Table 1. Comparative table.
Our combination of technology and human expertise ensures that we achieve minimal rates of false positives (lies).
They report about 35% false positives.*
Accuracy (only tool)
Our SAST tool achieved the best possible result against the OWASP Benchmark read the post here: A TPR (True Positive Rate) of 100% and an FPR (False Positive Rate) of 0%.
Some of them boast about a TPR of 100%, but their FPR numbers may not be outstanding. Others hardly come close to the expected results.
Thanks to our combination of technology and human expertise, we have minimal rates of false negatives (omissions).
They may reach a rate of 80% false negatives.*
All in one
We provide comprehensive testing through a single solution, including the following techniques:
Their standard solutions do not include all techniques. It is common that some have to be acquired separately.
We validate the following standards:
They validate only some of the standards mentioned.
Fast & automatic
Our scans take minutes for deterministic vulnerabilities and hours or days for the most critical vulnerabilities.
Generally, their scans take minutes or hours.
Our standard service includes consulting and clarification by hackers through our platform for users to understand vulnerabilities.
Usually, companies provide support to the users of the tools as an additional and expensive service.
Break the build
We break the build without false positives.
They break the build with false positives.
Hybrid (automated tools + hands-on expert review).
By combining vulnerabilities A and B, we discover a new, higher impact vulnerability C, which may compromise more records.
They do not achieve that correlation.
We can operate in safe mode, avoiding being detected by the
They can operate in safe mode but in a limited way, only for some checks.
Type of evidence
Some of our most relevant evidence is (1) portions of code, (2) images of the attack with explanatory annotations, (3) animated
Some of their most relevant evidence is portions of code and executive reports.
We can do exploitation as long as we have (1) an available environment and (2) the appropriate authorization.
There is no exploitation because they are not capable of doing
Through our platform, the entire security testing process is centrally managed, the vulnerability remediation process is controlled, permanent support is provided to the development teams, and executive indicators for organizational management are delivered in a simple way and in real time.
In some companies, the tools are fragmented and do not have a single centralized management process.
They fail to find these vulnerabilities.
Our cost is variable and proportional to the number of developers building and modifying the code.
They tend to have a fixed cost, which is independent of the development team's size.
* Data from a 3-year experiment run by Fluid Attacks on 6 commercial tools and 6 open source tools.
Do you want more information about our services? Do not hesitate to contact us.