# Best Dynamic Application Security Testing (DAST) Software - Page 2

  *By [Lauren Worth](https://research.g2.com/insights/author/lauren-worth)*

   Dynamic application security testing (DAST) tools automate security tests for a variety of real-world threats. These tools typically test HTTP and HTML interfaces of web applications. DAST is a black-box testing method, meaning it is performed from the outside. Companies use these tools to identify vulnerabilities in their applications from an external perspective to better simulate threats most easily accessed by hackers outside their organization. There are similarities between DAST tools and other application security and vulnerability management solutions, but most other technologies perform internal tests and code analysis instead of focusing on black-box testing.

[SAST vs DAST](https://research.g2.com/blog/sast-vs-dast) — Learn the difference

To qualify for inclusion in the Dynamic Application Security Testing (DAST) category, a product must:

- Test applications in their operational state
- Perform external black-box security tests
- Trace penetrations and exploits to their sources




  
## How Many Dynamic Application Security Testing (DAST) Software Products Does G2 Track?
**Total Products under this Category:** 93

### Category Stats (Jun 2026)
- **Average Rating**: 4.56/5
- **New Reviews This Quarter**: 11
- **Buyer Segments**: Small-Business 52% │ Mid-Market 36% │ Enterprise 12%
- **Top Trending Product**: Astra Pentest (+0.004)
*Last updated: June 01, 2026*

  
## How Does G2 Rank Dynamic Application Security Testing (DAST) Software Products?

**Why You Can Trust G2's Software Rankings:**

- 30 Analysts and Data Experts
- 3,600+ Authentic Reviews
- 93+ Products
- Unbiased Rankings

G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category.

  
## Which Dynamic Application Security Testing (DAST) Software Is Best for Your Use Case?

- **Leader:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
- **Highest Performer:** [Qodex.ai](https://www.g2.com/products/qodex-ai/reviews)
- **Easiest to Use:** [Qodex.ai](https://www.g2.com/products/qodex-ai/reviews)
- **Top Trending:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
- **Best Free Software:** [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews)

  
---

**Sponsored**

### Proscan

Proscan is a unified application security platform designed to help organizations streamline the management of their security tools. By integrating multiple standalone solutions into a single cohesive experience, Proscan provides comprehensive security visibility across the entire software stack. This platform replaces the complexity of managing various tools for static analysis, dynamic testing, and dependency scanning, allowing teams to focus on building secure applications without the hassle of juggling disparate systems. The platform is particularly beneficial for security teams, developers, and engineering leaders who require a consolidated view of application security risks. Proscan combines nine specialized security scanners, including Static Application Security Testing (SAST), which analyzes source code in over 30 programming languages using advanced detection methods. Dynamic Application Security Testing (DAST) further enhances security by testing live applications, identifying vulnerabilities that may only become apparent during runtime. Additionally, Software Composition Analysis (SCA) evaluates open-source dependencies across 196 package ecosystems, helping organizations detect known vulnerabilities before they can impact production environments. Proscan's capabilities extend beyond code analysis. It includes scanning for hardcoded secrets, misconfigurations in Infrastructure-as-Code, and vulnerabilities in container images. The platform also offers API security testing that validates endpoints against the OWASP API Security Top 10, ensuring robust protection for applications that leverage APIs. For organizations developing AI-powered applications, Proscan features a dedicated AI and LLM security scanner that identifies potential risks associated with prompt injections and other vulnerabilities, utilizing over 4,600 techniques mapped to the OWASP LLM Top 10. Artificial intelligence plays a crucial role in enhancing Proscan's efficiency and accuracy. The platform employs machine-learning algorithms to reduce false positives and prioritize vulnerabilities based on their potential impact. This intelligent approach allows teams to focus on the most critical security issues while providing clear explanations and actionable remediation guidance. Proscan integrates seamlessly into existing development workflows, offering IDE plugins and native CI/CD integrations that ensure security checks are part of the development process without causing disruptions. Compliance readiness is another key feature of Proscan, as it generates audit-ready reports aligned with major security standards, including OWASP Top 10, PCI DSS, HIPAA, and GDPR. This automated evidence collection simplifies the compliance process, providing organizations with the necessary documentation in various formats. Proscan is designed for security teams looking to consolidate fragmented toolchains, developers needing quick feedback, and managed security service providers managing multiple client environments, making it a versatile solution for modern application security challenges.



[Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&secure%5Bad_slot%5D=category_product_list&secure%5Bcategory_id%5D=1521&secure%5Bdisplayable_resource_id%5D=1521&secure%5Bdisplayable_resource_type%5D=Category&secure%5Bmedium%5D=sponsored&secure%5Bplacement_reason%5D=page_category&secure%5Bplacement_resource_ids%5D%5B%5D=1521&secure%5Bprioritized%5D=false&secure%5Bproduct_id%5D=1777455&secure%5Bresource_id%5D=1521&secure%5Bresource_type%5D=Category&secure%5Bsource_type%5D=category_page&secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fdynamic-application-security-testing-dast%3Flocale%3Dde%26page%3D2&secure%5Btoken%5D=373421ea8244a1143d93d41a07d9d6a9f6990e223e95768c2ff2afaca0d8b9b5&secure%5Burl%5D=https%3A%2F%2Fwww.proscan.one%2Fdownload&secure%5Burl_type%5D=free_trial)

---

  ## What Are the Top-Rated Dynamic Application Security Testing (DAST) Software Products in 2026?
### 1. [NowSecure](https://www.g2.com/products/nowsecure/reviews)
  NowSecure Inc., based in Oak Park, Illinois, was formed in 2009 with a mission to advance mobile security worldwide. We help secure mobile devices, enterprises and mobile apps.


  **Average Rating:** 4.6/5.0
  **Total Reviews:** 27
**How Do G2 Users Rate NowSecure?**

- **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10)
- **API / Integrations:** 7.8/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.3/10 (Category avg: 8.7/10)
- **Test Automation:** 7.2/10 (Category avg: 8.7/10)

**Who Is the Company Behind NowSecure?**

- **Seller:** [NowSecure](https://www.g2.com/sellers/nowsecure)
- **Year Founded:** 2009
- **HQ Location:** Chicago, Illinois
- **Twitter:** @nowsecuremobile (6,381 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/nowsecure (104 employees on LinkedIn®)

**Who Uses This Product?**
  - **Company Size:** 41% Mid-Market, 37% Enterprise


### 2. [OpenText Core Application Security](https://www.g2.com/products/opentext-core-application-security/reviews)
  Fortify on Demand (FoD) is a complete Application Security as a Service solution. It offers an easy way to get started with the flexibility to scale. In addition to static and dynamic, Fortify on Demand covers in-depth mobile app security testing, open-source analysis, and vendor application security management. False positives are removed for every test and test results can be manually reviewed by application security experts.


  **Average Rating:** 4.1/5.0
  **Total Reviews:** 34
**How Do G2 Users Rate OpenText Core Application Security?**

- **Has the product been a good partner in doing business?:** 9.0/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.3/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.9/10 (Category avg: 8.7/10)
- **Test Automation:** 8.3/10 (Category avg: 8.7/10)

**Who Is the Company Behind OpenText Core Application Security?**

- **Seller:** [OpenText](https://www.g2.com/sellers/opentext)
- **Year Founded:** 1991
- **HQ Location:** Waterloo, ON
- **Twitter:** @OpenText (21,564 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/2709/ (23,339 employees on LinkedIn®)
- **Ownership:** NASDAQ:OTEX

**Who Uses This Product?**
  - **Top Industries:** Information Technology and Services
  - **Company Size:** 41% Enterprise, 32% Small-Business


### 3. [Pentest-Tools.com](https://www.g2.com/products/pentest-tools-com/reviews)
  Discover what's possible. Prove what's real. With proprietary tech and key experts in offensive security. Pentest-Tools.com is built for actual security testing, not just detection. We provide the coverage, consolidation, and automation cybersecurity teams need to optimize vulnerability assessment workflows. And we ensure the depth, control, and customization on which professional pentesters count to increase engagement quality and profitability. ✔️ Comprehensive toolkit with real-world coverage ✔️ Validated findings rich with evidence ✔️ Automation options with granular control ✔️ Flexible, high-quality reporting ✔️ Workflow-friendly by design Optimize and scale penetration testing and vulnerability assessment workflows - without sacrificing accuracy, control, or manual testing depth. 🎯 Attack surface mapping and recon 🎯 Comprehensive vulnerability scanning 🎯 Vulnerability exploitation 🎯 Customizable pentest reporting and data exports 🎯 Continuous vulnerability monitoring In our company, we build what we use We launched Pentest-Tools.com in 2017 as a team of professional penetration testers - and we've kept that mindset ever since. Our experts still drive product development today, focusing relentlessly on accuracy, speed, and control. Every new feature, detection, and workflow comes from real-world experience. We constantly improve the product with updated attack techniques, smarter automation, and validation that reflects how malicious hackers actually operate - so your team can deliver security work that's faster, more visible, and built on proof.


  **Average Rating:** 4.8/5.0
  **Total Reviews:** 99
**How Do G2 Users Rate Pentest-Tools.com?**

- **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10)
- **API / Integrations:** 7.0/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.0/10 (Category avg: 8.7/10)
- **Test Automation:** 8.1/10 (Category avg: 8.7/10)

**Who Is the Company Behind Pentest-Tools.com?**

- **Seller:** [Pentest-Tools.com](https://www.g2.com/sellers/pentest-tools-com)
- **Year Founded:** 2017
- **HQ Location:** Sectorul 1, Bucharest
- **Twitter:** @pentesttoolscom (4,061 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/33242531/ (65 employees on LinkedIn®)

**Who Uses This Product?**
  - **Who Uses This:** CEO
  - **Top Industries:** Computer & Network Security, Information Technology and Services
  - **Company Size:** 65% Small-Business, 20% Mid-Market


#### What Are Pentest-Tools.com's Pros and Cons?

**Pros:**

- Ease of Use (6 reviews)
- Automation (4 reviews)
- Customer Support (4 reviews)
- Pentesting Efficiency (4 reviews)
- Scheduling (4 reviews)

**Cons:**

- Difficult Customization (2 reviews)
- Limited Features (2 reviews)
- Slow Scanning (2 reviews)
- Bugs (1 reviews)
- Confusing Interface (1 reviews)

### 4. [Codacy](https://www.g2.com/products/codacy/reviews)
  Codacy is the only DevSecOps platform that delivers plug-and-play code health and security scanning for AI and human generated code. Future-proof your software – from source code to runtime – without extra servers or build steps. Deploy within minutes and stay ahead of emerging risks today. BUILT FOR HUMANS, READY FOR AI Seamless Git and IDE integrations make Codacy a daily coach your devs can trust, not just another browser tab. AI-generated code is no exception – leaving up to 50% of your codebase exposed to a new wave of zero-days. Empower your devs to use Copilot and Cursor with confidence, not concern. CODE HEALTH & SECURITY FOR ANY STACK While healthy coding standards make your apps and infra run smoothly, Codacy equips your devs with the largest AppSec suite on the market – SAST, hardcoded secrets, dependency checks, SBOM, license scanning, DAST, and pentesting – safeguarding your business every step of the way. PIPELINE-LESS CODE AND RUNTIME SCANS Codacy scans run entirely in the cloud, eliminating the need for servers or build steps. A simple one-click webhook integration gets every commit and Pull Request scanned on the fly, across 49 languages and frameworks – ready for codebases of any size and flavor, and SOC 2 Type 2 certified.


  **Average Rating:** 4.6/5.0
  **Total Reviews:** 29
**How Do G2 Users Rate Codacy?**

- **Has the product been a good partner in doing business?:** 9.1/10 (Category avg: 9.2/10)

**Who Is the Company Behind Codacy?**

- **Seller:** [Codacy](https://www.g2.com/sellers/codacy)
- **Year Founded:** 2012
- **HQ Location:** Lisbon, Lisboa
- **Twitter:** @codacy (5,013 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/3310124/ (73 employees on LinkedIn®)

**Who Uses This Product?**
  - **Top Industries:** Computer Software
  - **Company Size:** 59% Small-Business, 24% Mid-Market


#### What Are Codacy's Pros and Cons?

**Pros:**

- Security (2 reviews)
- Automation (1 reviews)
- Automation Testing (1 reviews)
- Code Quality (1 reviews)
- Customer Support (1 reviews)

**Cons:**

- Expensive (1 reviews)

### 5. [Detectify](https://www.g2.com/products/detectify/reviews)
  Detectify sets a new standard for advanced application security testing, challenging traditional DAST by providing evolving coverage of each and every exposed asset across the changing attack surface. AppSec teams trust Detectify to expose how attackers will exploit their Internet-facing applications. The Detectify platform automates continuous real-world, payload-based attacks fuelled by its global community of elite ethical hackers into its own expert-built engines, exposing critical weaknesses before it's too late. The Detectify solution includes: - Automated discovery of known and unknown digital assets via domain & cloud connectors - Continuous coverage (24/7) of every corner of the attack surface with dynamic testing. Not just predefined targets - 100% payload-based testing fuelled by elite ethical hackers for a high signal-to-noise ratio - Distributed coverage across an unmatched array of relevant technologies - Actionable remediation tips for software development teams - Team functionality to easily share reports - Powerful integrations platform to prioritize and triage vulnerability findings onward to development teams -Advanced API functionality -Capabilities to set custom attack surface security policies


  **Average Rating:** 4.5/5.0
  **Total Reviews:** 49
**How Do G2 Users Rate Detectify?**

- **Has the product been a good partner in doing business?:** 9.7/10 (Category avg: 9.2/10)
- **API / Integrations:** 7.6/10 (Category avg: 8.6/10)
- **Detection Rate:** 7.9/10 (Category avg: 8.7/10)
- **Test Automation:** 9.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind Detectify?**

- **Seller:** [Detectify](https://www.g2.com/sellers/detectify)
- **Year Founded:** 2013
- **HQ Location:** Stockholm, Sweden
- **Twitter:** @detectify (11,272 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/2850066/ (97 employees on LinkedIn®)

**Who Uses This Product?**
  - **Top Industries:** Information Technology and Services, Computer Software
  - **Company Size:** 47% Small-Business, 35% Mid-Market


#### What Are Detectify's Pros and Cons?

**Pros:**

- Automation (2 reviews)
- Automation Testing (2 reviews)
- Customizability (2 reviews)
- Features (2 reviews)
- Security (2 reviews)

**Cons:**

- Complexity (1 reviews)
- Complex Queries (1 reviews)
- Complex Setup (1 reviews)
- Expensive (1 reviews)
- Inaccuracy (1 reviews)

### 6. [Appknox](https://www.g2.com/products/appknox/reviews)
  Appknox is an on-demand mobile application security platform that helps businesses detect and fix security vulnerabilities using an Automated Security Testing suite. We have been successfully reducing delivery timelines, manpower costs & mitigating security threats for Global Banks and Enterprises in 10 + countries.


  **Average Rating:** 4.5/5.0
  **Total Reviews:** 40
**How Do G2 Users Rate Appknox?**

- **Has the product been a good partner in doing business?:** 9.8/10 (Category avg: 9.2/10)
- **API / Integrations:** 9.0/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.0/10 (Category avg: 8.7/10)
- **Test Automation:** 8.9/10 (Category avg: 8.7/10)

**Who Is the Company Behind Appknox?**

- **Seller:** [Appknox](https://www.g2.com/sellers/appknox)
- **Year Founded:** 2014
- **HQ Location:** Singapore, Singapore
- **Twitter:** @appknox (3,062 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/3771872/ (82 employees on LinkedIn®)

**Who Uses This Product?**
  - **Top Industries:** Information Technology and Services, Financial Services
  - **Company Size:** 40% Small-Business, 37% Mid-Market


### 7. [ZAP by Checkmarx](https://www.g2.com/products/zap-by-checkmarx/reviews)
  ZAP by Checkmarx, formerly known as Zed Attack Proxy , is a leading open-source web application security scanner designed to help developers, testers, and security professionals identify vulnerabilities in web applications. Actively maintained by a global community, ZAP offers both automated and manual testing capabilities, making it suitable for users with varying levels of security expertise. Key Features and Functionality: - Automated Security Scanning: ZAP provides simple, single-click automated scanning, enabling users to identify security flaws with ease. - Active and Passive Scanning: Utilizes both passive and active scanning techniques to uncover a wide range of security vulnerabilities. - Advanced User Controls: Offers tools like manual interception, fuzzing, and forced browsing for thorough penetration testing. - CI/CD Integration: Seamlessly integrates with Continuous Integration/Continuous Deployment pipelines, automating security testing within development workflows. - Cross-Platform Support: Compatible with Linux, Windows, and macOS operating systems. Primary Value and Problem Solved: ZAP by Checkmarx addresses the critical need for accessible and effective web application security testing. By offering a free, open-source solution with both automated and manual testing capabilities, ZAP empowers organizations to identify and remediate vulnerabilities early in the development lifecycle. Its integration with CI/CD pipelines ensures that security becomes an integral part of the development process, reducing the risk of security breaches and enhancing overall application security.


  **Average Rating:** 4.7/5.0
  **Total Reviews:** 13
**How Do G2 Users Rate ZAP by Checkmarx?**

- **API / Integrations:** 6.7/10 (Category avg: 8.6/10)
- **Detection Rate:** 6.7/10 (Category avg: 8.7/10)
- **Test Automation:** 6.7/10 (Category avg: 8.7/10)

**Who Is the Company Behind ZAP by Checkmarx?**

- **Seller:** [Checkmarx](https://www.g2.com/sellers/checkmarx)
- **Year Founded:** 2006
- **HQ Location:** Paramus, NJ
- **Twitter:** @Checkmarx (7,284 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/checkmarx (997 employees on LinkedIn®)

**Who Uses This Product?**
  - **Top Industries:** Computer & Network Security
  - **Company Size:** 71% Small-Business, 14% Enterprise


#### What Are ZAP by Checkmarx's Pros and Cons?

**Pros:**

- Ease of Use (6 reviews)
- Automation (5 reviews)
- Automated Testing (3 reviews)
- Easy Integrations (3 reviews)
- Pentesting Efficiency (3 reviews)

**Cons:**

- False Positives (3 reviews)
- Poor Documentation (2 reviews)
- Limited Scope (1 reviews)
- Navigation Problems (1 reviews)
- Poor Customer Support (1 reviews)

### 8. [SOOS](https://www.g2.com/products/soos/reviews)
  SOOS is the complete application security posture management platform. Scan your software for vulnerabilities, control the introduction of new dependencies, exclude unwanted license types, generate and manage Software Bill of Materials (SBOM), and fill out your compliance worksheets across all your teams. SOOS’s ASPM is a dynamic, comprehensive approach to safeguarding your application infrastructure from vulnerabilities across the Software Development Life Cycle (SDLC) and live deployments. Easy to integrate, all in one dashboard. SCA - Deep tree vulnerability scanning, license compliance, governance DAST - Automated Web & API vulnerability scanning Containers - Scan contents for vulnerabilities SAST - Analyze code for security vulnerabilities IaC - Cloud security coverage SBOMs - Create – monitor – manage


  **Average Rating:** 4.6/5.0
  **Total Reviews:** 42
**How Do G2 Users Rate SOOS?**

- **Has the product been a good partner in doing business?:** 9.1/10 (Category avg: 9.2/10)
- **API / Integrations:** 7.4/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.9/10 (Category avg: 8.7/10)
- **Test Automation:** 9.4/10 (Category avg: 8.7/10)

**Who Is the Company Behind SOOS?**

- **Seller:** [SOOS](https://www.g2.com/sellers/soos)
- **Year Founded:** 2019
- **HQ Location:** Winooski, US
- **Twitter:** @soostech (44 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/53122310 (26 employees on LinkedIn®)

**Who Uses This Product?**
  - **Top Industries:** Information Technology and Services, Computer Software
  - **Company Size:** 50% Mid-Market, 43% Small-Business


#### What Are SOOS's Pros and Cons?

**Pros:**

- Ease of Use (8 reviews)
- Easy Integrations (6 reviews)
- Integrations (6 reviews)
- Customer Support (5 reviews)
- Vulnerability Detection (5 reviews)

**Cons:**

- Inadequate Reporting (4 reviews)
- Poor Reporting (4 reviews)
- Lacking Features (3 reviews)
- Lack of Guidance (3 reviews)
- Dashboard Issues (2 reviews)

### 9. [Probely](https://www.g2.com/products/probely/reviews)
  Probely is a web vulnerability scanner that enables customers to easily test the security of their Web Applications & APIs. Our goal is to narrow the gap between development, security, and operations by making security an intrinsic characteristic of web applications development life-cycle, and only report security vulnerabilities that matter, false-positive free and with simple instructions on how to fix them. Probely allows Security teams to efficiently scale security testing by shifting security testing to Development or DevOps teams. We adapt to our customers’ internal processes and integrate Probely into their stack. Probely scan restful APIs, websites, and complex web applications, including rich Javascript applications such as single-page applications (SPA). It detects over 20,000 vulnerabilities, including SQL injection, Cross-Site Scripting (XSS), Log4j, OS Command Injection, and SSL/TLS issues.


  **Average Rating:** 4.7/5.0
  **Total Reviews:** 19
**How Do G2 Users Rate Probely?**

- **Has the product been a good partner in doing business?:** 9.8/10 (Category avg: 9.2/10)
- **API / Integrations:** 6.7/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.3/10 (Category avg: 8.7/10)
- **Test Automation:** 8.3/10 (Category avg: 8.7/10)

**Who Is the Company Behind Probely?**

- **Seller:** [Probely](https://www.g2.com/sellers/probely)
- **Year Founded:** 2016
- **HQ Location:** Porto, PT
- **Twitter:** @probely (527 Twitter followers)
- **LinkedIn® Page:** https://pt.linkedin.com/company/probely (4 employees on LinkedIn®)

**Who Uses This Product?**
  - **Company Size:** 47% Small-Business, 37% Mid-Market


### 10. [InsightAppSec (AppSpider)](https://www.g2.com/products/insightappsec-appspider/reviews)
  Application security testing for the modern web


  **Average Rating:** 3.9/5.0
  **Total Reviews:** 9
**How Do G2 Users Rate InsightAppSec (AppSpider)?**

- **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.2/10)
- **API / Integrations:** 7.2/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.3/10 (Category avg: 8.7/10)
- **Test Automation:** 8.3/10 (Category avg: 8.7/10)

**Who Is the Company Behind InsightAppSec (AppSpider)?**

- **Seller:** [Rapid7](https://www.g2.com/sellers/rapid7)
- **Year Founded:** 2000
- **HQ Location:** Boston, MA
- **Twitter:** @rapid7 (124,369 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/39624/ (3,275 employees on LinkedIn®)
- **Ownership:** NASDAQ:RPD

**Who Uses This Product?**
  - **Company Size:** 60% Enterprise, 40% Small-Business


### 11. [Rainforest Application](https://www.g2.com/products/rainforest-technologies-rainforest-application/reviews)
  Rainforest is the all-in-one cyber security platform with an end-to-end approach to simplify corporate reputation protection by using multiple intelligences and proactive observability, adding Application and Cloud Security (from DevOps to DevSecOps), Vulnerability Intelligence, and Brand reputation (Fraud and Leak monitoring). Rainforest Application, Rainforest Cloud, and Rainforest Asset modules allow development and security teams have visibility of all applications lifecycle, in a simple and quick way, providing vulnerability management always that a new line is coded. Rainforest Fraud, Rainforest Leak, and Rainforest Asset build an integrated vision of Vulnerability and Brand Intelligence, guiding security and compliance teams in an efficient manner on potential exposure points, according to their importance to the business regarding the company's reputation.


  **Average Rating:** 4.9/5.0
  **Total Reviews:** 12
**How Do G2 Users Rate Rainforest Application?**

- **Has the product been a good partner in doing business?:** 9.8/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.7/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.7/10 (Category avg: 8.7/10)
- **Test Automation:** 9.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind Rainforest Application?**

- **Seller:** [Rainforest Technologies](https://www.g2.com/sellers/rainforest-technologies)
- **HQ Location:** Wilmington, Delaware
- **LinkedIn® Page:** https://www.linkedin.com/company/80967943 (12 employees on LinkedIn®)

**Who Uses This Product?**
  - **Company Size:** 42% Mid-Market, 42% Small-Business


### 12. [ImmuniWeb AI Platform](https://www.g2.com/products/immuniweb-ai-platform/reviews)
  The ImmuniWeb AI Platform helps over 1,000 enterprise customers from more than 50 countries to test, secure and protect their web and mobile applications, APIs and microservices, cloud and networks, to prevent data breaches and reduce third-party risk, and to comply with regulatory requirements. ImmuniWeb’s products available on the Platform include Continuous Threat Exposure Management (CTEM), External Attack Surface Management (EASM), Dark Web Monitoring and phishing websites takedown, as well as vulnerability scanning and penetration testing for web and mobile apps, cloud and network infrastructure, and LLM models. Headquartered in Geneva, Switzerland, ImmuniWeb has offices in Washington, London and Dubai to provide an uninterrupted service to all global customers and partners.


  **Average Rating:** 4.7/5.0
  **Total Reviews:** 11
**How Do G2 Users Rate ImmuniWeb AI Platform?**

- **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.2/10)

**Who Is the Company Behind ImmuniWeb AI Platform?**

- **Seller:** [ImmuniWeb](https://www.g2.com/sellers/immuniweb-8be8a6d5-dde6-41c6-b289-3ad6257f0258)
- **Year Founded:** 2019
- **HQ Location:** Geneva, CH
- **Twitter:** @immuniweb (8,486 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/immuniweb/ (33 employees on LinkedIn®)

**Who Uses This Product?**
  - **Company Size:** 92% Mid-Market, 8% Small-Business


#### What Are ImmuniWeb AI Platform's Pros and Cons?

**Pros:**

- Vulnerability Detection (4 reviews)
- Customer Support (3 reviews)
- Monitoring (2 reviews)
- Monitoring Efficiency (2 reviews)
- Alert Notifications (1 reviews)

**Cons:**

- Complexity (1 reviews)
- Integration Issues (1 reviews)
- Lack of Integration (1 reviews)
- Limited Features (1 reviews)
- Limited Flexibility (1 reviews)

### 13. [ResilientX Security Platform](https://www.g2.com/products/resilientx-security-platform/reviews)
  ResilientX Unified Exposure Management Platform is the leading platform that unifies Attack Surface Management, Web Application Security Testing, Network Security Testing, Cloud Security Posture Management, and Third-Party Risk Management.


  **Average Rating:** 5.0/5.0
  **Total Reviews:** 17
**How Do G2 Users Rate ResilientX Security Platform?**

- **Has the product been a good partner in doing business?:** 9.8/10 (Category avg: 9.2/10)
- **API / Integrations:** 9.7/10 (Category avg: 8.6/10)
- **Detection Rate:** 10.0/10 (Category avg: 8.7/10)
- **Test Automation:** 10.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind ResilientX Security Platform?**

- **Seller:** [ResilientX](https://www.g2.com/sellers/resilientx)
- **Year Founded:** 2022
- **HQ Location:** London
- **Twitter:** @ResilientXcyber (33 Twitter followers)
- **LinkedIn® Page:** http://www.linkedin.com/company/resilientx (12 employees on LinkedIn®)

**Who Uses This Product?**
  - **Company Size:** 47% Mid-Market, 35% Small-Business


#### What Are ResilientX Security Platform's Pros and Cons?

**Pros:**

- Security (4 reviews)
- Vulnerability Detection (4 reviews)
- Comprehensive Security (3 reviews)
- Customer Support (3 reviews)
- Detection (3 reviews)

**Cons:**

- Complex Setup (1 reviews)
- Difficult Customization (1 reviews)
- Difficult Initial Setup (1 reviews)
- Integration Issues (1 reviews)
- Lack of Integration (1 reviews)

### 14. [DerScanner](https://www.g2.com/products/derscanner/reviews)
  DerScanner is a complete application security testing solution to eliminate known and unknown code threats across Software Development Lifecycle. DerScanner static code analysis offers developers the support for 43 programming languages ensuring thorough security coverage for almost any application. DerScanner's SAST uniquely analyzes both source and binary files, revealing hidden vulnerabilities that are often missed in standard scans. This is especially crucial for legacy applications or when source code access is limited. DerScanner’s DAST feature mimics an external attacker, similar to penetration testing. This is vital for finding vulnerabilities that only appear when the application is operational. DAST in DerScanner enriches SAST findings by cross-checking and correlating vulnerabilities detected by both methods. With DerScanner Software Composition Analysis you can gain critical insights into open-source components and dependencies in your projects. It helps identify vulnerabilities early and ensures compliance with licensing terms, reducing legal risks. DerScanner's Supply Chain Security continuously monitors public repositories, evaluating the security posture of each package. This allows you to make informed decisions about using open-source components in your applications.


  **Average Rating:** 5.0/5.0
  **Total Reviews:** 8
**How Do G2 Users Rate DerScanner?**

- **API / Integrations:** 10.0/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.7/10 (Category avg: 8.7/10)
- **Test Automation:** 10.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind DerScanner?**

- **Seller:** [DerSecur](https://www.g2.com/sellers/dersecur)
- **Year Founded:** 2011
- **HQ Location:** Dubai
- **LinkedIn® Page:** https://www.linkedin.com/company/dersecur/ (16 employees on LinkedIn®)

**Who Uses This Product?**
  - **Top Industries:** Information Technology and Services
  - **Company Size:** 88% Small-Business, 63% Mid-Market


### 15. [Threatspy](https://www.g2.com/products/secure-blink-threatspy/reviews)
  Threatspy, is a developer-first, AI-powered AppSec management platform. Threatspy empowers developers and security teams to proactively identify and mitigate both known and unknown vulnerabilities in applications and APIs through automated detection, prioritization, and remediation processes. By leveraging Threatspy, organisations can enhance their security posture, reduce risk, and ensure the resilience of their digital infrastructure.


  **Average Rating:** 4.7/5.0
  **Total Reviews:** 24
**How Do G2 Users Rate Threatspy?**

- **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10)

**Who Is the Company Behind Threatspy?**

- **Seller:** [Secure Blink](https://www.g2.com/sellers/secure-blink)
- **Year Founded:** 2020
- **HQ Location:** Lewes, Delaware
- **LinkedIn® Page:** https://www.linkedin.com/company/secure-blink/ (9 employees on LinkedIn®)

**Who Uses This Product?**
  - **Top Industries:** Information Technology and Services
  - **Company Size:** 42% Small-Business, 42% Mid-Market


#### What Are Threatspy's Pros and Cons?

**Pros:**

- Security (6 reviews)
- Ease of Use (5 reviews)
- Vulnerability Identification (5 reviews)
- Customer Support (4 reviews)
- Efficiency Improvement (3 reviews)

**Cons:**

- Limited Customization (1 reviews)
- Poor Customer Support (1 reviews)
- Slow Scanning (1 reviews)
- Vulnerability Management (1 reviews)

### 16. [Traceable AI](https://www.g2.com/products/traceable-ai/reviews)
  Traceable is the industry’s leading API Security company that helps organizations protect their digital systems and assets in a cloud-first world where everything is interconnected. Traceable is the only intelligent and context-aware platform that powers complete API security. Security Posture Management: Traceable helps organizations dramatically improve their security posture with a real time, risk ranked catalog of all APIs in their ecosystem, conformance analysis, identification of shadow and orphaned APIs, and visibility of sensitive data flows. RunTime Threat Protection: Traceable observes user level transactions and applies mature machine learning algorithms to discover anomalous transactions, alert the security team, and block attacks at the user level. Threat management and analytics: Traceable helps organizations analyze attacks and incidents with its API data lake, which provides rich historical data of nominal and malicious traffic. API Security Testing throughout the SDLC: Traceable connects the security lifecycle together with the DevOps lifecycle providing automated API Security tests to be run within the CI pipeline. Digital Fraud Prevention: Traceable brings together its broad and deep data collection over time and cutting edge machine learning to identify fraud across all API transactions


  **Average Rating:** 4.7/5.0
  **Total Reviews:** 23
**How Do G2 Users Rate Traceable AI?**

- **Has the product been a good partner in doing business?:** 9.8/10 (Category avg: 9.2/10)

**Who Is the Company Behind Traceable AI?**

- **Seller:** [Harness](https://www.g2.com/sellers/harness-25016f40-e80f-4417-bea8-39412055d17a)
- **Company Website:** https://harness.io/
- **Year Founded:** 2018
- **HQ Location:** San Francisco
- **Twitter:** @HarnessWealth (1,393 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/harnessinc/ (1,611 employees on LinkedIn®)

**Who Uses This Product?**
  - **Top Industries:** Financial Services
  - **Company Size:** 70% Enterprise, 17% Mid-Market


#### What Are Traceable AI's Pros and Cons?

**Pros:**

- Customer Support (11 reviews)
- Security (8 reviews)
- Setup Ease (4 reviews)
- API Management (3 reviews)
- Customization (2 reviews)

**Cons:**

- Limited Features (3 reviews)
- False Positives (2 reviews)
- Inefficiency (2 reviews)
- Poor Documentation (2 reviews)
- Poor Reporting (2 reviews)

### 17. [HostedScan.com](https://www.g2.com/products/hostedscan-com/reviews)
  HostedScan provides 24x7 alerts and detection for security vulnerabilities. Industry-standard, open-source, vulnerability scans. Automated alerts when something changes. Manage target list manually or import automatically from providers, such as AWS, DigitalOcean, and Linode, with read-only access. Manage and audit risks with dashboarding and reporting.


  **Average Rating:** 4.3/5.0
  **Total Reviews:** 13
**How Do G2 Users Rate HostedScan.com?**

- **Has the product been a good partner in doing business?:** 8.3/10 (Category avg: 9.2/10)

**Who Is the Company Behind HostedScan.com?**

- **Seller:** [HostedScan](https://www.g2.com/sellers/hostedscan)
- **Year Founded:** 2019
- **HQ Location:** Seattle, Washington
- **Twitter:** @hostedscan (59 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/69116669 (4 employees on LinkedIn®)

**Who Uses This Product?**
  - **Company Size:** 85% Small-Business, 15% Mid-Market


### 18. [Cyber Chief](https://www.g2.com/products/cyber-chief/reviews)
  Cyber Chief is a vulnerability scanner & issue management tool that helps you ship software with zero known security vulnerabilities. It gives your software team the power to find and fix thousands of vulnerabilities in your web applications and cloud infrastructure. With its one-click vulnerability scanning and smart vulnerability management features, Cyber Chief will help your software team secure their applications abs infrastructure, even if there is zero application security qualifications or experience on the team. Cyber Chief is cloud-based and has military-grade security controls so that your security secrets are kept safe.


  **Average Rating:** 4.5/5.0
  **Total Reviews:** 7
**How Do G2 Users Rate Cyber Chief?**

- **Has the product been a good partner in doing business?:** 7.8/10 (Category avg: 9.2/10)
- **Detection Rate:** 8.3/10 (Category avg: 8.7/10)
- **Test Automation:** 6.7/10 (Category avg: 8.7/10)

**Who Is the Company Behind Cyber Chief?**

- **Seller:** [Audacix](https://www.g2.com/sellers/audacix)
- **Year Founded:** 2015
- **HQ Location:** Melbourne, Victoria
- **LinkedIn® Page:** https://www.linkedin.com/company/audacix/ (14 employees on LinkedIn®)

**Who Uses This Product?**
  - **Company Size:** 43% Mid-Market, 43% Small-Business


#### What Are Cyber Chief's Pros and Cons?

**Pros:**

- Automated Scanning (2 reviews)
- Customer Support (2 reviews)
- Cybersecurity (2 reviews)
- Vulnerability Detection (2 reviews)
- Vulnerability Identification (2 reviews)


### 19. [OpenText Dynamic Application Security Testing](https://www.g2.com/products/opentext-dynamic-application-security-testing/reviews)
  WebInspect offers automated dynamic application security testing (DAST) and interactive application security testing (IAST) technologies that mimics real-world hacking techniques and attacks, provides comprehensive dynamic analysis of complex web applications and services, and crawls more of the attack surface to exposes exploits.


  **Average Rating:** 4.4/5.0
  **Total Reviews:** 5
**How Do G2 Users Rate OpenText Dynamic Application Security Testing?**

- **Has the product been a good partner in doing business?:** 8.3/10 (Category avg: 9.2/10)
- **API / Integrations:** 6.7/10 (Category avg: 8.6/10)
- **Detection Rate:** 7.5/10 (Category avg: 8.7/10)
- **Test Automation:** 8.3/10 (Category avg: 8.7/10)

**Who Is the Company Behind OpenText Dynamic Application Security Testing?**

- **Seller:** [OpenText](https://www.g2.com/sellers/opentext)
- **Year Founded:** 1991
- **HQ Location:** Waterloo, ON
- **Twitter:** @OpenText (21,564 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/2709/ (23,339 employees on LinkedIn®)
- **Ownership:** NASDAQ:OTEX

**Who Uses This Product?**
  - **Company Size:** 80% Enterprise, 20% Mid-Market


#### What Are OpenText Dynamic Application Security Testing's Pros and Cons?

**Pros:**

- Accuracy of Results (1 reviews)
- Scanning Efficiency (1 reviews)

**Cons:**

- Integration Issues (1 reviews)

### 20. [ZeroThreat](https://www.g2.com/products/zerothreat/reviews)
  ZeroThreat is an AI-powered web application and API penetration testing platform designed to identify real, exploitable vulnerabilities, not just surface-level findings. Built for modern engineering teams, it combines Agentic AI pentesting with a high-performance scanning engine to deliver up to 10× faster, deeply validated security testing. Unlike traditional DAST tools that rely on static signatures and generate excessive noise, ZeroThreat executes adaptive, attacker-style workflows that evolve based on application behavior. Its interpreter-driven vulnerability intelligence continuously ingests emerging threats and newly disclosed CVEs, enabling near real-time detection updates and rapid CVE-to-exploit mapping. The platform supports over 100,000 vulnerability checks, including native Nuclei template execution, and extends beyond known issues with zero-day detection through behavioral pattern analysis. It validates every finding through live exploit execution, ensuring only real, impactful vulnerabilities are reported, with clear proof of risk and exposed data.


  **Average Rating:** 4.8/5.0
  **Total Reviews:** 10
**How Do G2 Users Rate ZeroThreat?**

- **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10)
- **API / Integrations:** 10.0/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.3/10 (Category avg: 8.7/10)
- **Test Automation:** 5.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind ZeroThreat?**

- **Seller:** [ZeroThreat](https://www.g2.com/sellers/zerothreat)
- **HQ Location:** Delaware, US
- **LinkedIn® Page:** https://www.linkedin.com/company/zerothreat (6 employees on LinkedIn®)

**Who Uses This Product?**
  - **Company Size:** 50% Enterprise, 30% Mid-Market


#### What Are ZeroThreat's Pros and Cons?

**Pros:**

- Ease of Use (9 reviews)
- Vulnerability Detection (8 reviews)
- Accuracy of Results (7 reviews)
- Setup Ease (7 reviews)
- Easy Setup (6 reviews)

**Cons:**

- Inefficient Filtering (3 reviews)
- Integration Issues (3 reviews)
- Limited Integration (3 reviews)
- Slow Performance (3 reviews)
- UX Improvement (3 reviews)

### 21. [Code Dx](https://www.g2.com/products/code-dx/reviews)
  Code Dx’s automated application vulnerability correlation shaves weeks off that process so you can get right to fixing your code. Its vulnerability management lets you quickly prioritize vulnerabilities (to fix the most important ones first), track progress of their remediation, and observe how your code's security changes over time.


  **Average Rating:** 4.3/5.0
  **Total Reviews:** 3
**How Do G2 Users Rate Code Dx?**

- **API / Integrations:** 8.9/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.9/10 (Category avg: 8.7/10)
- **Test Automation:** 8.9/10 (Category avg: 8.7/10)

**Who Is the Company Behind Code Dx?**

- **Seller:** [Code Dx](https://www.g2.com/sellers/code-dx)
- **Year Founded:** 2002
- **HQ Location:** Burlington, Massachusetts, United States
- **LinkedIn® Page:** https://www.linkedin.com/company/black-duck-software (1,250 employees on LinkedIn®)

**Who Uses This Product?**
  - **Company Size:** 67% Enterprise, 33% Mid-Market


#### What Are Code Dx's Pros and Cons?

**Pros:**

- Accuracy of Results (1 reviews)
- Insightful Analysis (1 reviews)

**Cons:**

- Inaccuracy (1 reviews)

### 22. [Escape](https://www.g2.com/products/escape/reviews)
  Escape is the only DAST that works with your modern stack and tests business logic instead of missing headers Escape helps teams secure modern applications: • Document all your APIs in minutes and enrich your API inventory with seamless integrations • Discover vulnerabilities even at a business logic level with our proprietary AI-powered algorithm • Escape fits right into your modern stack, supporting modern web frameworks, APIs, CI/CD, and Wiz without hassle. • Ensure comprehensive coverage of GraphQL-specific vulnerabilities


  **Average Rating:** 5.0/5.0
  **Total Reviews:** 9
**How Do G2 Users Rate Escape?**

- **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.2/10)
- **API / Integrations:** 7.8/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.3/10 (Category avg: 8.7/10)
- **Test Automation:** 8.9/10 (Category avg: 8.7/10)

**Who Is the Company Behind Escape?**

- **Seller:** [Escape](https://www.g2.com/sellers/escape)
- **Year Founded:** 2020
- **HQ Location:** Paris, France
- **Twitter:** @escapetechHQ (344 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/escapetech/ (56 employees on LinkedIn®)

**Who Uses This Product?**
  - **Company Size:** 56% Small-Business, 33% Mid-Market


#### What Are Escape's Pros and Cons?

**Pros:**

- Ease of Use (3 reviews)
- Easy Integrations (2 reviews)
- Scanning Technology (2 reviews)
- Security (2 reviews)
- API Management (1 reviews)

**Cons:**

- Complex Setup (1 reviews)
- Difficult Upgrades (1 reviews)
- Limited Features (1 reviews)
- Missing Features (1 reviews)
- Update Issues (1 reviews)

### 23. [rezilion](https://www.g2.com/products/rezilion/reviews)
  Rezilion's software attack surface management platform automatically secures the software you deliver to customers, giving teams time back to build. Rezilion works across your stack, helping you to know what software is in your environment, what is vulnerable, and what is actually exploitable, so you can focus on what matters and remediate automatically. KEY FEATURES: - Dynamic SBOM Create an instant inventory of all the software components in your environment - Vulnerability Validation Know which of your software vulnerabilities are exploitable, and which are not, through runtime analysis - Vulnerability Remediation Cluster vulnerabilities to eliminate multiple problems at once and automatically execute remediation work to save teams time. WITH REZILION, ACHIEVE: - 85% reduction in patching work after filtering out unexplainable vulnerabilities - 24/7 Continuous monitoring of your software attack surface -600% Faster time to remediate when you focus on what matters and patch automatically - 360-degree visibility across your entire DevSecOps stack -- not just in silos


  **Average Rating:** 4.4/5.0
  **Total Reviews:** 11
**How Do G2 Users Rate rezilion?**

- **Has the product been a good partner in doing business?:** 8.3/10 (Category avg: 9.2/10)
- **API / Integrations:** 10.0/10 (Category avg: 8.6/10)
- **Detection Rate:** 10.0/10 (Category avg: 8.7/10)
- **Test Automation:** 10.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind rezilion?**

- **Seller:** [rezilion](https://www.g2.com/sellers/rezilion)
- **Year Founded:** 2018
- **HQ Location:** Be'er Sheva, Israel
- **Twitter:** @rezilion_ (199 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/18716043 (5 employees on LinkedIn®)

**Who Uses This Product?**
  - **Company Size:** 45% Mid-Market, 36% Enterprise


### 24. [CyCognito](https://www.g2.com/products/cycognito/reviews)
  CyCognito is a cybersecurity solution designed to help organizations discover, test, and prioritize security issues across their digital landscape. By leveraging advanced artificial intelligence, CyCognito scans billions of websites, cloud applications, and APIs to identify potential vulnerabilities and critical risks. This proactive approach enables organizations to address security concerns before they can be exploited by malicious actors, thereby enhancing their overall security posture. The target audience for CyCognito includes emerging companies, government agencies, and Fortune 500 organizations, all of which face increasing threats in today's digital environment. These entities require robust security measures to protect sensitive data and maintain compliance with various regulations. CyCognito serves as an essential tool for security teams, providing them with the insights needed to understand their risk exposure and prioritize remediation efforts effectively. One of the key features of the CyCognito platform is its comprehensive scanning capability, which covers a vast range of digital assets. This extensive reach ensures that organizations can identify vulnerabilities across all their online presence, including third-party services and shadow IT. The platform's AI-driven analysis further enhances its effectiveness by automatically assessing the severity of identified risks, allowing security teams to focus on the most critical issues that could lead to significant breaches. In addition to risk discovery, CyCognito offers actionable guidance for remediation, helping organizations to implement effective security measures. The platform provides detailed insights into the nature of the vulnerabilities and suggests specific steps to mitigate them. This feature not only streamlines the remediation process but also empowers organizations to build a more resilient security framework over time. By integrating CyCognito into their cybersecurity strategy, organizations can significantly reduce their risk exposure and enhance their ability to respond to emerging threats. The platform's unique combination of extensive scanning, AI-driven risk assessment, and actionable remediation guidance positions it as a valuable asset for any organization looking to strengthen its security posture in an increasingly complex threat landscape.


  **Average Rating:** 4.3/5.0
  **Total Reviews:** 5
**How Do G2 Users Rate CyCognito?**

- **Has the product been a good partner in doing business?:** 8.3/10 (Category avg: 9.2/10)
- **API / Integrations:** 10.0/10 (Category avg: 8.6/10)
- **Detection Rate:** 10.0/10 (Category avg: 8.7/10)
- **Test Automation:** 10.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind CyCognito?**

- **Seller:** [CyCognito](https://www.g2.com/sellers/cycognito)
- **Year Founded:** 2017
- **HQ Location:** Palo Alto, California, United States
- **Twitter:** @CyCognito (10,316 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/cycognito (137 employees on LinkedIn®)

**Who Uses This Product?**
  - **Company Size:** 80% Small-Business, 20% Enterprise


#### What Are CyCognito's Pros and Cons?

**Pros:**

- Ease of Use (2 reviews)
- Vulnerability Identification (2 reviews)
- Comprehensive Analysis (1 reviews)
- Customer Support (1 reviews)
- Cybersecurity (1 reviews)

**Cons:**

- Authentication Issues (1 reviews)
- Expensive (1 reviews)
- False Positives (1 reviews)
- Inadequate Remediation (1 reviews)
- Lack of Detail (1 reviews)

### 25. [OpenText Core Application Security](https://www.g2.com/products/opentext-opentext-core-application-security/reviews)
  Manage, measure and integrate security for the entire software lifecycle.


  **Average Rating:** 4.0/5.0
  **Total Reviews:** 3
**How Do G2 Users Rate OpenText Core Application Security?**

- **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.2/10)
- **API / Integrations:** 10.0/10 (Category avg: 8.6/10)
- **Detection Rate:** 10.0/10 (Category avg: 8.7/10)
- **Test Automation:** 3.3/10 (Category avg: 8.7/10)

**Who Is the Company Behind OpenText Core Application Security?**

- **Seller:** [OpenText](https://www.g2.com/sellers/opentext)
- **Year Founded:** 1991
- **HQ Location:** Waterloo, ON
- **Twitter:** @OpenText (21,564 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/2709/ (23,339 employees on LinkedIn®)
- **Ownership:** NASDAQ:OTEX

**Who Uses This Product?**
  - **Company Size:** 33% Enterprise, 33% Mid-Market


#### What Are OpenText Core Application Security's Pros and Cons?

**Pros:**

- Automation Testing (1 reviews)
- Efficiency (1 reviews)
- User Interface (1 reviews)
- Vulnerability Detection (1 reviews)

**Cons:**

- Integration Issues (1 reviews)
- Limited Integration (1 reviews)


    ## What Is Dynamic Application Security Testing (DAST) Software?
  [DevSecOps Software](https://www.g2.com/categories/devsecops)
  ## What Software Categories Are Similar to Dynamic Application Security Testing (DAST) Software?
    - [Vulnerability Scanner Software](https://www.g2.com/categories/vulnerability-scanner)
    - [Website Security Software](https://www.g2.com/categories/website-security)
    - [Penetration Testing Tools](https://www.g2.com/categories/penetration-testing-tools)
    - [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast)
    - [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis)
    - [API Security Tools](https://www.g2.com/categories/api-security)
    - [Interactive Application Security Testing (IAST) Software](https://www.g2.com/categories/interactive-application-security-testing-iast)

  
---

## How Do You Choose the Right Dynamic Application Security Testing (DAST) Software?

### What You Should Know About Dynamic Application Security Testing (DAST) Software

### What is Dynamic Application Security Testing (DAST) Software?

Dynamic application security testing (DAST) is one of the many technology groupings of security testing solutions. DAST is a form of black-box security testing, meaning it simulates realistic threats and attacks. This differs from other forms of testing such as static application security testing (SAST), a white-box testing methodology used to examine the source code of an application.

DAST includes a number of testing components that operate while an application is running. Security professionals simulate real-world functionality through testing the application for vulnerabilities and then evaluate the effects on application performance. The methodology is often used to find issues near the end of the software development lifecycle. These issues may be tougher to fix than early flaws and bugs are, but those flaws pose a larger threat to critical components of an application.

DAST can also be thought of as a methodology. It’s a different approach than traditional security testing because once a test is completed, there are still tests to be done. It involves periodic inspections as updates are pushed live or changes are made before release. While a penetration test or code scan might serve as a one-off test for specific vulnerabilities or bugs, dynamic testing can be performed continually throughout the lifecycle of an application.

Key Benefits of Dynamic Application Security Testing (DAST) Software

- Simulate realistic attacks and threats
- Discover vulnerabilities not found in source code
- Flexible and customizable testing options
- Comprehensive assessment and scalable testing

### Why Use Dynamic Application Security Testing (DAST) Software?

There are a number of testing solutions necessary for an all-encompassing approach to security testing and vulnerability discovery. Most start in the early stages of software development and help programmers discover bugs in the code and issues with the underlying framework or design. These tests require access to source code and are often used during development and quality assurance (QA) processes.

While early testing solutions approach testing from the standpoint of the developer, DAST approaches testing from the standpoint of a hacker. These tools simulate real threats to a functional, running application. Security professionals can simulate common attacks such as SQL injection and cross-site scripting or customize tests to threats specific to their product. These tools offer a highly customizable solution for testing during the later stages of development and while applications are deployed.

**Flexibility —** Users can schedule tests as they please or perform them continuously throughout an application’s or website’s lifecycle. Security professionals can modify environments to simulate their resources and infrastructure to ensure a realistic test and evaluation. They’re often scalable, as well, to see if increased traffic or usage would affect vulnerabilities and protection.

Industries with more specific threats may require more specific testing. Security professionals may identify a threat specific to the health care industry or financial sector and alter tests to simulate the threats most common to them. If performed correctly, these tools offer some of the most realistic and customizable solutions to the threats present in real-world situations.

**Comprehensiveness —** Threats are continuously evolving and expanding, making the ability to simulate multiple tests more necessary. DAST offers a versatile approach to testing, wherein security professionals can simulate and analyze each threat or attack type individually. These tests deliver comprehensive feedback and actionable insights that security and development teams use to remediate any issues, flaws, and vulnerabilities.

These tools will first perform an initial crawl, or examination, of applications and websites from a third-party perspective. They interact with applications using HTTP, allowing the tools to examine applications built with any programming language or on any framework. The tool will then test for misconfigurations, which expose a greater attack surface than internal vulnerabilities. Additional tests can be run, depending on the solution, but all the results and discoveries can be stored for actionable remediation.

**Continuous assessment —** Agile teams and other companies relying on frequent updates to applications should use DAST products with continuous assessment capabilities. SAST tools will provide more direct solutions for issues related to continuous integration processes, but DAST tools will provide a better view of how updates and changes will be seen from an outside perspective. Each new update may pose a new threat or unveil a new vulnerability; it is therefore crucial to continue testing even after applications have been completed and deployed.

Unlike SAST, DAST also requires less access to potentially sensitive source code within the application. DAST approaches the situation from an outside perspective as simulated threats attempt to gain access to vulnerable systems or sensitive information. This can make it easier to perform tests continuously without requiring individuals to access source code or other internal systems.

### What are the Common Features of Dynamic Application Security Testing (DAST) Software?

Standard functionality is included in most dynamic application security testing (DAST) solutions:

**Compliance testing —** Compliance testing gives users the ability to test for various requirements from regulatory bodies. This can help ensure information is stored securely and protected from hackers.

**Test automation —** Test automation is the feature powering continuous testing processes. This functionality operates by running prescripted tests as frequently as required without the need for hands-on or manual testing.

**Manual testing —** Manual testing gives the user complete control over individual tests. These features allow users to perform hands-on live simulations and penetration tests.

**Command-line tools —** The command-line interface (CLI) is the language interpreter of a computer. CLI capabilities will allow security testers to simulate threats directly from the terminal host system and input command sequences.

**Static code analysis —** Static code analysis and static security testing is used to test from the inside out. These tools help security professionals examine application source code for security flaws without executing it.

**Issue tracking —** Issue tracking helps security professionals and developers document flaws or vulnerabilities as they are discovered. Proper documentation will make it easier to organize the actionable insights provided by the DAST tool.

**Reporting and analytics —** Reporting capabilities are important to DAST tools because they provide the information necessary to remediate any recently discovered vulnerabilities. Reporting and analytics features can also give teams a better idea of how attacks may affect application availability and performance.

**Extensibility —** Many applications offer the ability to expand functionality through the use of integrations, APIs, and plugins. These extensible components provide the ability to extend the platform beyond its native feature set to include additional features and functionalities.

### Potential Issues with Dynamic Application Security Testing (DAST) Software

**Testing coverage —** While DAST technologies have come a long way, DAST tools alone are unable to discover the majority of vulnerabilities. This is why most experts suggest pairing them with SAST solutions. Combining the two can decrease the rate at which false positives occur. They can also be used to simplify the continuous testing process for agile teams. While no tool will detect every vulnerability, DAST may be less efficient than other testing tools if used alone.

**Late-stage issues —** DAST tools will require code to be compiled for each individual test because they rely on simulated functionality to test responses. This can be a roadblock for agile teams constantly integrating new code into an application. Reports are usually static and result from single tests. For agile teams, those reports can become outdated and lose value very quickly. This is just one more reason DAST tools should be used as a component of an all-encompassing security testing stack rather than a standalone solution.

**Testing capabilities —** Because DAST tools do not access an application's underlying source code, there are a number of flaws DAST tools will be unable to detect. For example, DAST tools are most effective at simulating reflection, or call-and-response, attacks where they can simulate an input and receive a response. They are not, however, highly effective in discovering smaller vulnerabilities or flaws in areas of the application that are rarely touched by users. These issues, as well as vulnerabilities in the original source code, will need to be addressed by additional security testing technologies.

### Software and Services Related to Dynamic Application Security Testing (DAST) Software

Most security software focuses on the vulnerabilities of networks and devices. Not all, but some, are used specifically for testing. But there are many different ways to tackle the topic, and using a combination of tools and testing methods is always more effective than relying on one tool alone. These are a few security tools used for various testing purposes.

[**Static application security testing (SAST) software**](https://www.g2.com/categories/static-application-security-testing-sast) **—** SAST tools are used to inspect the underlying source code of an application, making them the perfect complement to DAST tools. Using the tools in tandem is often referred to as interactive application security testing (IAST). This can help combine the black-box nature of DAST and the white-box nature of SAST to both find errors in source code as well as errors in functionality and third-party components of an application.

[**Vulnerability scanners**](https://www.g2.com/categories/vulnerability-scanner) **—** Some people use the term vulnerability scanner to describe DAST tools, but in reality DAST is just one component of most vulnerability scanners. DAST tools are application-specific, while vulnerability scanners typically provide a larger set of features for vulnerability management, risk assessment, and continuous testing.

[**Static code analysis software**](https://www.g2.com/categories/static-code-analysis) **—** Static code analysis tools are more similar to SAST than DAST, in that they’re used to evaluate an application’s source code. These tools are less directed towards security but may provide SAST capabilities. They’re typically used to scan code for a number of flaws that include bugs, security vulnerabilities, performance issues, and any other issue that may present itself if source code is not tested and optimized.