ZeroPath
ZeroPath (YC S24) is an AI-native application security platform that delivers comprehensive code protection beyond traditional SAST. Founded by security engineers from Tesla and Google, ZeroPath combines large language models with deep program analysis to deliver intelligent security testing that finds real vulnerabilities while dramatically reducing false positives.
Unlike traditional SAST tools that rely on pattern matching, ZeroPath understands code context, business logic, and developer intent. This enables identification of sophisticated security issues including business logic flaws, broken authentication, authorization bypasses, and complex dependency vulnerabilities.
Our comprehensive security suite covers the application security lifecycle:
1. AI-powered SAST
2. Software Composition Analysis with reachability analysis
3. Secrets detection and validation
4. Infrastructure as Code scanning
5. Automated PR reviews
6. Automated patch generation
and more...
ZeroPath integrates seamlessly with GitHub, GitLab, Bitbucket, Azure DevOps and many more. The platform handles codebases with millions of lines across Python, JavaScript, TypeScript, Java, Go, Ruby, Rust, PHP, Kotlin and more.
Our research team has been successful in finding vulnerabilities like critical account takeover in better-auth (CVE-2025-61928, 300k+ weekly downloads), identifying 170+ verified bugs in curl, and discovering 0-days in production systems at Netflix, Hulu, and Salesforce.
Trusted by 750+ companies and performing 200k+ code scans monthly.
Learn more
Astra Pentest
Astra's Pentest is a comprehensive solution for penetration testing. It includes an intelligent vulnerability scanner and in-depth manual pentesting.
The automated scanner performs 10000+ security checks, including security checks for all CVEs listed in the OWASP top 10 and SANS 25. It also conducts all required tests to comply with ISO 27001 and HIPAA.
Astra provides an interactive pentest dashboard which allows users to visualize vulnerability analysis, assign vulnerabilities to team members, collaborate with security experts, and to collaborate with security experts. The integrations with CI/CD platforms and Jira are also available if users don't wish to return to the dashboard each time they want to use it or assign a vulnerability for a team member.
Learn more
API Fuzzer
API Fuzzer is a tool designed to perform fuzz-testing on attributes by employing prevalent penetration testing methods while identifying potential vulnerabilities. By taking an API request as its input, the API Fuzzer gem effectively outputs a list of possible vulnerabilities inherent in the API, which may include risks such as cross-site scripting, SQL injection, blind SQL injection, XML external entity vulnerabilities, insecure direct object references (IDOR), issues with API rate limiting, open redirect vulnerabilities, information disclosure flaws, information leakage through headers, and cross-site request forgery vulnerabilities. This comprehensive evaluation helps developers enhance the security of their APIs by pinpointing critical areas that require attention and remediation.
Learn more
WebScanner
DefenseCode WebScanner serves as a Dynamic Application Security Testing (DAST) tool, specializing in thorough security evaluations of active websites. By simulating a multitude of attacks using sophisticated methods akin to those employed by actual hackers, WebScanner effectively assesses a website's defenses. This versatile tool is compatible with any web application development platform and can function even when the source code of the application is inaccessible. It accommodates a variety of prevalent web technologies like HTML, HTML5, Web 2.0, AJAX/jQuery, JavaScript, and Flash. With the capability to perform over 5,000 tests for Common Vulnerabilities and Exposures, WebScanner identifies more than 60 distinct types of vulnerabilities, including SQL Injection, Cross Site Scripting, and Path Traversal, as well as those outlined in the OWASP Top 10. Additionally, it is an essential resource for organizations seeking to enhance their web application security posture.
Learn more