Corporate Supporters & Sponsors

Disclaimer: The following information is not an endorsement for any particular entity and reflects the messaging of the supporter only.

Diamond Corporate Supporters and Event Sponsors


  • To remain competitive, organizations need to accelerate business transformation in order to deliver products faster. This leaves development teams with a choice: delay feature releases until security reviews can be performed or release new code with security risks. These teams lack the contextual understanding of their application components, risks, and developers necessary to make informed decisions. Apiiro is the industry-first Code Risk Platform™ to automate visibility, assurance, and risk remediation, across applications and infrastructure, before production. Only Apiiro enables organizations to deliver faster by identifying material code changes to enable teams to have a holistic, context-driven understanding of application risk.



  • Arnica integrates across your software supply chain and provides the necessary context, prioritization, ownership, and actionability to proactively mitigate risks. In addition to providing complete reports around code risk, excessive permissions, vulnerable dependencies, code repository misconfigurations, anomalous developer behavior, and more, Arnica’s pipelineless approach eliminates these risks in a blameless and shameless way by interacting directly with the developers in real-time to stop any new risks from entering your source code while also helping resolve your risks backlog.



  • Cequence Security is a venture-backed cybersecurity software company founded in 2015 and based in Sunnyvale, CA. Its mission is to transform application security by consolidating multiple innovative security functions within an open, AI-powered software platform that protects customers web, mobile, and API-based applications – and supports today’s cloud-native, container-based application architectures. The company is led by industry veterans that previously held leadership positions at Palo Alto Networks and Symantec. Customers include F500 organizations across multiple vertical markets, and the solution has earned multiple industry accolades.


Platinum Corporate Supporters and Event Sponsors


  • Adobe is changing the world through digital experiences. Great experiences have the power to inspire, transform, and move the world forward. And every great experience starts with creativity. Creativity is in our DNA. Our game-changing innovations are redefining the possibilities of digital experiences. We connect content and data and introduce new technologies that democratize creativity, shape the next generation of storytelling, and inspire entirely new categories of business.



  • Atlassian unleashes the potential in every team. Our products help teams organize, discuss and complete shared work. Today Atlassian is the leading provider of collaboration software for teams at more than 110,000 companies globally, including top brands like Citigroup, eBay, Coca-Cola, Visa, BMW and NASA. We help teams at organizations of all sizes, from start-ups to large companies, and more than 75 percent of Fortune 100 companies are Atlassian customers.



  • Bionic helps customers manage the security posture of their applications in production, providing continuous visibility of risk across all application services, dependencies, and data flows in real-time. Current application security tools are looking at data privacy and application security from a vulnerability lens. Bionic looks at the problem from an architectural lens.



  • Black Belt Security specializes in delivering premium quality cybersecurity services and solutions such as manual penetration testing, security risk assessments, code analysis, and architecture reviews. We are powered by our vast wealth of expertise, our passion in the field, as well as our many proprietary methodologies and tools in our toolbox. Find out more at www.blackbeltsec.com



  • Bloomberg is a global leader in business and financial information, delivering trusted data, news, and insights that bring transparency, efficiency, and fairness to markets. The company helps connect influential communities across the global financial ecosystem via reliable technology solutions that enable our customers to make more informed decisions and foster better collaboration.



  • When it comes to securing their businesses’ future, leading cloud infrastructure providers, SaaS companies, and enterprises turn to Coalfire. We are the cybersecurity advisor that combines extensive cloud expertise, advanced technology, and innovative approaches to empower our clients to strengthen their security posture and secure their digital transformations.



  • Contrast Security secures the code that global business relies on. It is the industry's most modern and comprehensive Code Security Platform, removing security roadblock inefficiencies and empowering enterprise developers to write and release secure application code faster. Security and development teams can then continue innovating while accelerating digital transformation initiatives.



  • Corellium helps developer and security teams build, test, and secure mobile devices and apps through the power of virtualization. Our Arm-native virtualization platform is used by businesses, agencies and security communities around the world to strengthen security testing and streamline DevSecOps. With highly performant, scalable, and accurate virtual devices, Corellium dramatically accelerates mobile R&D and enables never-before-possible security research and penetration testing. Visit Corellium.com for a free trial.



  • SECURE AND DELIVER EXTRAORDINARY DIGITAL EXPERIENCES F5’s portfolio of automation, security, performance, and insight capabilities empowers our customers to create, secure, and operate adaptive applications that reduce costs, improve operations, and better protect users.



  • Fortify Application Security provides your team with solutions to promote DevSecOps best practices, enable cloud transformation, and secure your software supply chain. As the sole code security solution with over two decades of expertise and acknowledged as a market leader by all major analysts, Fortify delivers the most adaptable, precise, and scalable AppSec platform available, supporting the breadth of tech you use while integrating into your preferred toolchain. With Fortify, go beyond check the box security because your great code demands great security.



  • Qualys is a pioneer and leading provider of cloud-based security and compliance solutions. The Qualys Cloud Platform and its integrated apps - including Web Application Scanning (WAS) - help businesses simplify security operations and lower the cost of compliance by delivering critical security intelligence and automating the full spectrum of auditing, compliance, and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance.



  • Salesforce is the world’s (#)1 customer relationship management (CRM) platform. Our cloud-based applications for sales, service, marketing, and more don’t require IT experts to set up or manage — simply log in and start connecting to customers in a whole new way.



  • Tenable® is the Exposure Management company. Approximately 40,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 60 percent of the Fortune 500, approximately 40 percent of the Global 2000, and large government agencies. Learn more at tenable.com


Gold Corporate Supporters and Event Sponsors


  • 42Crunch provides continuous API security to protect the digital business. Our unique developer-first API security platform enables developers to build and automate security into their API development pipeline and gives security teams full visibility and control of security policy enforcement throughout the API lifecycle. Deployed by Global 2500 enterprises and over 500,000 developers worldwide, 42Crunch enables a seamless DevSecOps experience to reduce governance costs and accelerate the rollout of secure APIs. Visit https://42crunch.com to learn more and sign up to the industry’s



  • Backslash is the first Cloud-Native Application Security solution for enterprise AppSec teams to provide unified security and business context to cloud-native code risk, coupled with automated threat modeling, code risk prioritization, and simplified remediation across applications and teams. With Backslash, AppSec teams can see and easily act upon the critical toxic code flows in their cloud-native applications; quickly prioritize code risks based on the relevant cloud context; and significantly cut MTTR (mean time to recovery) by enabling developers with the evidence they need to take ownership of the process.



  • CREST is an international not-for-profit, membership body representing the technical cyber security industry. Our vision is to build trust in the digital world by raising professional standards and delivering measurable quality assurance for the global cyber security industry. Our mission is to build capability, capacity, consistency and community in the global cyber security industry. We continually drive improvements in our accreditation and professional certification programmes for the benefit of stakeholders. CREST has almost 300 member companies internationally and engages and partners with governments, regulators, not-for-profit and corporate organizations around the world to help realise our vision.



  • Checkmarx is an Application Security software company, whose mission is to provide enterprise organizations with application security testing products and services that empower developers to deliver secure applications. Amongst the company's 1,000 customers are 5 of the world's top 10 software vendors and many Fortune 500 and government organizations. Checkmarx CxSAST is a highly accurate and flexible Source Code Analysis product that allows organizations to automatically scan a un-compiled/un-built code and identify hundreds of security vulnerabilities in the most prevalent coding languages.



  • Datadog is the essential monitoring and security platform for cloud applications. We bring together end-to-end traces, metrics, and logs to make your applications, infrastructure, and third-party services entirely observable. These capabilities help businesses secure their systems, avoid downtime, and ensure customers are getting the best user experience.



  • Digital.ai Application Security (formerly Arxan Technologies, Inc.) has been the leading provider of security for mobile, web, and desktop applications for over 20 years. Enterprises depend on Digital.ai to help them build secure software by obfuscating code and providing anti-tamper techniques. Applications built using Digital.ai Application Security are thus protected from reverse-engineering, piracy, and app-cloning. Digital.ai also provides a means to monitor the applications that enterprises create and a means to react to attacks on apps with Runtime Application Self Protection (RASP).



  • GitLab is a complete open-source DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate and build software. From idea to production, GitLab helps teams improve cycle time from weeks to minutes, reduce development process costs and decrease time to market while increasing developer productivity.



  • Grammarly helps 30 million people and 30,000 teams worldwide write more clearly and effectively every day. Using a combination of technological approaches and human expertise, Grammarly's real-time communication suggestions help individuals write with confidence and businesses achieve better results. In building a product that scales across multiple platforms and devices, Grammarly works to empower users whenever and wherever they communicate. Grammarly’s enterprise-grade measures prioritize security and privacy in its product, infrastructure, and operations, such as encryption, secure cloud architecture, and continuous monitoring of systems.



  • Guardsquare offers the most complete approach to mobile application security on the market. Built on the open-source ProGuard technology, Guardsquare’s software integrates seamlessly across the development cycle. From app security testing to code hardening to real-time visibility into the threat landscape, Guardsquare solutions provide enhanced mobile application security from early in the development process through publication. More than 800 customers worldwide across all major industries rely on Guardsquare to help them identify security risks and protect their mobile applications against reverse engineering and tampering.



  • Invicti Security is transforming the way web applications are secured. An AppSec leader for more than 15 years, Invicti enables organizations in every industry to continuously scan and secure all of their web applications and APIs at the speed of innovation. Through industry-leading Asset Discovery, Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), and Software Composition Analysis (SCA), Invicti provides a comprehensive view of an organization’s entire web application portfolio. Invicti’s proprietary Proof-Based Scanning technology is the first to deliver automatic verification of vulnerabilities and proof of exploit with 99.98% accuracy.



  • KPMG has experience across the continuum — from the boardroom to the data center. In addition to assessing your cyber security and aligning it to your business priorities, we can help you develop advanced approaches, implement them, monitor ongoing risks and help you respond effectively to cyber incidents. So no matter where you are on the cyber security journey, KPMG can help you reach the destination.



  • Mercari provides a C2C marketplace where individuals can easily sell used items. We want to provide both buyers and sellers with a service where they can enjoy safe and secure transactions. Mercari offers a unique customer experience, with a transaction environment that uses an escrow system, where Mercari temporarily holds payments, and simple and affordable shipping options.



  • Rezilion is an automated DevSecOps platform that allows organizations to effortlessly manage and eliminate software vulnerabilities from dev to prod and across cloud workloads, applications, and IoT devices. With operations in Israel and the United States, Rezilion is swiftly attracting a growing client base of Fortune 100 companies and leading industry partners. For more information, visit www.rezilion.com.



  • SOOS is the affordable, easy to integrate Software Security Platform for your whole team. Scan your open source software for vulnerabilities, control the introduction of new dependencies, exclude unwanted license types, generate SBOMS, and fill out your compliance worksheets with confidence for one low monthly price. SOOS DAST gives your team a no limit dynamic application security test that integrates seamlessly into developer pipelines. Test all build branches automatically, find issues and assign remediation tasks directly into your workflow management systems. Flat fee pricing with no per seat licenses or pricing tiers.



  • Scitum is the leading cybersecurity company in Mexico, Latin America, the United States, and some European countries. Scitum’s primary focus is to fulfill all of our client’s needs with services that fully cover the cycle of cybersecurity, among which consultancy and provided services stand out. We are part of Telmex and Grupo Carso, providing great support and financial capability to deal with complex, large-scale projects.



  • Secure Code Warrior makes software security intrinsic to developer workflows. Our vision is to inspire a global community of security conscious developers who ship quality code faster so they can focus on creating amazing, safe software for our world. Secure Code Warrior pioneered an innovative developer-centric approach to improving secure coding skills, and built an expanding suite of tools and flexible delivery methods that appeal to all development teams. The Secure Code Warrior Learning Platform offers content covering more than 50 language:framework-specific categories, and over 5,500 challenges covering nearly 150 different vulnerabilities.Learn more at securecodewarrior.com.



  • Zimperium, Inc. is a global leader in mobile device and app security, offering real-time, on-device protection against both known and unknown threats on Android, iOS, and Chromebook endpoints. Built for the demands of mobile business, Zimperium’s Mobile-First Security Platform™ delivers unmatched security across both applications and devices. Only Zimperium delivers autonomous mobile security that dynamically adapts to changing environments so companies can capitalize on the new world of mobile-powered opportunities, securely.



  • open-appsec is an open-source initiative that builds on machine learning to provide pre-emptive web app & API threat protection against OWASP-Top-10 and zero-day attacks. It can be deployed as add-on to Kubernetes Ingress, NGINX, Envoy and API Gateways. open-oppsec simplifies maintenance as there is no threat signature upkeep and exception handling, like common in many WAF solutions.


Silver Corporate Supporters and Event Sponsors


  • 7ASecurity strives to provide the highest quality security consulting services within budget constraints. In a time when low quality, uncustomized and mostly automated 'audits' are commonplace, 7ASecurity prides itself on tailoring assessments to the threat models and needs of its customers. This puts 7ASecurity in a unique position within the information security industry, delivering maximum value for money, finding vulnerabilities where other companies come empty, and underlining our motto Quality Pentests & Code Audits. Following the same philosophy, 7ASecurity delivers top quality security training where students get lifetime updates at no extra charge.



  • Acronis unifies data protection and cybersecurity to deliver integrated, automated cyber protection that solves the safety, accessibility, privacy, authenticity, and security (SAPAS) challenges of the modern digital world. Founded in Singapore in 2003 and incorporated in Switzerland in 2008, Acronis now has more than 2,000 employees and offices in 34 locations worldwide. Its solutions are trusted by more than 5.5 million home users and 500,000 companies, and top-tier professional sports teams. Acronis products are available through over 50,000 partners and service providers in over 150 countries and 26 languages.



  • Acunetix lets you manage security risks associated with your web presence. It detects an extensive range of web vulnerabilities and helps you eliminate them. Acunetix uses unique technologies to discover issues that evade other tools. It can be integrated within your SDLC to provide comprehensive protection at all stages. Acunetix is the most established product of its class on the market. It is the tool of choice of many industry leaders including Fortune 500 companies.



  • Aeye Security Lab Inc. is a Tokyo based web application security company, whose mission is to provide products and services to solve shortage of skilled labor (especially in the field of vulnerability assessment) with cutting-edge technologies such as AI. Aeye Security Lab’s “AeyeScan”, a DAST-based web application testing SaaS, is a unique automated crawler and scanning that leverages AI and RPA for highly accurate testing. AeyeScan also provides API and supports CI/CD to achieve DevSecOps.



  • Akeero is a game-changing threat modelling tool! By allowing teams to quickly visualise cloud-native infrastructures, and instantly identifying threats and suggesting best practice controls, Akeero embeds secure design at the start of the Software Development Life Cycle. Designs can be drawn from scratch using the intuitive drag-and-drop user interface, and existing infrastructures can be imported in just a few clicks using IaC import. Traditional manual threat-modelling simply takes too long - Akeero supercharges the process, saving agile software development teams thousands of hours per year.



  • Established in 2003 as a small software development team in Ukraine, Alpha Serve has grown to a product company with a portfolio of top-rated applications on the leading B2B marketplaces. Since 2018, we have been actively bringing our product’s value to the business community as an Atlassian Gold Marketplace Partner, ServiceNow Technology Partner and Shopify Partner. Our top priority is to create measurable value for the businesses of our customers through our applications. We achieve this through fostering competence and excellence in team performance, all while being a socially responsible company at the same time.



  • Altitude Networks tackles data security in the cloud to protect enterprises against unauthorized data access, accidental or malicious sharing to unintended individuals, and data theft.



  • Software development has accelerated dramatically. We have gone from once a year releases, to one every day. However, the application security has not kept pace. Application security professionals and developers increasingly find themselves unable to keep up with security requirements — and many are forced to piece together stopgap tools. So, ArmorCode delivers application security at the speed of DevOps. With its centralized platform, enterprises can radically simplify and accelerate application security while cutting costs by up to 50%. ArmorCode Platform is SOC2 Type II certified and is already used by several marquee customers. Visit www.armorcode.com for more details.



  • BLST understands its client’s API posture in the context that matters – Business goals, user journey, and IT KPIs. It can provide discovery in less than an hour (touchless), including a clear map of your API sprawl. It can detect attack vectors and sort them according to business impact. BLST’s advanced platform provides broad visibility, API posture management, ongoing monitoring, and notifications. It quickly integrates with your existing dev tools, gives you what you need to keep your APIs healthy, and spares you unnecessary noise. It’s a to-the-point, tailored, and effective API security solution.



  • We empower our clients to defeat tomorrow’s cybersecurity threats – today. Berezha Security Group is a cybersecurity consulting firm focused on application security, penetration testing, cybersecurity consulting, and professional training. Since its founding in 2014, BSG has delivered over 200 projects for more than 100 clients worldwide. We have helped clients across all major verticals to fuse security principles into all aspects of their business. We know that our clients will never demand the same amount of security as we wish they had. But we can try! Find us at www.bsg.tech



  • We build enterprise-grade, cloud-ready security solutions. More than 200,000 global customers trust Barracuda to safeguard their employees, data, and applications from a wide range of threats. Barracuda provides easy, comprehensive and affordable solutions for email protection, application and cloud security, network security and data protection. We are continually innovating to deliver tomorrow’s security technology, today.



  • Binaré is a visionary deep-tech spinoff from the University of Jyväskylä, boasting more than a decade of cybersecurity research vision and experience. Binaré’s patent-pending and unique IoT/IIoT firmware analysis platform provides one-click cybersecurity reporting/pre-certification (and support during conformity certification) as well as SBoM generation and software component’s continuous monitoring for new vulnerabilities, without requiring any access to the source code. Binaré is backed by UniFund investment and Jyväskylän Yritystehdas incubator. Binaré is co-founded by Dr. Andrei Costin who leads visionary IoT/embedded security peer-reviewed research and presented at more than 45 top international cybersecurity events (e.g., BlackHat, CCC, UsenixSecurity, ENISA Forums.



  • Bugcrowd is the world’s number one crowdsourced security company. Our award-winning platform combines actionable, contextual intelligence with the skill and experience of the world’s most trusted, skilled hackers to help leading organizations solve security challenges, protect customers, and make the digitally-connected world a safer place.



  • CA Technologies helps customers succeed in a future where every business—from apparel to energy—is being rewritten by software. From planning to development to management to security, at CA we create software that fuels transformation for companies in the application economy.



  • Organizations that have fully embraced an API-first methodology or are just getting started, trust Cequence Security to protect their APIs and scale their business with the only solution that addresses all phases of the API protection lifecycle. The Cequence Unified API Protection (UAP) solution provides runtime API visibility, security risk monitoring, and patented behavioral fingerprinting technology to consistently detect and protect against ever evolving online attacks.



  • Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading provider of cyber security solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware and other types of attacks. Check Point offers multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention, which defends enterprises’ cloud, network and mobile device held information. Check Point provides the most comprehensive and intuitive one point of control security management system. Check Point protects over 100,000 organizations of all sizes.



  • Cobalt’s Pentest as a Service (PtaaS) platform is modernizing traditional pentesting. By combining a SaaS platform with an exclusive community of testers, we deliver the real-time insights you need to remediate risk quickly and innovate securely.



  • Code Dx is committed to reducing barriers to effective application security. Our automated application vulnerability correlation and management tools help find and fix insecure code faster, with less effort and a smaller team. Focus your precious resources on developing valuable new features, and ship secure code faster and more often.



  • Contrast Security is the only company that enables applications to automatically detect and fix vulnerabilities, identify attacks, and defend themselves. Contrast employs security instrumentation to strengthen applications before they deploy, protect them in production and provide visibility throughout the application lifecycle.



  • Cryptosoft offers a hosted OWASP Dependency-Track service with the flexibility to run the capability behind your firewall if required. We also include SBOM creation assets and toolchain integrations to help accelerate your productivity. Our service lets you spend less time on infrastructure management and more time on your DevSecOps and security strategy. It’s a cost-effective, proven SBOM analysis capability, used by over 10,000 companies, that allows you to quickly augment your existing security strategy to cover SBOM risks and provide everything you need to address the US Government’s Executive Order 14028.



  • CSW is a US Department of Homeland Security sponsored CVE Numbering Authority and a leader in Attack Surface Management. Our risk management, security management, exposure management, and compliance services have helped companies, government agencies across diverse industries around the globe to secure their business from ever-evolving threats. Our innovation in vulnerability and exploit research led us to discover 45+ zero days in popular products such as Oracle, D-Link, WSO2, Thembay, Zoho, etc., among others.



  • Cyberment is a company specialized in IT security consulting and training. We constantly study the evolution of cyber threats from our corporate offices: Milan, Mantua, London. We are strategic consultants that deal with defending business and people from cyber threats. We help companies to prevent cyber-attacks finding security bugs through Vulnerability Assessment and Penetration Test services. Our reports are concrete solutions and explain the customers where are risks and how to solve them. Cyberment is an international company involving people, technologies and values: the core activity of the team is strictly related to the freedom, security and well-being of people.



  • At Cybozu, our mission is to build a society brimming with teamwork. Since 1997, we've been providing groupware solutions to thousands of teams around the world, driven by a vision of a happier and more connected society. Our flagship product, Kintone, is a customizable digital workplace platform that allows you to manage your data, tasks, and communication in one central place, no coding required.



  • Cycode is a complete software supply chain security solution that provides visibility, security, and integrity across all phases of the SDLC. Cycode integrates with DevOps tools and infrastructure providers, hardens their security postures by implementing consistent governance, and reduces the risk of breaches with a series of scanning engines that look for issues like hardcoded secrets, infrastructure as code misconfigurations, code leaks and more. Cycode’s knowledge graph tracks code integrity, user activity, and events across the SDLC to prioritize risk, find anomalies, and prevent code tampering.



  • The biggest threat to corporate cybersecurity is your own developers' blind spots. Programmers tend to focus mainly on functionality and UX, causing the emphasis on secure development to be lost or become an afterthought. We believe that each line of code should be crafted with security in mind, naturally enhancing application resilience. Cydrill's award-winning training program and e-learning environment equip your developers with the secure code best practices to ensure they beat hackers at their own game. Cydrill’s blended learning journey combining instructor-led training, e-learning, hands-on labs, and gamification offers up-skilling from start-ups to Fortune 500 companies worldwide. Code responsibly!



  • cyllective AG is an independent consulting and engineering firm in the IT security sector. With a strong background in offensive security, technical security audits are a cornerstone of the company’s services. While the main practices lie in offensive security-testing, cyllective is a holistic security company - offering many high-quality security services to customers world wide. cyllective is a privately held 'security boutique' - with moderate size, exquisite quality, and supreme customer satisfaction as our primary goals.



  • dmarcian is a self-funded B-corp, dedicated to upgrading the entire world’s email by making DMARC accessible to all. Our platform facilitates users in deploying DMARC, visualizing email delivery data and managing domains in the long-term. We help domain owners large and small fight business email compromise, phishing and spoofing with superior tooling, educational resources, and knowledgeable support.



  • DataDome is the #1 SaaS bot protection solution at the edge: strong performer in The Forrester New Wave™: Bot Management, and several times leader of the Bot Detection and Mitigation software section on G2.COM.DataDome offers real-time AI protection against all OWASP automated threats: credential stuffing, application DDoS, scalping, carding, vulnerability scanning, scraping... Deployed in minutes, on any infrastructure, it is compatible with multi-cloud and multi-CDN setups. DataDome runs on autopilot - its users remain in full control thanks to the industry’s most comprehensive dashboard. DataDome protects 10,000+ domains worldwide, including TripAdvisor, Rakuten, Kurt Geiger, FootLocker, Kogan, BlaBlaCar and Adevinta.



  • DeepSource is a fast and reliable static analysis platform that helps developers and engineering teams systematically improve code quality and security and save time in code reviews. DeepSource continuously analyzes source code changes and identifies bugs categorized as security, performance, anti-patterns, and potential bug-risks, and even formats code to follow style guidelines. DeepSource integrates with your existing code review workflow in GitHub, GitLab, and Bitbucket and runs analysis on every commit and pull request, automatically.



  • Deepfactor is a developer security platform that enables engineering teams to quickly discover and resolve security vulnerabilities, supply chain risks, and compliance violations early in development and testing. The platform requires zero code changes, agents, or privileged kernel code and is purpose-built to observe every thread and process of cloud native applications. This enables developers to seamlessly observe running workloads to identify, prioritize, and remediate insecure code and vulnerabilities. Deepfactor integrates into developers’ existing toolchains to deliver application-aware security insights with detailed information about application behavior, system calls, and stack traces that help pinpoint vulnerable code.



  • DefectDojo is the company and the product that powers DevSecOps. Our open platform transforms security information management, connecting security strategy and informed execution for intelligent risk management. Security and DevSecOps teams can aggregate, automate, and integrate data from more than 160 security tools for a unified view of security posture and compliance, streamlined workflows, and improved decision-making. DefectDojo was created by security pros for security pros. To learn more, visit defectdojo.com.



  • Denim Group is the leading independent application security firm, serving as a trusted advisor to customers on matters of application risk and security. The company helps organizations assess and mitigate application security risks.  Denim Group’s flagship ThreadFix platform accelerates the process of application vulnerability remediation, reflecting the company’s rich understanding of what it takes to fix application vulnerabilities faster.



  • Detectify is a domain monitoring and web application security startup. We automate hacker attacks to help businesses stay on top of emerging threats and secure applications. Today, we collaborate with over 150 handpicked white-hat hackers to continually improve our modern test bed of 1500+ security tests from the cutting edge of security. Go Hack Yourself!and enthusiasts around the globe. Topics that are taught at the Academy include; container security, secrets management, SAST, DAST, cloud security and much more!



  • We can help you reimagine your business through a digital lens. Our software engineering heritage, combined with our strategic business and innovation consulting, design thinking, and physical-digital capabilities, provide real business value to our customers through human-centric innovation.



  • Attacks on mobile applications are on the rise. These include security, but how can we be sure that they are well protected against the attacks they may suffer? It is to meet this need that we have developed esChecker, a scalable Saas tool that automates static and dynamic security tests. Our tool is easy to use and can be integrated directly into development processes. Our tool meets the OWASP standard. Our customers save precious time in their development phases, can deploy their applications on stores more quickly and have a return on investment from the first months of use.



  • Edgescan provides continuous or on-demand security assessments and Penetration testing as a Service (PTaaS) in a production safe manner so you can be assured your business is getting the coverage as required. Edgescan security analysts are experts in vulnerability management and penetration testing. They manually verify all discovered security vulnerabilities, so our clients benefit from accurate (false positive free) vulnerability intelligence.



  • Enso is a management tool for AppSec teams which eliminates their AppSec chaos with application discovery, classification and management. The platform easily deploys into organization environments to create an actionable, unified inventory of all application assets, their owners, security posture and associated risk. With Enso security, any AppSec team can build a simplified, agile and scalable application security program. Security teams can then gain complete visibility and coordinate the tools, people and processes involved in application development without interfering with development.



  • The Faraday© platform lets you level up your Vulnerability Management program. Providing powerful Automation Technology, Agents with Process Scheduler, integrating more than 75 tools, vulnerability deduplication and custom reports, Faraday is helping cybersecurity engineers do meaningful work with all your risk sources in one place. Your time is limited and valuable, don't waste it doing boring and repetitive tasks.



  • Feroot Security believes that customers should be able to do business securely with any company online, without risk or compromise. Feroot secures client-side web applications so businesses can deliver flawless digital user experiences to their customers. Leading brands trust Feroot to protect their client-side attack surface. Visit www.feroot.com.



  • Since 2001, Fluid Attacks has been developing cybersecurity products and providing solutions for clients from different industries. Our comprehensive continuous hacking solution offers the perfect combination of effective automation and human intelligence to find and close all vulnerabilities in our clients' systems. Find more information at www.fluidattacks.com



  • Fortress Information Security secures the supply chains for critical infrastructure and defense through software, data and services designed to defend against emerging threats. Fortress leverages both validated and data-driven assessments and continuous monitoring of vendors, products and deep analysis of software and hardware bill of materials (SBOM and HBOM) and provides risk management tools to manage these risks and link them to your most critical assets. Fortress utilizes OWASP Risk Rating Methodology, CycloneDX, Software Component Verification Standard (SCVS) and is a proud supporter of OWASP. Fortress is based in Orlando, FL and is proud to employ US military veterans.



  • GitGuardian is a global cybersecurity startup focusing on code security solutions for the DevOps generation. A leader in the market of secrets detection and remediation, its solutions are already used by hundred thousands developers in all industries. GitGuardian helps developers, cloud operation, security and compliance professionals secure software development, define and enforce policies consistently and globally across all their systems. GitGuardian solutions monitor public and private repositories in real-time, detect secrets, sensitive files, IaC misconfigurations and alert to allow investigation and quick remediation.



  • GuidePoint Security provides cybersecurity expertise, solutions, and services that help organizations make better decisions and minimize risk. We act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions.



  • HackEDU is the Secure Coding Training company. Our hands-on training, which revolves around a real, functional web app, can be accessed anytime, anywhere via a web browser. Our offensive + defensive lessons, science-based approach, and DevSecOps toolchain integrations help to keep developers motivated and engaged, and learn and retain secure coding principles effectively.



  • HackerOne empowers the world to build a safer internet. As the world’s most trusted hacker-powered security platform, HackerOne gives organizations access to the largest community of hackers on the planet. Armed with the most robust database of vulnerability trends and industry benchmarks, the hacker community mitigates cyber risk by searching, finding, and safely reporting real-world security weaknesses for organizations across all industries and attack surfaces. HackerOne was ranked fifth on the Fast Company World’s Most Innovative Companies list for 2020. Headquartered in San Francisco with a presence in London, New York, the Netherlands, France, Singapore, and 70+ other global locations.



  • Hdiv Security delivers continuous security that natively integrates into all stages of the software lifecycle (SDLC), automating application security. Hdiv’s Unified Application Security platform accurately finds security vulnerabilities and protects applications, microservices, and APIs from a broad range of attacks and exploits, including those that can be considered design flaws. Leveraging IAST, SCA and RASP technologies, Hdiv Security enables DevSecOps by incorporating application security automatically into DevOps pipelines.



  • Heyhack is an automated penetration testing service for web applications and APIs. Heyhack conducts penetration tests that match the depth and quality of expert human pentesters and can be set up to run at any schedule that suits your needs. When a vulnerability has been found, Heyhack helps you patch the issue by providing both comprehensive technical details as well as easy-to-follow remediation advice. Heyhack enables you to comply with criteria related to pentesting as required by SOC 2 and ISO 27001 and helps you generate the documentation you need for both auditors and customers.



  • Impart helps discover API endpoints, analyzes API traffic and specifications, and protects APIs from attacks automatically. It installs in minutes and is built for modern teams.



  • INCM is the Portuguese mint, providing security services since the XIII century. We are a diverse security services provider, with a strong basis of high security printing services, that include issuance of e-passports and national e-ID documents. INCM has expanded to also become a provider of secure digital solutions, including economic operator ID issuer, document issuance software, PKI, visual digital seals, remote signature software and digital identity.



  • Indusface is a SaaS company that secures critical Web applications of 2000+ global customers using its award-winning platform that integrates Web application scanner, Web application firewall, CDN, and threat information engine. The company has been mentioned in the Gartner Magic Quadrant and Forrester Tech Now reports, is CERT-In empanelled as a trusted scanning vendor, and has been the recipient of many awards such as the Economic Times Top 25, Nasscom DSCI Top Security Company of the Year Award and is funded by Tata Capital Growth Fund.



  • Infosec is a leading cybersecurity education company helping IT and security professionals advance their careers and empowering employees to be cyber-safe at work and home. Its mission is to equip individuals and organizations with the knowledge and skills to confidently outsmart cybercrime. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent and teams, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness and phishing training. Learn more at infosecinstitute.com.



  • INFRA (Intelligence Framework) develops Artificial Intelligence driven hacking technologies for military/government entities and corporations with fuzzing and machine learning, finding more, verifying more and automating more to limit human errors and maximizing reliability in Vulnerability Assessments, Penetration Tests and Intelligence, INFRA reduces the time for the security analysis automating most parts of tests that are normally done manually by the analysts. Specialized in web applications, servers and IoT, the platform can conduct also phishing campaigns and automated exploiting.



  • Intertrust provides trusted computing products and services to leading global corporations. Products include the world’s leading digital rights management (DRM), software tamper resistance, and technologies to enable private data exchanges for energy, entertainment, retail/marketing, automotive, fintech, and IoT.  Founded in 1990, headquartered in Silicon Valley with offices globally. Intertrust has a legacy of invention, and its fundamental contributions in the areas of computer security and digital trust are globally recognized. Intertrust holds hundreds of patents underpinning Internet security, trust, and privacy management components of operating systems, trusted mobile code and networked operating environments, web services, and cloud computing.



  • Intive automotive is specialised in the development of software-intensive systems and drives the digital transformation of the automotive industry within the intive group. The motto "Digital Excitement in Automotive" combines years of experience and extensive know-how in the future-oriented domains of autonomous driving, embedded engineering, cloud, HMI, AI, and automotive security. Teams of experts in Germany, Poland, and Ukraine work directly at the interface between IT and the automotive industry. intive automotive is a sought-after development and technology partner of leading car manufacturers and suppliers such as Audi, BMW, VW, Brose and Continental. Learn more at [www.intive.com/automotive](www.intive.com/automotive)



  • Intruder is a cyber security company that helps organisations reduce their attack surface by providing continuous vulnerability scanning and penetration testing services. Intruder's powerful scanner is designed to promptly identify high-impact flaws, changes in the attack surface, and rapidly scan the infrastructure for emerging threats. Running thousands of checks, which include identifying misconfigurations, missing patches, and web layer issues, Intruder makes enterprise-grade vulnerability scanning easy and accessible to everyone. Intruder’s high-quality reports are perfect to pass onto prospective customers or comply with security regulations, such as ISO 27001 and SOC 2. You can try Intruder free for 30 days.



  • We are IriusRisk, the industry leader in automated threat modeling and secure software design, working with clients that include several of the top 10 Globally Systemically Important Banks (G-SIBs). Our platform automates the threat modeling process, enabling developers to design and build secure software. At scale.



  • Just Eat Takeaway.com is a leading global online food delivery marketplace, connecting consumers and restaurants through its platforms. With over 580,000 connected restaurants offering consumers a wide variety of food choice. Headquartered in Amsterdam, the company was created in January 2020 by bringing together two of the world’s most successful food delivery firms: Takeaway.com (founded in 2000 in The Netherlands) and Just Eat (founded in 2001 in Denmark).



  • The penetration testing team at Knowit Cybersecurity & Law are specialized in performing security tests and penetration tests in the Nordics. We offer a large array of tests including web application penetration testing, network testing, IoT testing, mobile application testing and red teaming.



  • Kondukto is an AppSec orchestration platform that helps to centralize vulnerability management, automate manual work across scanning tools and streamline remediation with risk-based metrics and security guardrails. It comes with built-in integrations with 40+ commercial and open-source security tools which can be orchestrated by Kondukto in a single platform. While offering a vendor-agnostic DevOps integration with its open-source CLI, Kondukto also automates processes such as ticket creation on issue trackers, sending notifications or running security checks in CI/CD so that security becomes an integral part of the organization’s workflows with the least human intervention possible.



  • Kovert is a Norwegian Information Security consulting team specializing in offensive security testing. We aim to find the vulnerabilities before the bad guys do. We strongly believe in the value of openly sharing information and security knowledge. We have a dedicated focus on sharing research and getting involved with our local and worldwide information security community.



  • At Lyft, community is what we are and it’s what we do. It’s what makes us different. To create the best ride for all, we start in our own community by creating an open, inclusive, and diverse organization where all team members are recognized for what they bring.



  • As an enterprise-level eLearning system, Masterfully optimizes the hiring and training of specialized cybersecurity professionals. Our learning management system, Advisor Plus, is equipped for in-house course authoring, learning management, and data analytics to seamlessly create cybersecurity testing, training and onboarding programs specific to each company's unique tech stack. Masterfully offers web app security courses written by subject matter experts to start training immediately with Advisor Plus. With decades of eLearning experience, Masterfully understands the complexities of maintaining quality training while continually adapting to new skill sets. Together, we can build a more secure cyberspace.



  • The leading solution for agile open source security and license compliance management, Mend integrates with the DevOps pipeline to detect vulnerable open source libraries in real-time.  It provides remediation paths and policy automation to speed up time-to-fix. It also prioritizes vulnerability alerts based on usage analysis.  We support over 200 programming languages and offer the widest vulnerability database aggregating information from dozens of peer-reviewed, respected sources. 



  • We are passionate about technology and how it can help people become happier and more successful in their professional lives. Life teaches us a lot about people and that’s what inspires us to create high impact, hard and software solutions that have true value. That’s what we call, Technology for Life. It is our purpose and drives us in everything we do. To apply technology in a way that it has a tangible positive impact on people’s professional lives, requires a people-centred approach that respects people and our planet.



  • NetSPI is the leader in enterprise penetration testing and attack surface management, partnering with nine of the top 10 U.S. banks, three of the world’s five largest healthcare companies, the largest global cloud providers, and many of the Fortune® 500. It’s experts perform deep dive manual penetration testing of application, network, and cloud attack surfaces and specialize in adversary simulation, including red teaming and attack simulation. NetSPI delivers its services through its dynamic Penetration Testing as a Service (PTaaS) platform, Resolve™. The company is headquartered in Minneapolis, MN and is a portfolio company of private equity firms Sunstone Partners, KKR, and Ten Eleven Ventures.



  • NeuraLegion helps significantly improve application security at a lower cost by providing a 0-false positive, AI powered DAST solution, purpose built for modern development environments. We integrate into DevOps environments and enable you to run DAST scans as part of your CI/CD flows to identify a broad set of known (7,000+ payloads) and unknown (0-day) security vulnerabilities. We enable you to scan multiple protocols across Web, mobile & API and are built for developers to provide compliance on every build by providing remediation guidelines for every vulnerability identified.



  • Noname Security is the only company taking a complete, proactive approach to API Security. Noname works with 20% of the Fortune 500 and covers the entire API security scope across three pillars — Posture Management, Runtime Security, and Secure API SDLC. Noname Security is privately held, remote first with headquarters in Palo Alto, California, and an office in Tel Aviv and Amsterdam.



  • Only the NowSecure Platform delivers automated 360-degree coverage of mobile app security testing with the speed and depth modern enterprises require. The world’s most demanding organizations and advanced security teams trust NowSecure to identify the broadest array of security, privacy, and compliance gaps in custom, third-party, and business-critical mobile apps.



  • Oneconsult group is your renowned Swiss cyber security services partner since 2003 with offices in Switzerland and Germany. We are specialised in Red Teaming, Penetration Testing, Incident Response and Digital Forensics. Together we address your external and internal threats such as malware infections, hacker attacks and APT as well as digital fraud and data leakage with core services like penetration tests, ethical hacking, real-life APT tests and ISO 27001 security audits. In addition, we offer security trainings, security consulting and security officer services. Oneconsult is an ISECOM Partner (accredited trainer) and member of Swiss Cyber Experts, FIRST and OWASP.



  • Noise Cancellation for Application Security. Our cloud-native application security solution eliminates noise so your team can focus on building.



  • Packetlabs is a Toronto-based security consulting firm specialized in advanced penetration testing. We offer several services, including penetration testing, web & mobile application testing, objective-based penetration testing, threat modelling and breach response. Our unique approach to sourcing top talent enables us to discover hard-to-find vulnerabilities and ultimately avoid a costly data breach. We have helped clients across several industries, including SaaS, design agencies, retail, financial, government services and law enforcement. Our comprehensive approach to Application Security Testing leverages OWASP as a foundation for everything that we do. READY FOR MORE THAN A VA SCAN?®



  • Packetlabs is an IT consulting firm specializing in expert penetration testing. We offer a number of services to help strengthen your security posture including infrastructure penetration testing, web and mobile application testing, social engineering, red team exercises, source-code reviews and exploit development. Our clients are in a number of industries including government, finance, education, technology, media, retail, healthcare and energy. Our slogan, Penetration Testing beyond the checkbox illustrates our commitment to the industry to provide expert-level penetration testing. Our consultants think outside of the box, find weaknesses others overlook, and continuously learn new ways to evade controls in modern networks.



  • Pentest-Tools.com offers a full arsenal of penetration tools which enable security specialists to start a pentest in minutes. Constantly improving features include flexible reporting, automation, and collaboration options which security teams can use to build a library of pentests with their best (reusable) assets. From recon to post-exploitation, we support the entire penetration testing workflow – with accuracy, speed, and reliability as key principles. Built by pentesters for pentesters.



  • Perimeter 81 was launched in 2018 as the second company of cybersecurity experts Amit Bareket and Sagi Gidali, who met at Tel Aviv University in 2012 while studying computer science. Perimeter 81 provides secure access to local networks, applications and cloud infrastructures with one unified platform. By transforming the outdated, hardware-based security appliances into a cloud-based SaaS solution, we are simplifying network security for the modern and distributed workforce and helping organizations of all sizes and in many industries to secure their remote workers. Since its founding, Perimeter 81 has quickly gained traction in the Secure Access Service Edge (SASE) and Network as a Service market, and is transforming the way companies consume cyber and network security. Perimeter 81 has been named a Gartner Cool Vendor, holds a patent for Automatic Wi-Fi Security, and is considered by industry leaders to be winning the “SASE space race”.



  • Praetorian is a cybersecurity solutions company whose mission is to make the digital world safer and more secure. Through expertise and engineering, Praetorian helps today’s leading organizations solve complex cybersecurity problems across critical enterprise assets and product portfolios. From the Cloud to IoT, we are bringing together the world’s security expertise to solve the cybersecurity problem and secure the next wave of innovation.



  • Proack is a Canadian consulting firm with a focus on offensive security, threat and vulnerability management, and cybersecurity program advisory. Our services include application, mobile, and infrastructure penetration testing; secure SDLC advisory and training; cloud security; security maturity assessments; and roadmap development. Proack consultants have a broad range of experience working with clients, from advising executive leadership on enterprise-wide security maturity assessments, to designing security program roadmaps for CISOs, as well as working with developers and security analysts to remediate specific application vulnerabilities.



  • Probely is a Web & API vulnerability scanner for agile teams. It finds vulnerabilities or security issues in web applications & APIs and provides guidance on fixing them. It can be integrated into development processes (SDLC) and continuous integration pipelines (CI/CD) to automate and scale security testing. Probely empowers Security and Development teams working together towards releasing secure applications.



  • Prophaze is a Native Cloud Security Platform used by organizations, businesses, and SaaS providers along with their DevOps and security teams to protect their web-facing assets from all types of cyber threats using its behavioral based threat detection algorithms. Prophaze having its WAF + RASP capabilities, along with fingerprinting-based bot detection is an economical substitute for traditional or legacy-based WAFs in which costs of ownership, deployment, maintenance, monitoring, and tuning are high. Supports public cloud, private cloud, on-premise deployment. It is also a native WAF for Kubernetes that secures microservices across Kubernetes clusters from malicious or illegitimate traffic and requests.



  • Rakuten Security Team, aka the Cyber Security Department, is a team of multi-national professionals aim to protect Rakuten's users and maintain the peaceful order of the Internet society. With its cross continent branches, the Rakuten Security Team is not only responsible for the Cyber Security of Rakuten Inc, but also its group companies across Asia, Americas and Europe, which together serves 70+ services to almost 1.4 Billion users. Inside of the team includes Rakuten-CERT (https://www.nca.gr.jp/member/rakuten-cert.html), our emergency response team established from 2007, which has been a long time Cyber Security Guardian for Rakuten.



  • Rakuten Security Team, aka the Cyber Security Department, is a team of multi-national professionals that aims to protect Rakuten's users and maintain the peaceful order of the Internet society. With its cross-continent branches, the Rakuten Security Team is not only responsible for the Cyber Security of Rakuten Group, Inc. but also for its group companies across Asia, the Americas, and Europe, which together serve 70+ services to almost 1.4 Billion users. Inside the team includes Rakuten-CERT (https://www.nca.gr.jp/member/rakuten-cert.html), our emergency response team established in 2007, which has been a long time Cyber Security Guardian for Rakuten.



  • RapidFort is the first Software Attack Surface Optimization Platform. Modern cloud workloads include a large number of unused components. Current products that are in the market can only identify & list vulnerabilities. It is the responsibility of the dev team to address these vulnerabilities. Since there are typically 1000s of vulnerabilities in a typical s/w, it is impossible to address all of them. However, RapidFort's revolutionary product profiles the s/w during runtime, identifies packages/files that are unused and then automatically removes them. By removing all the vulnerabilities associated with those files, it makes s/w secure as well as increases productivity.



  • Red Hat is the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.



  • Detect and respond to API threats and risk in real-time with Resurface continuous API scanning. Purpose-built for API data, Resurface captures complete request and response payloads (including GraphQL) to instantly see threats and failures. Get alerts on data breaches for zero-day detection and response. Mapped to OWASP Top10, Resurface alerts on threats with complete data security patterns and behaviors. Resurface is the only API security solution engineered for deep inspection at scale. Handling millions of API calls, Resurface detects and alerts on active attacks. Machine learning models indicate anomalies and identify low-and-slow attack patterns.



  • Riscosity is the data flow security platform that empowers teams to have full visibility of data in transit and automate the redaction or redirection of sensitive events, simplifying how companies meet security and privacy requirements.



  • SCSK provides a full lineup of services to support any area of IT solution required for businesses from consulting to system integration, verification services, IT infrastructure implementation, IT management, IT hardware and software sales, and BPO(business process outsourcing).



  • Salt Security makes it safe to innovate by protecting the APIs at the core of every SaaS, web, mobile, microservices and IoT application. Our API Protection Platform is deployed in minutes, and requires no configuration or customization. We use patented behavioral protection to automatically and continuously discover and learn the granular behavior of each unique API to ensure protection. The company was founded in 2016 by alumni of the Israeli Defense Forces (IDF) and serial cybersecurity executives. In 2019 Salt Security was selected as a finalist for the RSA Innovation Sandbox and as the winner of the OWASP Innovation Fair.



  • Using our own proven approach and platform, we train product owners, software development teams, operations, decision makers, in how to do deliver securely at scale and in controlled and regulated environments. With our background in data-driven, high-value service delivery we wrap our offering in product and process security assessments to enable our clients to see real improvements and demonstrate clear ROI. Our expertise is unmatched and our commitment to securing the delivery of the IT systems critical to our clients’ businesses, and to all the people involved in that delivery, makes us unique in the field of application security.



  • Secure Ideas has delivered penetration testing, training, and security consulting services to clients in every industry since 2010. We are known in the information security community for our expertise in testing applications, including web, mobile, and APIs. Secure Ideas operates on a foundation of ethics marked by our popular tagline "Professionally Evil". We also strongly believe in the value of openly sharing information and security knowledge, which is why we champion affordable training and offer many of our short-form classes for free.



  • SecureBrain a Hitachi Group Company is a leader in providing software and services to help protect enterprises and their customers against cybercrime including online fraud and malware attacks. To ensure that our customers are always protected from the latest trend of cybercrime, SecureBrain has its own advanced security research center. Team of security researchers works closely with many Japanese government research agencies to research and develop solutions against the latest cyber threats.



  • At SecureFlag, we teach secure coding through hands-on exercises that run in real, fully configured development environments created on-demand and available via the web browser.Developers and DevOps engineers learn defensive programming via a gamified, adaptive training platform that includes learning paths, tournaments, assessments, and powerful metrics. Our platform is 100% hands-on, replaces ineffective secure coding quizzes, and uses an engine able to live-test code changes, instantly displaying whether the code has been fixed and awarding points upon exercise completion. SecureFlag is a proud OWASP Partner, providing training for all OWASP members alongside its Enterprise edition for corporate clients.



  • Security Innovation is a pioneer in software security and trusted advisor to its clients. Since 2002, organizations have relied on our assessment and training solutions to make the use of software systems safer in the most challenging environments – whether in Web applications, IoT devices, or the cloud. The company’s flagship product, CMD+CTRL Cyber Range, is the industry’s only simulated Web site environment designed to build the skills teams need to protect the enterprise where it is most vulnerable – at the application layer. Security Innovation is privately held and headquartered in Wilmington, MA USA.



  • Security Journey is the leader in application security education using security belt programs. We guide our clients many in tech, healthcare, and finance to building long-term, sustainable application security culture. We incorporate everything you need to deploy and manage an education program. Our cloud-based platform delivers application security lessons from an ever-growing library of content, provides hands-on, immersive experiments, measures student and organizational growth, rewards student achievements, and transforms an enterprise’s security culture. We promote security awareness organization-wide with learning that is engaging, motivating, and fun. In short, we provide security education developers, testers, and managers love.



  • HackEDU’s spring 2022 acquisition of Security Journey brings together two powerful platforms to provide application security education for developers and the entire SDLC team. The two officially became one in August 2022 and are now Security Journey. Two platforms, one path to build a security-first development culture.



  • SecurityFirst by SEFISA is a security consulting firm specialized in blue and red team services. With our talented and passionate team of experts we have been serving customers in all major verticals since 1996. We help our customers to develop the security in-depth approach and to focus on people rather than tools.



  • secuvera is a highly specialized IT security consultancy in Germany. We are accredited and certified by the German Federal Office for Information Security. If you are looking for high qualified penetration test, secuvera is definitely a preferred choice. We offer services in ISO 27001, BSI-Grundschutz, as well as Product Certification services for Common Criteria and Industry 4.0 Security with IEC 62443. secuvera is strictly vendor neutral, supports OWASP projects since more than a decade and encourages employees to volunteer.



  • ShiftLeft builds security software with a developers-first approach. Through industry-leading speed and accuracy, ShiftLeft maximizes developer productivity and efficiency by providing near-instantaneous security feedback on software code during every pull request. ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA), and contextual security training through ShiftLeft Educate. The platform is purpose-built to insert security directly into the modern software development lifecycle so developers receive the right vulnerability information at the right time. To learn how ShiftLeft keeps AppSec in sync with the rapid pace of DevOps, see https://www.shiftleft.io.



  • Signal Sciences secures the most important web applications, APIs, and microservices of the world's leading companies. Our next-gen WAF and RASP help you increase security and maintain site reliability without sacrificing velocity, all at the lowest total cost of ownership. Learn how our patented approach can help you.



  • Software Improvement Group (SIG) gives technology leaders the visibility they need to address current software problems and prevent future ones from ever happening. Drawing on proprietary methods and decades of expertise, SIG helps organizations fundamentally improve the security and performance of the enterprise applications that support every aspect of their businesses.



  • SonarSource builds world-class products for Code Quality and Security. Our open-source and commercial code analyzers - SonarLint, SonarCloud, SonarQube - support 27 programming languages, empowering dev teams of all sizes to solve coding issues within their existing workflows. With over 6,000 customers, and a Community Edition trusted by more than 200,000 organizations globally, SonarSource products are a de-facto standard for teams and organizations to deliver better, safer software.



  • Architects and Developers of a world-leading, top-tier Optical Practice Management System. Formed in 1989, SDS is a strategic software supplier to many 'Top 10'​ Optical Retailers in North America. We have a comprehensive and fully flexible solution which allows our clients to operate successfully in their unique environments. SDS also offers custom development to handle any client-specific requirements.



  • Sqreen is the application security platform for the modern enterprise. More than 800 organizations trust Sqreen to protect, observe and test their applications, APIs and microservices. As opposed to static pattern-based approaches, Sqreen analyses application execution logic in real time to deliver more robust security without compromising performance. This empowers security owners to easily extend protection and visibility across their entire application portfolio without requiring on-going maintenance and tuning.



  • StackHawk is dynamic application vulnerability scanning built for modern development teams. With simple configuration, easy invocation via docker command, and interpretable results, StackHawk is built for developers to take control of their AppSec.



  • Synopsys builds trust in software by enabling organizations to manage application security, quality, and compliance risks at the speed their business demands. Our market-leading solutions help developers to secure code as fast as they write it; development and DevSecOps teams to automate testing within development pipelines without compromising velocity; and security teams to proactively manage risk and focus remediation efforts on what matters most. With Synopsys, organizations can transform the way they build and deliver software, aligning people, processes, and technology to intelligently address software risks across their portfolio and at all stages of the application lifecycle.



  • Tala protects modern websites and web applications across the full spectrum of client-side vulnerability. No other solution offers similar breadth of security coverage. Tala’s analysis engine evaluates over 50 unique indicators of a web page’s behavior to continuously monitor and detect anomalous activity within the server, the website supply chain, or malicious code executing at the user’s browser. This dynamic AI-driven analytics engine works in conjunction an automation engine that activates standards-based capabilities, like CSP, SRI and HSTS to protect against a wide range of app layer attacks like magecart, cross-site scripting, clickjacking, iframe injection, session-redirects, client-side malware, etc.



  • Tech Coordinator partners with Zeguro to offer Cyber Insurance Solutions. Our Vision - To empower every organization to withstand the digital unknown. Our Mission - To deliver a holistic cyber risk management platform to protect organizations from business loss due to cyber attacks.



  • Teleport allows engineers and security professionals to unify access for SSH servers, Kubernetes clusters, web applications, and databases across all environments.



  • We are a software consultancy and community of passionate purpose-led individuals, 7,000+ people strong across 43 offices in 14 countries. Over our 25+ year history, we have helped our clients solve complex business problems where technology is the differentiator. When the only constant is change, we prepare you for the unpredictable.



  • ThreatSpike's mission is to make great security available to every company, regardless of their size or budget. This is achieved through innovative technology solutions wrapped in easy to consume, fixed price managed services. ThreatSpike provides two core services - ThreatSpike Blue, a managed detection and response SOC service running on an in-house developed technology platform; and ThreatSpike Red, the first managed service for penetration testing which provides affordable, all year round testing by experts.



  • Modern applications are extremely hard to secure and protect. Micro-services, APIs, and cloud services are complex and continuously changing. Traceable AI enables security to manage their application and API risks given the continuous pace of change and modern threats to applications. Traceable AI applies the power of machine learning and distributed tracing to understand the application context, how it is changing, and where there are anomalies in order to detect and block threats, prevent data breaches and fraud, prevent disruption of business continuity, and protect sensitive data and privacy. Learn more at: https://www.traceable.ai



  • Trend Micro is a global cloud security leader that specializes in meeting the needs of businesses building on the cloud. Trend Cloud One security platform is designed to protect your digital transformation and cloud-native applications.



  • As specialists in cybersecurity, IT infrastructure, and secure development, we have been delivering cutting-edge solutions to both the private and public sectors since 2005. Our global team of more than 220 purpose-driven cybersecurity specialists is fueled by expertise and a genuine willingness to make a difference. We all believe in sharing our knowledge and working together in order to continue to create the best possible value for you as a partner – and for the greater good.



  • UBsecure is a leading web application security company based in Japan since 2007. We offer various security solutions for web application and smartphone application by utilizing in-house developed application security testing tool, Vex. Vex built by a tremendous amount of experience in professional security scanning and by its continuous feedback. The unique characteristic of the tool is that it used as a stand-alone security testing tool as well as the seamless security testing component within the SDLC. Therefore, Vex is not only for professional security auditors but also for software developers who need secure development cycles.



  • Ubiq is an API-based application-layer data encryption as code (SaaS) platform that enables development, security, and data protection teams to mitigate the risk of sensitive data theft and eliminate the gap left wide open by most at-rest encryption solutions, by enabling them to encrypt data directly inside of the application in a few lines of code and 2 API calls. Ubiq empowers teams to reduce the risk of data theft, free up precious resources, and build compliant and secure-by-design applications.



  • Veracode gives companies a comprehensive view of security defects so they can create secure software, and ensure the software they are buying or downloading is free of vulnerabilities. As a result, companies using Veracode are free to boldly innovate, explore, discover, and change the world.



  • Verimatrix helps power the modern connected world with security made for people. We protect digital content, applications, and devices with intuitive, people-centered and frictionless security. Leading brands turn to Verimatrix to secure everything from premium movies and live streaming sports, to sensitive financial and healthcare data, to mission-critical mobile applications. We enable the trusted connections our customers depend on to deliver compelling content and experiences to millions of consumers around the world. Verimatrix helps partners get to market faster, scale easily, protect valuable revenue streams and win new business.



  • Virsec delivers a radically new approach to security, protecting enterprise applications from today’s most dangerous cyber threats. Virsec definitively stops fileless and in-memory exploits that bypass conventional security, delivering unprecedented accuracy, while eliminating false positives. The solution protects the entire application stack in runtime, including web apps, memory, files, processes, and binary code. By preemptively stopping attacks, Virsec delivers effective virtual patching and compensating controls for any application, whether new, legacy, or un-patchable.



  • Wallarm delivers automated cloud-native application and API security throughout application development and deployment lifecycle. Wallarm AI-powered Application Security Platform includes FAST for CI/CD-integrated security test automation during development and Advanced WAF attack blocking and vulnerability protection after deployment. Wallarm platform aligns security and development into a unified pipeline.



  • The Waratek ARMR Platform provides unique protection in the applications runtime environment. This unique security layer provides fast and accurate security in the compilation pipeline, providing protection that becomes part of your application – but never requires changes to source code.



  • ZeroNorth is the first company to deliver risk-based vulnerability orchestration across applications and infrastructure. By orchestrating scanning tools across the entire software lifecycle, ZeroNorth provides a comprehensive and continuous view of risk, and reduces costs associated with managing disparate technologies. ZeroNorth empowers customers across all industries to rapidly scale application and infrastructure security, while integrating seamlessly into developer environments to simplify and verify remediation.



  • Amidst evolving hacking techniques, eShard stands at the forefront of cutting-edge security testing solutions. With expertise in Chip, System, and Mobile App Security, our comprehensive offerings include full testing services (pentest, training, diagnosis), software tools, and expert consultations, aimed at vulnerability assessments and framework evaluations. We're renowned for pioneering automated MAST/DASP with our tool esChecker, reshaping Mobile App Security by seamlessly integrating dynamic and static tests, UX recording and video replay, aligning with the highest OWASP MASVS security standards.



  • Two IT security experts from the province of Salzburg. We work with companies of all sizes that want to protect themselves sustainably against cyber threats. Our tools are not based solely on technlology but more on the right mindset. With the right mindset, you get awareness. With good awareness you reduce risk, and that is exactly what we strive for along with our customers.



  • oak9 natively secures cloud infrastructure for developers. oak9’s Security as Code platform automatically finds, analyzes, and remediates security and compliance gaps in real-time, detecting changes in Infrastructure as Code (IaC) and deployed cloud workloads. Headquartered in Chicago, oak9 is a Built In 2022 Start-up to Watch backed by key investors Menlo Ventures, HPA, Cisco Investments and Morgan Stanley. oak9 is a partner to AWS, Azure, HITRUST, and HashiCorp, natively supporting Terraform. Say hello on LinkedIn, Twitter, Youtube, and TikTok, or visit us at oak9.io.


Partnership Sponsors


  • Black Hat is the most technical and relevant information security event series in the world. For more than 20 years, Black Hat Briefings have provided attendees with the very latest in information security research, development, and trends in a strictly vendor-neutral environment. These high-profile global events and Trainings are driven by the needs of the security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors.



  • DevOps India Summit is the largest DevOps and SRE Global Summit from India. While it started as a physical event in Bangalore, the pandemic has made it to shift to Virtual mode. 2022 is the 5 th Year of the event. The theme for



  • RankSense is a startup on a mission to shorten SEO results from 6 months down to 6 weeks using artificial intelligence and automation. Our software operates similar to a Web Application Firewall in the Cloudflare CDN, but instead of patching incoming HTTP traffic to avoid security exploits, we patch outgoing HTTP traffic to fix issues in the HTML that can prevent effective search engine indexing.