Secure Code. PHOTO: Cybercrime Magazine.

10 Hot Application Security Companies To Watch In 2021

Ethical hacking leads the way in this burgeoning sector

Steve Morgan, Editor-in-Chief

Sausalito, Calif. – Jan. 31, 2021

“If you’re spending one dollar on cybersecurity and you’re not doing penetration testing, then you’re doing something terribly wrong,” says Seemant Sehgal, founder and CEO at BreachLock.

Why? “Because you don’t know if the defenses you’ve put in place are actually working,” adds Sehgal, an expert pen tester with more than 16 years of network security experience.

Penetration testing, also known as pentesting or ethical hacking, is the authorized simulation of cyberattacks on IoT devices, networks, software programs, users, and web applications, in order to evaluate the security of a system.

No matter how secure you might think a network is, you really don’t know until it’s been hacked. So you might as well call in the pentesting troops before the cybercriminals get to it.


Cybercrime TV: 30,000 Foot View of the Pentesting Market

Interview with Seemant Sehgal, founder & CEO at BreachLock


Who’s a pentester?

“Hacking is not really a skillset, it’s a mindset,” says Sehgal. He offers up Kevin Mitnick, often referred to as the world’s most famous hacker, as a historical example given the practice of ethical intrusion dates to phreakers in the 1970s.

While today’s pentester may have earned a technical certification such as the CEH (certified ethical hacker), they must also possess a knack for cat and mouse play and advanced social engineering skills.

“Cybersecurity can be a very crowded market,” notes Sehgal, and that definitely goes for pentesting. He explains three types of companies: Technology centric or automated vulnerability scanning; Bug bounty or crowdsourced services; Boutique firms selling man hours.

Application Security Companies

Ethical hacking leads the way in the burgeoning appsec market, but there’s a myriad of critical solutions to help develop and lock down your code. Here’s 10 hot companies the editors at Cybercrime Magazine are watching:

  • A10 Networks, San Jose, Calif. Build agile hybrid-cloud deployments with secure application services across public, private and hybrid clouds and in Kubernetes containers. Gain the analytics, automation and agility needed to protect your business and optimize the performance and security of your applications in any cloud environment.
  • Aqua Security, Ramat Gan, Israel. Complete cloud native security platform unleashes the full potential of your digital transformation and accelerates innovation with the confidence that your applications are secured from start to finish, at any scale. The Aqua platform protects your entire stack, on any cloud, across VMs, containers, and serverless.
  • BreachLock, Amsterdam, Netherlands. Penetration Testing as a Service powered by certified hackers and artificial intelligence. Comprehensive, continuous pentesting and vulnerability scanning with actionable results for your public cloud, applications, or networks.
  • Bugcrowd, San Francisco, Calif. Pen test, bug bounty, vulnerability disclosure, and attack surface management programs. Combines an experienced triage team with trusted hackers around the world to generate better results, reduce risk, and empower organizations to release secure products to market faster.
  • Checkmarx, Ramat Gan, Israel. Comprehensive, unified software security platform that tightly integrates SAST, SCA, IAST and AppSec Awareness to embed software security throughout the CI/CD pipeline and reduce software exposure. Automated security scanning as part of the DevOps process.

Cybercrime TV: Pentesting-as-a-Service from BreachLock

Watch the 10-minute demo


  • Contrast Security, Los Altos, Calif. Application security platform that provides centralized observability critical to managing risks and capitalizing on operational efficiencies — both for security and development teams. Secures the entire software development life cycle.
  • Secure Code Warrior, Sydney, Australia. ‘Starts left’ within the Software Development Life Cycle (SDLC) turning it into the Secure Software Development Life Cycle (SSDLC); focusing on making the developer the first line of defense by preventing coding vulnerabilities from happening in the first place.
  • Snyk, London, U.K. Secure all the components of the modern cloud native application in a single platform. Automatically find, prioritize and fix vulnerabilities in your open source dependencies throughout the development process. Platform is easily used by developers to build software securely.
  • Sysdig, San Francisco, Calif. Security for containers, Kubernetes, and cloud services. Secure DevOps platform built on an open source stack to accelerate innovation and drive standardization. The sysdig project delivers deep container visibility through Linux syscalls and is the standard for container forensics.
  • Veracode, Burlington, Mass. Visibility into application status across all testing types, including SAST, DAST, SCA, and manual penetration testing, in one centralized view. Helps organizations overcome DevSecOps challenges with automated application analysis delivered through a scalable SaaS platform.

Cybercrime Magazine will be expanding our coverage of penetration testing and this list in 2021.

Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.


Sponsored by BreachLock

Affordable, Smarter and Scalable Cyber Security Testing

BreachLock™ offers a SaaS platform that enables our clients to request and receive a comprehensive penetration test with a few clicks.

Our unique approach makes use of manual as well as automated vulnerability discovery methods aligned with industry best practices.

We execute in-depth manual penetration testing and provide you with both offline and online reports. We retest your fixes and certify you for executing a Penetration Test. This is followed up with monthly automated scanning delivered via the BreachLock platform. Throughout this process, you have access to the platform and our security experts who will help you find, fix, and prevent the next cyber breach.

BreachLock has offices in The Netherlands, London, New York City, and Wilmington, Del.