security testing (DAST)

     Info
    Sold by: Bright Security 
    View purchase options

    Overview

    Play video
    1/1

    Note: This is a contract listing for use with a Private Offer only. This listing is not meant to be transacted outside of an AWS Private Offer. To inquire about Private Offers, please contact us at apn-sales@brightsec.com 

    Bright's dynamic application security testing (DAST) solution, based on an extensive library of over 8,000 attack payloads, is the only DAST solution built from the ground up to cater to both developers and AppSec professionals. Unlike other DAST tools that are based on the ZAP (formerly OWASP) open-source scan engine, Bright fully developed and enhances its scan engine providing Enterprises with a single point of ownership and ensuring full vendor supply-chain accountability.

    Bright empowers developers with the unique capability to initiate DAST scans right from their Integrated Development Environment (IDE). Moreover, Bright's versatile design allows for automation at any stage within the SDLC pipeline (Jenkins, GitHub Actions, Gitlab, Azure DevOps). Through Bright, organizations can seamlessly shift application testing earlier into the SDLC, identifying vulnerabilities well before they reach production.

    Highlights

    • With Bright's Enterprise grade DAST, organizations of all sizes can truly shift application testing left. Developers can use Bright's unique plugin for popular integrated development environments (IDE) directly, or as an integrated component of their Unit Testing processes and in their CI/CD pipelines. With Bright, developers can easily see verified vulnerabilities, such as code subject to SQL injection attacks or cross-site scripting, and the detailed mitigation steps.
    • Bright stands out by offering API testing capabilities early in the Software Development Life Cycle (SDLC), thus providing a proactive approach to security. Its contemporary solution supports REST, SOAP, and GraphQL APIs, ensuring a comprehensive coverage for API testing. Bright excels in detecting an array of API vulnerabilities, including but not limited to injection threats and absence of rate limiting, among others featured on the OWASP API Security Top 10 list.
    • Bright is reshaping the landscape of Dynamic Application Security Testing (DAST) by significantly reducing false positives and providing documented proof of vulnerabilities found (for example: screen captures). Bright's solution, crafted specifically for developers, enhances not only the trust in the system but also bolsters developer productivity. By alleviating 'alert fatigue' and the resultant complacency, Bright fosters a more engaged and efficient development environment.

    Details

    Sold by
    Bright Security 
    Categories
    Security 
    Testing 
    Application Development 
    Delivery method

    Features and programs

    Vendor Insights

     Info
    Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
    Security credentials achieved
    (2)
    ISO27001
    ISO27001
    SOC2
    SOC2
    View security profile

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases
    View financing details

    Pricing

    Developer-centric enterprise dynamic application security testing (DAST)

     Info
    View purchase options
    Pricing is based on contract duration. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.

    12-month contract (1)

     Info
    Dimension
    Description
    Cost/12 months
    Enterprise
    Maximum 3 Concurrent Scans
    $105,000.00

    Vendor refund policy

    https://www.brightsec.com/contact 

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Resources

    Vendor resources

    Product page 
    Product sheet 
    White papers 

    Support

    Vendor support

    If you have any questions, please contact your assigned Customer Success Manager or Engineer. For support-related issues, please report them or open tickets at https://support.brightsec.com  or email: support@brightsec.com  or use in-app live messaging in Bright Platform. support@brightsec.com 

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Get support

    Similar products

    Customer-Centric Design and UX/UI Development
    By global digital needs agency
    Our gDesign service enhances AWS applications with customer-centric design and UX/UI development, ensuring an intuitive and engaging user experience.
    View product
    Working Backwards Workshop
    By global digital needs agency
    Interactive workshop utilizing AWS's approach to align product development with customer needs.
    View product
    Vespa Cloud Subscription
    By Vespa.ai
    Whether you just need to quickly deploy some experiments, or run an always available world-wide production system handling thousands of requests per second, the Vespa Cloud will fit your needs.
    View product
    Otomi
    By Otomi by Red Kubes
    Add developer- and operations-centric tools, automation and self-service on top of Kubernetes.
    View product

    Customer reviews

    Write a review

    Ratings and reviews

     Info
    0 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    0%
    0%
    0%
    0%
    0 AWS reviews
    |
    25 external reviews
    External reviews are sourced from G2  and are not included in the star rating for this product.
    Nishant S.

    Enhancing Web App Security

    Reviewed on Aug 21, 2024
    Review provided by G2
    What do you like best about the product?
    Near real-time vulnerability detection as well as automated security testing.
    What do you dislike about the product?
    Complexity in setting up the tool where the appsec team is lean it gets difficult to scale.
    What problems is the product solving and how is that benefiting you?
    1. Real time scanning
    2. Reduction of FP
    3. Vulnerability detection.
    Leave a comment0 comments
    Kruthika H.

    Senior Product Security Engineer

    Reviewed on Aug 21, 2024
    Review provided by G2
    What do you like best about the product?
    Ease of use, Product efficiency, Support team on-ground
    What do you dislike about the product?
    As it is a DAST tool, sometimes the tool's necessity gets diluted because engineering team's consider it as a overhead.
    What problems is the product solving and how is that benefiting you?
    We are able to find out the vulnerabilities which really matter as Bright usually does not generate false positives.
    Leave a comment0 comments
    Security and Investigations

    Amazing Enterprise support with most options provided for running Authenticated Scans

    Reviewed on Aug 16, 2024
    Review provided by G2
    What do you like best about the product?
    Technical Support
    Options for Authenticated Scan
    Coverage
    What do you dislike about the product?
    Nothing specific but pointing out the overall market problem that DAST scans struggle with Authenticated scans running smoothly because of complex Auth flows like SSO, oAuth and of course the MFA conf options to be configured within any DAST tool
    What problems is the product solving and how is that benefiting you?
    Accomplishing mandatory requirements to have DAST coverage in our org.
    Leave a comment0 comments
    Transportation/Trucking/Railroad

    Excellent product

    Reviewed on Jun 10, 2024
    Review provided by G2
    What do you like best about the product?
    It helps to improve API security and provides good vulnerability assessment
    What do you dislike about the product?
    hard for the dev team lo learn hot to use
    What problems is the product solving and how is that benefiting you?
    API securety
    Leave a comment0 comments
    Dmitrey G.

    This company provides DAST scanning solution no other company can in a direct focused way

    Reviewed on Jun 09, 2024
    Review provided by G2
    What do you like best about the product?
    Scanning and testing capabilities for frontend of your application are next level
    Flexibility in reports generation
    Constant meaningful improvements in Ease of Use in last year, for example Incremental app that analyzes entrypoints and triggers scans without having to set up the parameters relevant to each.
    Customer Support is very helpful even when I am not from the security field. Support also are crucial for Ease of implementation, and follow up on a weekly basis on progress.
    What do you dislike about the product?
    More challenging for products that require frequent reinstall
    Could use better integration with API scanning, like entrypoint discovery with target's swagger page
    Need to improve flexibility in entrypoint management for a given project (mass edit, mass delete etc)
    I would also suggest diversifying the licensing options:
    I need to run multiple scans in short amount of time once every 2 months to test all products. Currently the license is for one engine, which means I can use it 24/7 but am limited to one running scan. Having an option for several engines that are time limited with frequency required would be useful, even a pay-as-you-go format would work well for these use cases.
    What problems is the product solving and how is that benefiting you?
    Bright helps me meet my company's security requirements for the product my group develops.
    Leave a comment0 comments
    View all reviews