Dynamic Application Security Testing (DAST) Software Resources

Hey everyone,

I’ve been helping DevSecOps teams evaluate DAST (Dynamic Application Security Testing) tools that plug directly into CI/CD workflows — triggering scans automatically after builds or deployments. I pulled insights from G2’s latest DAST grid and user reviews to find which solutions offer tight CI/CD integration.

Here are the top five (in order of G2 presence/satisfaction):

• Tenable Nessus: flagship scanner with robust automation hooks; supports API triggers and feed-back loops inside CI pipelines.
• Jit: designed for developer-centric CI/CD environments, seamless pipeline integration and fast feedback to dev teams.
• Aikido Security: newer but well-rated for pipeline-native DAST with minimal setup and strong automation focus.
• Akto: API-first DAST tool built for microservices and CI environments; supports CI triggers and automated test flows.
• Astra Pentest: combines automation with manual review; integrates into CI/CD pipelines via webhooks/CLI for continuous scanning.

I based this on G2 satisfaction and feature data, plus user feedback around how well each tool fits into build/test/deploy workflows. Also hearing good things about Invicti and GitLab DAST for CI/CD integration — anyone here using these? What's been the experience?

Hey everyone,

I’ve been helping a few DevSecOps teams evaluate DAST (Dynamic Application Security Testing) tools designed for cloud-native applications — microservices, APIs, containers, serverless. I looked through G2’s DAST category and review data, plus vendor features, to identify which platforms perform strongly in modern cloud/native stacks.

Here’s what stood out (based on G2 Grid order):

• Tenable Nessus: the category leader; great for vulnerability scanning across cloud workloads, containers, and dynamic app environments.
• Jit: built for DevSecOps workflows; integrates directly into CI/CD pipelines for automated runtime and API testing in cloud-native stacks.
• Aikido Security: strong for modern app architectures; automates scanning across cloud deployments with simple setup and actionable reporting.
• Akto: API-first DAST designed for microservices and distributed systems; ideal for testing cloud-based REST and GraphQL endpoints.
• Astra Pentest: combines automated DAST with manual testing for hybrid and multi-cloud environments; solid for ongoing app security validation.

I based this on G2 satisfaction and feature-level data, plus user reviews focused on cloud-native coverage, automation depth, and integration flexibility. Anyone here using these tools? Can you share your experience?

Hey everyone,

I’ve been helping a few DevSecOps teams find tools that go beyond code and scan for security issues during runtime — catching threats as they happen, not just in pre-deployment tests. I pulled insights from G2’s latest DAST Software Grid and user reviews to see which platforms perform best for real-time detection, automation, and continuous protection.

Here are the top tools to look at:

• Tenable Nessus: a clear leader for vulnerability detection across environments; great for continuous monitoring and runtime scanning within CI/CD workflows.
• Jit: designed for DevSecOps-first pipelines; combines runtime monitoring with automated detection for faster response to live security issues.
• Aikido Security: newer but highly rated for runtime threat detection and automated remediation; strong focus on app and cloud workloads.
• Akto: API-first platform that identifies runtime risks like broken authentication or exposed endpoints; great for microservice-heavy teams.
• Astra Pentest: blends runtime protection with manual and automated pentesting; ideal for continuous security coverage across production environments.

I based this on G2 satisfaction and feature data, plus user feedback around runtime visibility and alert accuracy. Also hearing good things about Sysdig Secure and Aqua Security for runtime protection in containerized setups — anyone here using those?