Sold by: MEGAZONECLOUD Corporation
Cost-efficient and scalable static & dynamic application security testing on cloud -Complies with the latest global guidelines - Detect security vulnerabilities in the entire source code with just simple 4 clicks - Automatically crawl and detect security vulnerabilities in web applications
5
Overview
The Sparrow Cloud users can run Static Analysis, test for security and quality issues of source code, and Dynamic Analysis, test for scanning vulnerabilities on web applications.
Sparrow Cloud is a single platform for managing security and quality issues of both source code and web applications: running static and dynamic tests, checking test results, marking vulnerability status, and generating reports.
Sparrow put together the essentials of a static tool, Sparrow SAST/SAQT, and a dynamic tool, Sparrow DAST, and released Sparrow Cloud. Now, individuals interested in software security can have the benefit of source code and application tests at a reasonable price.
Because the SAST tool directly tests program source code, it is essential to cover languages and frameworks in which the program is written. Sparrow Cloud supports analyzing source code in 20 languages, including Java, JavaScript, Objective-C, PHP, Python, Swift, etc. When you start the static analysis on Sparrow Cloud, it will naturally identify the languages of your code and use checkers fit for the language.
As the DAST test examines application front-ends, its test results reflect actions from the application. Therefore, it is useful to check threats that will cause direct outcomes on the application security. Sparrow Cloud can scan applications by replaying browser events. And web pages with HTML5 or Ajax can be analyzed as well.
Highlights
- Sign up and start analyzing your application in 1 minute.
- Static Analysis - An essential tool to comply with global cybersecurity guidelines including OWASP, CWE, etc. Dynamic Analysis - Pre-record actions(ex. Login, click, etc) or sequences to access hidden pages
- Static Analysis - Analyze & detect security vulnerabilities and quality issues in the source code Dynamic Analysis - Detects web application vulnerabilities with automated dynamic attacks
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/month |
|---|---|---|
Sparrow Cloud_ Pro(SAST) | Detect vulnerabilities with static analysis, 60 analyses/mon | $395.00 |
Sparrow Cloud_ Pro(DAST) | Detect security vulnerabilities in web applications, 60 analyses/mon | $145.00 |
Vendor refund policy
Please see the seller website for refund details.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Please visit Sparrow support page (https://cs.sparrowfasoo.com ) and submit a support request or chat with Sparrow CS team.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By MEGAZONECLOUD Corporation
By Fortinet Inc.
By Checkmarx
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Static Application Security Testing
Analyzes source code to detect security vulnerabilities and quality issues across 20 programming languages including Java, JavaScript, Objective-C, PHP, Python, and Swift with automatic language detection.
Dynamic Application Security Testing
Scans web applications for vulnerabilities through automated dynamic attacks and browser event replay, supporting HTML5 and Ajax-based web pages.
Multi-Language Source Code Support
Supports analysis of source code in 20 languages with automatic language identification and language-specific security checkers.
Unified Security Management Platform
Provides centralized platform for managing security and quality issues of both source code and web applications including test execution, vulnerability status tracking, and report generation.
Compliance with Security Standards
Complies with global cybersecurity guidelines including OWASP and CWE standards for vulnerability detection and remediation.
Code Security Analysis
Integrated code security with Software Composition Analysis (SCA), Static Application Security Testing (SAST), and Infrastructure as Code (IaC) security with runtime application behavior monitoring to identify active, exploitable vulnerable packages.
Cloud Security Posture Management
Cloud Security Posture Management (CSPM) and Kubernetes Security Posture Management (KSPM) with attack path analysis visualization and compliance validation against CIS Benchmarks for AWS and AWS Foundational Security Best Practices.
Cloud Infrastructure Entitlement Management
Cloud Infrastructure Entitlement Management (CIEM) providing visibility into AWS IAM users, groups, roles, policies, entitlements, and EC2 instances with automatic identity discovery and net-effective permissions assessment.
Behavioral Analytics and Anomaly Detection
Continuous monitoring of AWS workloads for unusual behaviors through comparison of past and present states using patented analytics with over 100 patents to detect anomalies and compromises.
Composite Alert Correlation
Automatic correlation of multiple alerts into single, high-confidence composite alerts using behavioral analytics, anomaly detection, in-house threat intelligence, AWS CloudTrail and GuardDuty data to identify active attacks including compromised credentials, ransomware, and cryptojacking.
Static Application Security Testing
Identifies vulnerabilities and weaknesses in custom code with support for 25+ languages and frameworks, scanning uncompiled code and re-scanning only new or modified code.
Software Composition Analysis
Identifies and prioritizes open source vulnerabilities, takes inventory of open source components and dependencies, and evaluates risks of open source licenses.
Infrastructure as Code Analysis
Detects security misconfigurations in IaC templates using KICS to prevent errors such as open storage buckets, insecure databases, and excessive privileges.
Real-time IDE Security Scanning
Provides real-time vulnerability detection during IDE development for both human-generated and AI-generated code, identifying vulnerabilities, unmasked secrets, vulnerable container images, and malicious open source packages.
Agentic-AI Remediation
Generates remediation suggestions using AI agents that access proprietary databases and customized AI models to provide context-aware code fixes with interactive refinement capabilities.
Standard contract
No
No
Customer reviews
Jane A
Easy and efficient dynamic analysis testing solution
Reviewed on May 20, 2022
Review from a verified AWS customer
Simple and easy to use. I was able to purchase and began to use the service in about 3 minutes.
The simple UI and the quick tutorial were enough for me to get started without any problem.
Once I created a project with a target URL and other settings, I was able to analyze the project repeatedly without any changes.
The dashboard was intuitive enough and the analysis provided detailed information about the analysis results (description, analysis method, analysis result, and solution).
Overall, a great budget-friendly cloud security solution