Dynamic Application Security Testing (DAST) Software Resources

Hey everyone,

I’ve been helping a few enterprise security teams evaluate DAST (Dynamic Application Security Testing) platforms that can scale across large, complex environments — from web apps to APIs and multi-cloud systems. I pulled data from G2’s latest Enterprise DAST Software Grid to see which platforms enterprise users rate highest for scalability, automation, and continuous security integration.

Here’s what stood out (based on G2 Grid order):

• Tenable Nessus – the clear enterprise leader; trusted for deep vulnerability coverage, reliable scanning at scale, and seamless integrations across hybrid and on-prem environments.
• Bright Security – a top high performer with strong satisfaction scores; well-suited for cloud-native testing and continuous scanning in enterprise CI/CD workflows.
• Invicti (formerly Netsparker) – established enterprise solution known for scalable scanning, automation, and proof-based vulnerability validation to minimize false positives.
• HCL AppScan – strong contender for large enterprises; offers combined DAST, SAST, and IAST capabilities with extensive reporting and compliance features.
• GitLab – integrates DAST directly into CI/CD pipelines; a good fit for enterprises already leveraging GitLab’s broader DevSecOps ecosystem.

I based this on G2 satisfaction, market presence, and overall G2 score, highlighting tools consistently chosen by enterprise security teams for scalability and integration depth.

Also seeing StackHawk and Contrast Security mentioned frequently for modern, API-focused enterprise setups — anyone here using those?

Hey everyone,

I’ve been helping DevSecOps teams evaluate DAST (Dynamic Application Security Testing) tools that plug directly into CI/CD workflows — triggering scans automatically after builds or deployments. I pulled insights from G2’s latest DAST grid and user reviews to find which solutions offer tight CI/CD integration.

Here are the top five (in order of G2 presence/satisfaction):

• Tenable Nessus: flagship scanner with robust automation hooks; supports API triggers and feed-back loops inside CI pipelines.
• Jit: designed for developer-centric CI/CD environments, seamless pipeline integration and fast feedback to dev teams.
• Aikido Security: newer but well-rated for pipeline-native DAST with minimal setup and strong automation focus.
• Akto: API-first DAST tool built for microservices and CI environments; supports CI triggers and automated test flows.
• Astra Pentest: combines automation with manual review; integrates into CI/CD pipelines via webhooks/CLI for continuous scanning.

I based this on G2 satisfaction and feature data, plus user feedback around how well each tool fits into build/test/deploy workflows. Also hearing good things about Invicti and GitLab DAST for CI/CD integration — anyone here using these? What's been the experience?