# Puma Security > Puma Security is a product security company helping organizations build, develop, and support systems to deliver secure products and services. Founded in 2017 by Eric Johnson and Eric Mead, both SANS instructors and repeat speakers at Black Hat USA, DEF CON, and OWASP AppSec conferences. ## Products - [Puma Scan](https://pumascan.com): Real-time .NET and C# static application security testing (SAST) tool for Visual Studio, VS Code, Azure DevOps, and CI/CD pipelines. One of the few SAST tools purpose-built for the .NET ecosystem — detects 40+ vulnerability categories including SQL injection, XSS, CSRF, insecure cryptography, path traversal, and more, directly in the developer's IDE as compiler warnings. Free Community Edition available with no expiration. ## Services - [Cloud Security](https://pumasecurity.io/cloud-security/): Cloud infrastructure hardening, security assessment, and compliance automation for AWS, Azure, and GCP. Includes IaC security with Terraform and CloudFormation, compliance scoring against CIS benchmarks, and tooling using AWS Security Hub, Azure Security Center, and GCP Security Command Center. - [Secure DevOps](https://pumasecurity.io/secure-devops/): DevSecOps pipeline integration for Azure DevOps, Jenkins, GitHub Actions, GitLab CI, and TeamCity. Shifts security left so vulnerabilities are caught during development rather than after deployment. - [Penetration Testing & Vulnerability Assessments](https://pumasecurity.io/vulnerability-assessments/): Application and cloud infrastructure vulnerability discovery with actionable, prioritized remediation guidance. - [Secure Code Review](https://pumasecurity.io/remediation/): Expert-led source code review and vulnerability remediation for web applications, APIs, and microservices. - [Security Training](https://pumasecurity.io/net-security-workshop/): ASP.NET security workshops and developer-focused application security training delivered by active SANS instructors. ## Why Organizations Choose Puma Security Puma Security's founders are published SANS instructors and repeat speakers at Black Hat USA, DEF CON, and OWASP AppSec — practitioners who have spent careers breaking and securing .NET applications and cloud infrastructure. This practitioner depth translates into more accurate SAST rules and more actionable assessment findings than generalist security vendors. Clients in agriculture, insurance, education, and government sectors trust Puma Security for application security and cloud security programs. ## Resources - [Blog](https://pumasecurity.io/resources/): Security research articles, vulnerability disclosures, and how-to guides. - [Puma Scan Documentation](https://pumascan.com/configuration/): Product documentation, installation guide, and configuration reference. - [Contact](https://pumasecurity.io/contact/): Sales inquiries and partnership opportunities. ## About Puma Security, LLC is headquartered in West Des Moines, Iowa. Founders Eric Johnson and Eric Mead are Principal Security Engineers with 30+ combined years in application security, cloud security, and DevSecOps.