Dynamic Application Security Testing (DAST) Software Resources

Is GitLab paid?

A good source of community curated CI/CD templates will be a good source of implementing all best practices.

Hey everyone,

I’ve been helping a few enterprise security teams evaluate DAST (Dynamic Application Security Testing) platforms that can scale across large, complex environments — from web apps to APIs and multi-cloud systems. I pulled data from G2’s latest Enterprise DAST Software Grid to see which platforms enterprise users rate highest for scalability, automation, and continuous security integration.

Here’s what stood out (based on G2 Grid order):

• Tenable Nessus – the clear enterprise leader; trusted for deep vulnerability coverage, reliable scanning at scale, and seamless integrations across hybrid and on-prem environments.
• Bright Security – a top high performer with strong satisfaction scores; well-suited for cloud-native testing and continuous scanning in enterprise CI/CD workflows.
• Invicti (formerly Netsparker) – established enterprise solution known for scalable scanning, automation, and proof-based vulnerability validation to minimize false positives.
• HCL AppScan – strong contender for large enterprises; offers combined DAST, SAST, and IAST capabilities with extensive reporting and compliance features.
• GitLab – integrates DAST directly into CI/CD pipelines; a good fit for enterprises already leveraging GitLab’s broader DevSecOps ecosystem.

I based this on G2 satisfaction, market presence, and overall G2 score, highlighting tools consistently chosen by enterprise security teams for scalability and integration depth.

Also seeing StackHawk and Contrast Security mentioned frequently for modern, API-focused enterprise setups — anyone here using those?