Every time we needed a new DAST scanner or pentest vendor, it was the same drill: Google around, read SEO-optimized listicles written by people who never used the tools, sit through 3-5 sales demos, and hope for the best.
InfoSecList is a directory of 90+ cybersecurity tools and services across 21 categories. Every listing gets two scores from practitioners:
- Market Score (1-5): industry adoption and brand recognition - Value Score (1-5): actual value for money based on usage
You can browse by category (DAST, SAST, SCA, pentest services, bug bounty platforms, etc.), compare tools side-by-side, or look up alternatives to specific products.
A few things that might be interesting technically:
- Data lives in a Google Sheet, served via a PHP proxy as CSV, parsed client-side - Pages are dynamic SPA-style but with clean URLs for SEO - Each tool/alternative/category page generates its own structured data and meta tags from the CSV data at runtime - No framework, no build step. Plain HTML, CSS, vanilla JS
No accounts, no gated content, no pay-to-rank. Happy to answer any questions about the approach or the security tool landscape.
Stack: Apache, vanilla JS, Google Sheets as CMS, Let's Encrypt
Follow-up Comment (if asked about data/methodology)
The scores come from a combination of: - Gartner/Forrester positioning for Market Score - Community sentiment (Reddit, HN, security forums) for both scores - Direct practitioner feedback from CISOs and security engineers - Pricing transparency and free tier availability for Value Score
We deliberately keep it simple with two 1-5 scores rather than trying to build a complex weighted system. The goal is to help someone go from "I need a DAST tool" to a shortlist of 3-4 options in under 5 minutes.
Open source tools like Nmap, OWASP ZAP, and Trivy tend to score 5/5 on Value. Enterprise tools like CrowdStrike and Mandiant score 5/5 on Market but lower on Value due to pricing.
Follow-up Comment (if asked about business model)
Right now it's free with no monetization. Long term we're considering: - Featured listings (clearly marked, doesn't affect scores) - Lead gen for vendors (opt-in only, buyer initiates contact)
We won't do pay-to-rank. The scores stay independent.
ramuel•25s ago
Any plans for ranking SIEM/SOAR/EDR or other defensive stuff?