Meet Bright

Bright is a Dynamic Application Security Testing (DAST) platform built for software developers. It finds vulnerabilities in running web applications and APIs.

What is DAST?

DAST means Dynamic Application Security Testing (DAST): it’s a process of analyzing a web application or API to find weaknesses through simulated attacks. DAST tools – sometimes referred to as “vulnerability scanners” or “web app scanners” – attempt to attack an application from the “outside in” as a malicious attacker would. Once a DAST scan is complete, it reports any vulnerabilities it found so they can be addressed. DAST is a critical piece in developing, running, and maintaining secure applications and APIs.

Unlike traditional DAST tools, Bright was built for developers

Bright’s DAST tool was built to be “developer-first” (aka dev-first). It was designed to empower developers to create more secure applications and APIs starting in the development phase and through all stages leading to and including production. Traditional DAST tools are made for application security (AppSec) experts, who typically test the app after the development cycle is complete and is in production.

Why do you need a dev-first DAST tool?​

With software developers testing their own applications, and fixing vulnerabilities before the security team sees it for the first time, you won’t only be saving time and money, but preventing security incidents before they happen.

What makes Bright a dev-first DAST platform?

Setup takes minutes​

Setup takes minutes and there’s no need for security expertise – we take care of all that

Remediation instructions that make sense​

If a scan detects an issue, get easy-to-follow remediation guidelines with the information developers need to fix it

Seamless integration with the developer toolchain​

Bright works with existing CI/CD pipelines – trigger scans on every commit, pull request or build with unit testing. It can also automatically add tickets to Jira, GitHub, Azure Boards, GiLab and other systems.

No false positives​

Our special technology automatically verifies that any vulnerability it detects is actually exploitable, so that devs don’t waste time chasing ghosts

Control everything with code​

Although Bright has a great GUI, developers love using our CLI that lets them control everything

Scans take minutes instead of hours or days​

Bright’s unique approach allows you to scan only the relevant parts of an app, so that you don’t have to slow down the build process – including for unit testing!

Bright: Build Secure Apps & APIs. Fast

I’m already using an SCA/SAST tool, why do I need Bright DAST?

DAST is sometimes confused with other AppSec tools, such as SCA and SAST. So let’s define them:

Software Composition Analysis (SCA)

Tools look at third-party dependencies (framework, libraries, packages, etc.) in your application, checking them against known vulnerabilities. SCA tools run against your code base. There is no need for a server to run your app. This test is very fast and will report accurately if your application does or does not have a vulnerable dependency. That said, most SCA tools cannot tell you if your application is actually vulnerable or not.

Static Application Security Testing (SAST)

Runs against the custom application code that your team wrote, not your dependencies or any other third-party code. It works by parsing your code, similar to a compiler, but with the goal of finding potential vulnerabilities. It then lists every possible vulnerability, and the user needs to dig through the results to figure out which results are something that needs to be fixed and which can be safely ignored. SAST tools often provide false positives, and are best used in the hands of a security expert, combined with manual code review efforts.

Dynamic Application Testing (DAST)

We explained above, tests against your running application, taking into account how it works and how it is used, giving you much wider security coverage.

Bright: Build Secure Apps & APIs. Fast