Application security testing solution provider NightVision told QA Financial it has rolled out a new software testing and security solution that is largely powered by AI-tech.
The launch comes only weeks after the US-based QA software firm, which was only founded two years ago, raised millions in fresh capital.
NightVision, which focuses on technology tools in the application security testing sector with a particular focus on financial institutions, is a relative newcomer in the market.
The firm has been gaining momentum by helping companies and developers to identify software flaws and vulnerabilities, particularly at an early stage in the development cycle.
New capability
The new testing platform enables developers to identify, locate, and remediate exploitable vulnerabilities throughout the software development lifecycle, according to NightVision’s CEO, George Prince, in an email sent to this publication.
“Software developers can set up and run scans within minutes for the first time and receive intelligence on critical vulnerabilities and where they reside,” he explained.

Prince, who has been the company’s CEO since April 2022, stressed that “for years, we have failed to provide software developers with testing tools to perform quickly and accurately. The shortcomings of the AppSec market have put us in the software insecurity predicament we find ourselves in today.”
He pointed out that the Secure By Design movement has “popularised” the concept of making the default route during the SDLC secure by providing safe building blocks for developers.
“The foundation of these secure defaults should be dynamic testing, prioritising the risks that are actually exploitable in an application,” Prince continued.
“Our focus is simple: Provide quick and easy guardrails for developers to identify and remediate critical vulnerabilities so they can continue to ship new products and features.”
Prince said that the two leading legacy testing technologies – Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) – have “frustrated” users for various reasons.
“They generate an unmanageable number of false positives, require time-intensive custom coding to launch, and take hours to scan.”
Moreover, legacy DAST tools fail to test more than 70% of endpoints in application programming interfaces (API), often making their tests pointless, he noted.
Key features
The NightVision AppSec solution simulates attacks to see what is exploitable and traces findings back to code, Prince explained.
Among its capabilities are API Identification. “In real environments of fast-moving development teams, comprehensive API documentation is often absent,” he said.
“We automatically generate detailed documentation of existing APIs to scan undocumented or under-documented APIs, making testing more accurate and comprehensive than previously possible.”
Moreover, the tool includes shadow API discovery. When analysing code before simulating attacks, shadow APIs can be uncovered via source code analysis that was not meant to be introduced to production.
Prince claims his solution “can discover and test these Shadow APIs that are often ungoverned, perform higher privileged functions, and previously have not been tested for security issues.”
Then there is pinpointing vulnerable codes as the platform identifies issues “at the exact areas of code in the dev environment so developers don’t have to spend time chasing down or validating vulnerability reports, saving money and precious engineering resources,” he explained.
In addition, other features such as plug-and-play testing, are also part of the new platform.
Importance of AI
Just like most new testing solutions in recent years, this new platform equally relies heavily on AI-powered tech.
“To say that AI has exponentially increased the speed of software development and the spread of bad and vulnerable code is an understatement,” said Kinnaird McQuade, NightVision CTO and co-founder.
“The software-based attacks we have seen over recent years are child’s play compared to what we could see if AppSec testing solutions don’t perform quicker and more comprehensively.”
The shortcomings of the application software testing market have handcuffed developers and cybersecurity teams, McQuade continued.
“Developers want to be quickly and easily alerted of exploitable vulnerabilities, including precise details on the location and context of the issue.”

“Developers need testing solutions that can keep up with the speed of software development and do not impede innovation.”
– Analyst Katie Norton
McQuade’s observations are backed up by recent research. Katie Norton, a research manager DevSecOps and Software Supply Chain Security at IDC, said “research shows that organisations implementing DevSecOps empower developers to find and fix vulnerabilities.”
However, “to do so, they need application security testing solutions that can keep up with the speed of software development and do not impede innovation.”
Norton pointed out “this can be challenging to do with DAST because traditional solutions were not designed for developers and lack code context. DevSecOps teams are more willing and able to shift DAST left if they have confidence that the tool will help them deploy more secure software products without losing time to market.”
Fresh funding
The launch of NightVision’s new testing capability comes only weeks after it received fresh allocations that amount to just under $5.5 million, with commitments coming from a range of different, mostly US-based investors.
McQuade said the firm is experiencing a healthy appetite for its testing solutions.
“In recent years, there’s been an explosion of custom applications, APIs, and micro-services, but the application security testing industry has been unable to keep up with the rapid pace of development,” he explained.
“Especially now that developers are building faster with AI-assisted solutions, this has to change, now more than ever,” he stated.
McQuade stressed that NightVision’s tech capabilities can simulate different attacks and scenarios that help firms to detect and spot flaws and defects in their software, even before they show up in the production and integration phase.
He pointed out that the software allows developers to scan codes, pick up on flaws, and get highlights of the flawed lines of code with a streamlined process that leads to secure development.
The product also lets customers scan apps on public and private networks, and can discover undocumented APIs through modern greybox crawling.

Become a QA Financial subscriber – for FREE
News and interviews * Receive our weekly newsletter * Get priority invitations to our Forum events