Best Dynamic Application Security Testing (DAST) Software

Dynamic application security testing (DAST) tools automate security tests for a variety of real-world threats. These tools typically test HTTP and HTML interfaces of web applications. DAST is a black-box testing method, meaning it is performed from the outside. Companies use these tools to identify vulnerabilities in their applications from an external perspective to better simulate threats most easily accessed by hackers outside their organization. There are similarities between DAST tools and other application security and vulnerability management solutions, but most other technologies perform internal tests and code analysis instead of focusing on black-box testing.

To qualify for inclusion in the Dynamic Application Security Testing (DAST) category, a product must:

  • Test applications in their operational state
  • Perform external black-box security tests
  • Trace penetrations and exploits to their sources
G2 Grid® for Dynamic Application Security Testing (DAST)
Leaders
High Performers
Contenders
Niche
Market Presence
Satisfaction
Star Rating

Dynamic Application Security Testing (DAST) reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

Compare Dynamic Application Security Testing (DAST) Software

G2 takes pride in showing unbiased ratings on user satisfaction. G2 does not allow for paid placement in any of our ratings.
Results: 29
Filter Results
Filter by:
Sort by
Star Rating
Sort By:
Results: 29

    Netsparker develops an industry leading automated web application security solution. Available as Windows software, online and on-premises service, the Netsparker scanner can automatically detect SQL Injection, Cross-site Scripting and other vulnerabilities in any type of modern HTML5, Single Page Application (SPA), Web 2.0 web application and web services, regardless of the technology they are built with. The Netsparker scanner does not just report the vulnerabilities, it also generates a proo

    IBM Security AppScan Standard protects against web application attacks and expensive data breaches by automating application security vulnerability testing. Avoid security vulnerabilities Use automated dynamic security testing and advanced static analysis – “black box” and “white box” – to detect developing security issues. Empower accurate scanning Scan websites to identify embedded vulnerabilities. Simplify interpretation of scan results with scan-specific explanations of each issue. Get qu

    Software security solutions from Micro Focus Fortify cover your entire software development lifecycle (SDLC) for mobile, third party and website security.

    Acunetix leads the market in automatic web security testing technology that accurately scans and audits all web applications, including HTML5, JavaScript and Single Page applications (SPAs). It offers a cost-effective entry into the web scanning market with a simple, scalable, and high availability solution, without compromising quality. Acunetix can report on a wide range of web vulnerabilities, including SQLi and XSS and provides the only technology on the market that can automatically detect

    Organizations worldwide use Black Duck’s industry-leading products to secure and manage open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, Vancouver, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com. com.

    Checkmarx is the Software Exposure Platform for the enterprise. Over 1,400 organizations around the globe rely on Checkmarx to measure and manage software risk at the speed of DevOps. Checkmarx serves five of the world’s top 10 software vendors, four of the top American banks, and many government organizations and Fortune 500 enterprises, including SAP, Samsung, and Salesforce.com. Learn more at Checkmarx.com or follow us on Twitter: @checkmarx.

    Veracode is the world's best automated, on-demand application security testing and code review solution.

    WhiteSource helps business to develop better software by harnessing the power of open source. WhiteSource becomes part of your software development lifecycle (SDLC) and automates the entire process of open source components selection, approval, and management, including finding and fixing vulnerable components. We provide software development and security teams full control and visibility over their open source usage and helps them drive open source adoption

    Appknox is one of the enterprise level security assessment product that helps businesses and enterprises to detect, manage and fix security issues. Its been used by some of the top enterprises to secure more than 500 mobile apps on regular basis. Appknox is listed in one of the Gartner's top mobile app security testing vendors list. Working with more than 100 organizations globally Appknox has been focusing on niche area of mobile app security.

    IBM Application Security on Cloud helps secure your organization's Web and mobile applications, by detecting dozens of today's most pervasive published security vulnerabilities. IBM Application Security on Cloud helps to eliminate vulnerabilities from applications before they are placed into production and deployed. Convenient, detailed reporting permits you to effectively address application security risk, enabling application users to benefit from a more secure experience. IBM Open Source Anal

    Application security testing for the modern web

    WebInspect offers automated dynamic application security testing (DAST) and interactive application security testing (IAST) technologies that mimics real-world hacking techniques and attacks, provides comprehensive dynamic analysis of complex web applications and services, and crawls more of the attack surface to exposes exploits.

    Acunetix AcuSensor is an IAST offering by Acunetix for PHP, ASP.NET and Java web applications. AcuSensor is included by default with Acunetix and works by installing a lightweight sensor on the server where the application is running.

    AppScanOnline is the leading provider of mobile app security software for today's developers. AppScanOnline's automated static vulnerability testing service quickly provides security teams with a detailed report compliant with both OWASP Top 10 and Industrial Development App standards, allowing developers to bring their application to market sooner.

    AppSpider is a dynamic application security testing (DAST) solution.

    Appvigil is a completely automated Mobile Reputation Protection Suite for Mobile Apps.Powered by patent pending technology, Appvigil employs intensive static, dynamic & stringent network analysis.

    CA Veracode Vendor Application Security Testing (VAST) provides a scalable program for managing third-party software risk. Build your program based on a decade’s worth of best practices to ensure success and see a simple pass or fail for each vendor application. Because CA Veracode scans binaries rather than source code, vendors will be more comfortable with the assessments because they don't have to disclose their intellectual property. With CA Veracode, you can scale your program without addin

    Code Dx’s automated application vulnerability correlation shaves weeks off that process so you can get right to fixing your code. Its vulnerability management lets you quickly prioritize vulnerabilities (to fix the most important ones first), track progress of their remediation, and observe how your code's security changes over time.

    Businesses can focus on what matters to them, remaining highly agile, without putting the organization at risk.

    Automate the detection of vulnerabilities on running applications

    Promon INSIGHT gives you crucial time to react to emerging threats. With the ability to silently report back to servers, hackers performing targeted attacks won't even be aware that they have been detected.

    Detect security flaws in your website or web application and avoid being hacked. HTTPCS Security puts Machine Learning at the service of your cyber security to protect your site against hacking and data leaks.

    Snyk is a developer-first security solution that helps organizations use open source and stay secure. Snyk is the only solution that seamlessly and proactively finds and fixes vulnerabilities and license violations in open source dependencies and Docker images. The Snyk solution integrates its comprehensive proprietary vulnerability database maintained by its expert security research team in Israel and London.

    Learn More About Dynamic Application Security Testing (DAST) Software

    Latest Dynamic Application Security Testing (DAST) Articles