Security and privacy is a complex ecosystem with evolving threats and tools. We can help identify tools that meets maturity of your code and business to scale costs with increase in revenue or product adoption.

But for a good place to start we recommend OWASP Top 10. From OWASP:

"The OWASP Top 10 is a powerful awareness document for web application security. It represents a broad consensus about the most critical security risks to web applications. Project members include a variety of security experts from around the world who have shared their expertise to produce this list."

OWASP releases its Top 10 every few years. The most recent is 2017:

Broken Authentication
Sensitive Data Exposure
XML External Entities (XXE)
Broken Access Control
Security Misconfiguration
Cross-Site Scripting (XSS)
Insecure Deserialization
Using Components with Known Vulnerabilities
Insufficient Logging & Monitoring

For more on the OWASP Top 10, see

There are many open source security tools on the market. Here is a list of some popular ones:
Owasp Orizon
OWASP O2 Platform
OWASP WAP-Web Application Protection
Boon -
FindBugs -
Find Security Bugs -
FlawFinder -
Google CodeSearchDiggity -
phpcs-security-audit -
Microsoft’s FxCop
.NET Security Guard -
Oedipus -
Puma Scan -
Splint -
SonarQube -
W3af -

This list came from OWASP. For their full list of tools, including paid tools, see


For help running your scan, prioritizing the results, and training your technical people to secure your systems, contact us!