Get Started View Documentation
Purpleteam Your Applications and APIs with PurpleTeam
Automatable Security Regression Testing for your Applications and APIs
Works alongside Development Teams, finding security defects as they're introduced. No more waiting for the dreaded Red Team to come and test your project weeks or months after functionality and security defects have been baked in.
Coaches Developers how to spot common defect patterns as they code. PurpleTeam provides details of detected security issues in real-time as well as providing a full test Outcome archive with test results and reports in multiple formats after every Test Run. Outcomes include:
Works alongside Operations Teams, finding security defects in TLS/SSL configurations. PurpleTeam tests for a large array of common security faults with TLS/SSL configurations, providing peace of mind that your TLS/SSL deployments are going to prove a challenge for even the most advanced attackers.
Works alongside both Development and Operations Teams, finding server misconfigurations. Misconfigured servers can provide fruitful reconnaissance information for attackers, as well as plentiful opportunities to exploit the servers running your application/API code due to known vulnerabilities, thus providing a foothold for attackers. With PurpleTeam watching your servers, you will be ahead of your attackers and be able to remediate known server defects before they are exploited by your adversaries.
Perfect fit for your CI/CD build pipelines We have directions on how to include PurpleTeam into your build pipelines, along with example projects to get you up and running fast.
We cover your engineering stack. We don’t depend on specific integrations
we just give you a process (CLI) to run, simple, run it anywhere.
You can dial the attack strength to mitigate false positives
Great for brown field projects with existing security defects
Run the purpleteam process anywhere Toggle headless mode
Built from ground up to support Development Teams
No time wasted writing tests.
Shows your tests running in real-time.
Provides test reproduction directions.
Provides the security experts, so you don't need to be an expert.
Test Outcomes include easy to follow remediation steps.
Ships your test outcomes directly to a location of your choosing.
What is Dynamic Application Security Testing and how does it help us?
Learn about PurpleTeam's origin and our journey to where we are now.
From solo Engineers to managing many commercial Engineering Teams, we have the right plan for you.
We are passionate about supporting open source.
If you want your open source project secured by PurpleTeam head to the community page or get started with the documentation.