The missing piece of your application security program
Gauntlet is built from the ground up to improve your application security program. If you're looking to protect your applications, the powerful Gauntlet platform can help. Reduce complexity, spend less time running scanners and more time developing your business.
Deliver innovation to market without sacrifing security. Integrate Gauntlet with your Software Development Life Cycle (SDLC) using our API and find security vulnerabilities before hackers do.
Leave the hard work of provisioning servers, installing, updating and managing security scanners to Gauntlet. Take your time to focus on activities that must be manual instead.
Reduce the cost to identify security vulnerabilities by combining multiple approaches effortlessly. Also reduce the cost the vulnerability remediation by centralizing results from different tools and setting up policies.
Gauntlet makes it easy for your to run multiple security scanners to search for security vulnerabilities in your applications and network devices, such as servers. Those scanners could run Dynamic Application Security Testing (DAST), which are tests in servers that are running, or Static Application Security Testing (SAST), which are tests in the application's source code. Running both improve vulnerability detection.
Gauntlet comes with a Dashboard and Charts for you to show vulnerability trends, issues by technical and business severities, issues by scanners and more. Learn more about Gauntlet Dashboard & Charts.
Gauntlet comes with multiple security scanners to enhance vulnerability detection and give you better coverage. Check out all supported scanners.
Gauntlet performs tests in running applications and network devices, such as servers and Internet of Things (IoT) to look for security vulnerabilities. Learn more about Gauntlet DAST capabilities.
Gauntlet also looks for security vulnerabilities in source code. It's the so called whitebox testing and has a great coverage. Learn more about Gauntlet SAST capabilities.
Perform security tests behind the login page, even if the scanner doesn't come with built in support. Learn more about Gauntlet authenticated scan.
Besides our natively supported security scanners, it's possible to use your own scanner and leverage all Gauntlet platform benefits. Learn more about how to Bring Your Own Scanner.
We believe in continuous application security, thus you can schedule scans periodically to test your applications and servers. Learn more about Gauntlet scan schedulement.
Applications and servers behind your firewall can be tested by being securely exposed to our scanner using either a SSH Tunnel or a Virtual Scan Appliance (VSA). Learn more about Gauntlet internal testing.
Consolidate results from multiple tools has always been a dauting task. Gauntlet automatically generates a consolidated report for you. Learn more about Gauntlet reports.
Get notified about scan management events such as scan start/end/stop/destroy and policy violations. Learn more about Gauntlet notifications.
We know that finding issues is only part of solution. A common challenge is to centralize reports from different tools, prioritize and act on them. Because of that we built a smart centralized issue management system that lets you create manual issues, change the issues severities and apply policies based on such severities.
Visualize vulnerability trends, issues by technical and business severities, issues by scanners and more. Learn more about Gauntlet Dashboard & Charts.
You can upload reports from multiple scanners to generate issues on Gauntlet or run them directly from Gauntlet. Check out all supported scanners.
Centralized interface to visualize, filter and act upon issues, vulnerabilities and risks. Mass edition is supported. Learn more about Gauntlet issue management.
Automatically take action on issues based on criterias defined by you. Learn more about Gauntlet policies.
Gauntlet automatically performs smart operations after each scan to identify fixed and resurged issues. Learn more about Gauntlet smart operations.
It's possible to bring your own scanner and a way to convert its results into Gauntlet issues. Learn more about how to Bring Your Own Scanner.
Combined with Policies, you can get notified when an application becomes non-compliant or becomes compliant again. Learn more about Gauntlet notifications.
If you run scanners outside Gauntlet you can upload their reports to centralize issues on our platform. Learn more about Foreign Reports.
Your HTTPS applications' certificates should be monitored otherwise they may expire and result in a red warning page for all your customers. Learn more about Certificate Monitoring.
Gauntlet comes with batteries included. We believe that a powerful platform should provide more interesting features for you to enjoy your ride. Notifications, API and Multi-languages are some of them. Check them out below:
We believe that Gauntlet should be available in your native idiom. So far we support English and Portuguese, but more languages will be added soon. Learn more about Gauntlet multi-language feature.
More than simply 'read and write' permissions, on Gauntlet you can authorize API calls and Groups based on the Class and Method name. Learn more about Gauntlet granular permissions.
Gauntlet is organizations-oriented and organizations and group-oriented, thus we natively support Role-Based Access Control (RBAC). Learn more about Gauntlet team collaboration.
We're API oriented. It means that everything you can do in the Web Interface can be done through our API. Calls to our API can leverage our granular permissions system as well. Learn more about Gauntlet API.
Get notified about events you choose and automatically send emails to groups or individual emails. Events include scan management and issue policies. Learn more about Gauntlet notifications.
It's possible to ask for us to add another scanner or bring your own scanner to perform scans and convert its results into Gauntlet issues. Learn more about how to Bring Your Own Scanner.