Automated Penetration and Vulnerability Management (1)

of one

Automated Penetration and Vulnerability Management (1)

Key Takeaways

  • StackHawk's tools alert developers about new code and security vulnerabilities in any app language or microservice and offer troubleshooting guides for the identified bug.
  • Cobalt's PTaaS platform offers vulnerability management, pentesting, and access to a community of software testers to identify bugs, errors, and security risks.
  • Snyk's cloud-based platform provides application vulnerability assessment and detection, reports, alerts, prioritization, and more.


We've provided the details of six additional Automated Penetration and Vulnerability Management companies, StackHawk, Cynergy, Snyk, Cobalt, Shiftleft, and FOSSA, in the attached spreadsheet. Additionally, find a summary of our findings and research strategy below.


  • StackHawk's tools allow companies to find vulnerabilities in their applications before sending them to production by running automated security tests through their CI/CD and API DAST tool.
  • provides vulnerability tests for new codes, developments, and app deployments for large companies and enterprises.
  • Shiftleft offers security tests for developers to analyze the code and flow of data. It provides integration with tools like Azure, GitLab, Puppet, Basecamp, Splunk, Asana, Trello, Travis, ZeroNorth, etc.
  • FOSSA allows companies to accelerate their open source adoption by testing their quality, security, and compliance automatically through license compliance scans and security management, which allows them to find and prevent vulnerabilities.
  • Snyk's cloud-based platform provides application vulnerability assessment and detection. It allows developers to fix vulnerabilities, monitor codes, and discover new vulnerabilities in codes and databases. It also offers reports, alerts, prioritization, and more.
  • Cobalt connects developers and companies with a community of 700+ software testers to check for bugs through a vulnerability reward program.

Research Strategy

For this research on Automated Penetration Testing and Vulnerability Management companies, we levered the most reputable sources of information available in the public domain, including the companies' websites, AppSec Map, company databases like Crunchbase, and company review sites like G2, TracXN, GetApp, IT Central Station, etc.

We replaced the six companies from our previous analysis with companies that matched the requirements indicated in the Discovery report. As indicated, we didn't include the companies Cycognito, CyberInt, Picus Security, Scythe, Cyrebro, Cyberbit, Rapid7, and FireEye or similar companies.

Instead, we started looking for companies similar to Acunetix, Cye, Pentera, Vulcan, and Apiiro, in the Penetration Tester (PT), Dynamic Application Security Testing (DAST), and External Attack Surface Management (EASM) categories of the AppSec Map. We focused initially on startups with two years of maturity, located in the US or Israel, with similar offerings to the example companies.

After analyzing all the companies that matched the requirements in the specified categories, we noticed that only two of them had two years of maturity and matched all the criteria, StackHawk and Cynergy. So we searched for companies similar to Acunetix and its competitors in other sources, like TracXN and G2, but weren't able to find more startups with two years of maturity that weren't already mentioned in the spreadsheet.

Following the characteristics of the companies marked in red, we then moved to startups older than two years, like Cye. We found ShiftLeft, Cobalt, FOSSA, and Snyk, which complied with all the requirements but were founded between 2013 and 2016. We included these companies in the spreadsheet.

To determine its pros and cons, we used the information provided on its website and reviews from developers and experts using the products.

Finally, during our research, we found six additional Automated Penetration Testing and Vulnerability Management companies that were located in the US and Israel. These weren't included because they had over ten years of maturity, and we tried to stay as close to the two-year margin as possible. However, we considered that these were worth mentioning. The companies are HackerOne, Netsparker, Veracode, Checkmarx, Immunity, and WhiteHat.

Dive deeper

Only the project owner can select the next research question.
Need related research? Let's launch your next project!