# Best Interactive Application Security Testing (IAST) Software *By [Lauren Worth](https://research.g2.com/insights/author/lauren-worth)* Interactive application security testing (IAST) software inspects and analyzes an application’s code from within to discover security vulnerabilities while the application is running. This testing method differs from both [static application security testing (SAST)](https://www.g2.com/categories/static-application-security-testing-sast), which runs without actually executing an application’s code, and [dynamic application security testing (DAST)](https://www.g2.com/categories/dynamic-application-security-testing-dast), which uses a black-box testing method to perform tests from outside the application. IAST is a faster method for testing code than SAST, which can make it more desirable for teams looking to enhance their [continuous delivery](https://www.g2.com/categories/continuous-delivery) practices. However, IAST software’s real-time speed comes with a comparatively less thorough scanning technique. Unlike SAST software, which analyzes the entire codebase, IAST only executes at specific tester-defined points. IAST software notifies testers when vulnerabilities are discovered and offers remediation suggestions to help teams resolve the issue. To qualify for inclusion in the interactive application security testing (IAST) category, a product must: - Test applications as they are running - Perform predefined tests from within the application - Notify teams of vulnerabilities in real time and offer remediation suggestions ## Category Overview **Total Products under this Category:** 19 ## Trust & Credibility Stats **Why You Can Trust G2's Software Rankings:** - 30 Analysts and Data Experts - 400+ Authentic Reviews - 19+ Products - Unbiased Rankings G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category. ## Best Interactive Application Security Testing (IAST) Software At A Glance - **Leader:** [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) - **Easiest to Use:** [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) - **Top Trending:** [Semgrep](https://www.g2.com/products/semgrep/reviews) - **Best Free Software:** [Contrast Security](https://www.g2.com/products/contrast-security-contrast-security/reviews) --- **Sponsored** ### JFrog JFrog Ltd. (Nasdaq: FROG), the creators of the unified DevOps, DevSecOps, DevGovOps and MLOps platform, is on a mission to create a world of software delivered without friction from development to production. Driven by a “Liquid Software” vision, the JFrog Platform is a software supply chain system of record that is designed to power organizations as they build, manage, and distribute secure software with speed and scale. Holistic security features help identify, protect, and remediate against threats and vulnerabilities. The universal, hybrid, multi-cloud JFrog Platform is available as both SaaS services across major cloud service providers and self-hosted. Millions of users and approximately 6,600 organizations worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely embrace digital transformation in the AI era. Learn more at www.jfrog.com or follow us on X @JFrog. [Visit company website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&secure%5Bad_slot%5D=category_product_list&secure%5Bcategory_id%5D=2835&secure%5Bdisplayable_resource_id%5D=2449&secure%5Bdisplayable_resource_type%5D=Category&secure%5Bmedium%5D=sponsored&secure%5Bplacement_reason%5D=neighbor_category&secure%5Bplacement_resource_ids%5D%5B%5D=2041&secure%5Bplacement_resource_ids%5D%5B%5D=1520&secure%5Bprioritized%5D=false&secure%5Bproduct_id%5D=143017&secure%5Bresource_id%5D=2835&secure%5Bresource_type%5D=Category&secure%5Bsource_type%5D=category_page&secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Finteractive-application-security-testing-iast%2Fenterprise&secure%5Btoken%5D=6ffc3658be012a71159d4945b4a29bd7c5ed7f62afedfac0905f89733f7c564b&secure%5Burl%5D=https%3A%2F%2Fjfrog.com%2Fartifactory%2F%3Futm_source%3Dg2%26utm_medium%3Dcpc_social%26utm_campaign%3Dbrand_awareness_banner_ad%26utm_content%3Du-bin&secure%5Burl_type%5D=custom_url) --- ## Top-Rated Products (Ranked by G2 Score) ### 1. [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) Invicti is an automated application and API security testing solution that allows enterprise organizations to secure thousands of websites, web apps, and APIs and dramatically reduce the risk of attack. By empowering security teams with the most unique DAST + IAST scanning capabilities on the market, Invicti allows organizations with complicated environments to confidently automate their web application and API security. With Invicti, security teams can: - Automate security tasks and save hundreds of hours each month - Gain complete visibility into all your applications — even those that are lost, forgotten, or hidden - Automatically give developers rapid feedback that trains them to write more secure code — so they create fewer vulnerabilities over time - Feel confident that you are equipped with the most powerful application security scanning tool on the market You have the most demanding security needs, and Invicti is the best-in-class application security solution you deserve. **Average Rating:** 4.6/5.0 **Total Reviews:** 65 **User Satisfaction Scores:** - **Ease of Use:** 9.1/10 (Category avg: 8.2/10) - **Quality of Support:** 8.9/10 (Category avg: 8.9/10) - **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.2/10) - **Ease of Admin:** 9.2/10 (Category avg: 8.5/10) **Seller Details:** - **Seller:** [Invicti Security](https://www.g2.com/sellers/invicti-security-04cb0d3d-fd96-45b2-83dc-2038fc9dac92) - **Company Website:** https://www.invicti.com/ - **Year Founded:** 2018 - **HQ Location:** Austin, Texas - **Twitter:** @InvictiSecurity (2,559 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/invicti-security/people/ (332 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 47% Enterprise, 26% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (9 reviews) - Scanning Technology (7 reviews) - Features (6 reviews) - Reporting Quality (6 reviews) - Vulnerability Detection (6 reviews) **Cons:** - Poor Customer Support (3 reviews) - Slow Performance (3 reviews) - Slow Scanning (3 reviews) - API Issues (2 reviews) - Complex Setup (2 reviews) ### 2. [HCL AppScan](https://www.g2.com/products/hcl-appscan/reviews) HCL AppScan is a comprehensive suite of market-leading application security testing solutions (SAST, DAST, IAST, SCA, API), available on-premises and on-cloud. These powerful DevSecOps tools pinpoint application vulnerabilities, allowing for quick remediation in every phase of the software development lifecycle. Fast and Accurate Scanning for Secure DevOps Developers and DevOps teams can quickly and accurately scan code, applications, and APIs for security vulnerabilities while applications are being developed. This allows companies to fix issues at the earliest stages of the software development lifecycle, when it is least costly to the business. Focus on the Fix Continuous monitoring with IAST, along with auto issue correlation with DAST and SAST scan results allows DevOps teams to group and prioritize findings for faster, more streamlined remediation. Enterprise Management for Security Teams Centralized, easy-to-use dashboards provide visibility and oversight of all security scanning and remediation, and allow users to set scan parameters and compliance policies. **Average Rating:** 4.1/5.0 **Total Reviews:** 74 **User Satisfaction Scores:** - **Ease of Use:** 8.6/10 (Category avg: 8.2/10) - **Quality of Support:** 8.5/10 (Category avg: 8.9/10) - **Has the product been a good partner in doing business?:** 8.8/10 (Category avg: 9.2/10) - **Ease of Admin:** 8.6/10 (Category avg: 8.5/10) **Seller Details:** - **Seller:** [HCL Technologies](https://www.g2.com/sellers/hcl-technologies) - **Year Founded:** 1999 - **HQ Location:** Noida, Uttar Pradesh - **Twitter:** @hcltech (425,608 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/1756/ (251,431 employees on LinkedIn®) - **Ownership:** NSE - National Stock Exchange of India **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 54% Enterprise, 28% Small-Business ### 3. [Contrast Security](https://www.g2.com/products/contrast-security-contrast-security/reviews) Contrast Security is the global leader in Application Detection and Response (ADR), empowering organizations to see and stop attacks on applications and APIs in real time. Contrast embeds patented threat sensors directly into the software, delivering unmatched visibility and protection. With continuous, real-time defense, Contrast uncovers hidden application layer risks that traditional solutions miss. Contrast’s powerful Runtime Security technology equips developers, AppSec teams and SecOps with one platform that proactively protects and defends applications and APIs against evolving threats. **Average Rating:** 4.5/5.0 **Total Reviews:** 49 **User Satisfaction Scores:** - **Ease of Use:** 8.6/10 (Category avg: 8.2/10) - **Quality of Support:** 9.3/10 (Category avg: 8.9/10) - **Has the product been a good partner in doing business?:** 9.0/10 (Category avg: 9.2/10) - **Ease of Admin:** 8.9/10 (Category avg: 8.5/10) **Seller Details:** - **Seller:** [Contrast Security](https://www.g2.com/sellers/contrast-security) - **Company Website:** https://contrastsecurity.com - **Year Founded:** 2014 - **HQ Location:** Pleasanton, CA - **Twitter:** @contrastsec (5,482 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/contrast-security/ (224 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Insurance, Information Technology and Services - **Company Size:** 67% Enterprise, 20% Mid-Market #### Pros & Cons **Pros:** - Accuracy of Findings (2 reviews) - Accuracy of Results (2 reviews) - Vulnerability Detection (2 reviews) - Automated Scanning (1 reviews) - Automation (1 reviews) **Cons:** - Complex Setup (1 reviews) - Difficult Setup (1 reviews) - Performance Issues (1 reviews) - Problematic Updates (1 reviews) - Setup Complexity (1 reviews) ### 4. [OpenText Core Application Security](https://www.g2.com/products/opentext-core-application-security/reviews) Fortify on Demand (FoD) is a complete Application Security as a Service solution. It offers an easy way to get started with the flexibility to scale. In addition to static and dynamic, Fortify on Demand covers in-depth mobile app security testing, open-source analysis, and vendor application security management. False positives are removed for every test and test results can be manually reviewed by application security experts. **Average Rating:** 4.1/5.0 **Total Reviews:** 34 **User Satisfaction Scores:** - **Ease of Use:** 8.2/10 (Category avg: 8.2/10) - **Quality of Support:** 7.9/10 (Category avg: 8.9/10) - **Has the product been a good partner in doing business?:** 9.0/10 (Category avg: 9.2/10) - **Ease of Admin:** 8.9/10 (Category avg: 8.5/10) **Seller Details:** - **Seller:** [OpenText](https://www.g2.com/sellers/opentext) - **Year Founded:** 1991 - **HQ Location:** Waterloo, ON - **Twitter:** @OpenText (21,588 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/2709/ (23,339 employees on LinkedIn®) - **Ownership:** NASDAQ:OTEX **Reviewer Demographics:** - **Top Industries:** Information Technology and Services - **Company Size:** 41% Enterprise, 32% Small-Business ### 5. [Checkmarx](https://www.g2.com/products/checkmarx/reviews) Checkmarx is the leader in application security for the AI era, delivering enterprise-grade protection that lowers engineering costs and accelerates development velocity. As AI accelerates software creation beyond human speed and scale, Checkmarx ensures security keeps pace, embedding intelligent, autonomous protection directly into how applications are built. The Checkmarx One platform scans trillions of lines of code each year across every industry, cutting vulnerability density by more than half based on aggregated customer data. Its unified architecture spans code, open-source dependencies, AI assets, and runtime environments, providing full visibility and governance across the entire software and AI supply chain. Autonomous security agents detect and counter AI-driven threats across the SDLC, delivering prevention-first protection for legacy, modern, and AI-generated code at enterprise scale. Key capabilities include AI SAST, DAST for AI, AI Supply Chain Security, Software Composition Analysis (SCA), and Application Security Posture Management (ASPM). The Checkmarx Assist family - Developer Assist, Triage Assist, and Remediation Assist - embeds security intelligence across the development lifecycle, prioritizes real-world risk, and generates review-ready fixes before vulnerabilities reach production. Checkmarx shifts application security from reactive review to continuous, intelligent governance, helping enterprises close the risk gap without slowing innovation, whether securing legacy systems, cloud-native environments, or AI-powered applications. **Average Rating:** 4.2/5.0 **Total Reviews:** 32 **User Satisfaction Scores:** - **Ease of Use:** 8.2/10 (Category avg: 8.2/10) - **Quality of Support:** 8.3/10 (Category avg: 8.9/10) - **Has the product been a good partner in doing business?:** 8.3/10 (Category avg: 9.2/10) - **Ease of Admin:** 7.9/10 (Category avg: 8.5/10) **Seller Details:** - **Seller:** [Checkmarx](https://www.g2.com/sellers/checkmarx) - **Year Founded:** 2006 - **HQ Location:** Paramus, NJ - **Twitter:** @Checkmarx (7,263 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/checkmarx (997 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 58% Enterprise, 25% Mid-Market #### Pros & Cons **Pros:** - Implementation Ease (2 reviews) - User Interface (2 reviews) - Accuracy of Results (1 reviews) - Automation Testing (1 reviews) - Customer Support (1 reviews) **Cons:** - False Positives (1 reviews) - Lacking Features (1 reviews) - Missing Features (1 reviews) - Poor Navigation (1 reviews) ### 6. [Semgrep](https://www.g2.com/products/semgrep/reviews) Semgrep is a modern static analysis (SAST), software composition analysis (SCA), and secrets detection platform designed for both developers and security teams. It combines fast, deterministic analysis with context-aware AI that triages findings like a senior security engineer. The AI Assistant helps reduce false positives, prioritize meaningful results, and offers clear remediation guidance. Its “Memories” feature learns from past decisions to further reduce triage noise over time. Semgrep also supports deep analysis of transitive dependencies, not just direct ones, helping teams surface and address hidden risks in their supply chain. It integrates well into modern development workflows and is easy to customize across environments. **Average Rating:** 4.6/5.0 **Total Reviews:** 55 **User Satisfaction Scores:** - **Ease of Use:** 9.1/10 (Category avg: 8.2/10) - **Quality of Support:** 8.8/10 (Category avg: 8.9/10) - **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.2/10) - **Ease of Admin:** 9.1/10 (Category avg: 8.5/10) **Seller Details:** - **Seller:** [Semgrep](https://www.g2.com/sellers/semgrep) - **Company Website:** https://semgrep.dev - **Year Founded:** 2017 - **HQ Location:** San Francisco, US - **Twitter:** @semgrep (4,239 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/returntocorp (238 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 45% Enterprise, 42% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (16 reviews) - Features (14 reviews) - Vulnerability Detection (13 reviews) - Scanning Efficiency (12 reviews) - Security (12 reviews) **Cons:** - Not User-Friendly (7 reviews) - Limited Features (6 reviews) - Difficult Learning (5 reviews) - Lack of Guidance (5 reviews) - Learning Curve (5 reviews) ### 7. [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews) Veracode helps companies that innovate through software deliver secure code on time. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline,empower developers to fix security defects, and scales your program through best practices to achieve your desired outcomes. Veracode covers your all your AppSec needs in one solution through a combination of five analysis types available for 24 programming languages, 77 frameworks, and application types as varied as microservices, mainframe and mobile apps. **Average Rating:** 3.8/5.0 **Total Reviews:** 24 **User Satisfaction Scores:** - **Ease of Use:** 7.3/10 (Category avg: 8.2/10) - **Quality of Support:** 8.0/10 (Category avg: 8.9/10) - **Has the product been a good partner in doing business?:** 7.9/10 (Category avg: 9.2/10) - **Ease of Admin:** 7.4/10 (Category avg: 8.5/10) **Seller Details:** - **Seller:** [VERACODE](https://www.g2.com/sellers/veracode) - **Year Founded:** 2006 - **HQ Location:** Burlington, MA - **Twitter:** @Veracode (21,994 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/27845/ (515 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services - **Company Size:** 72% Enterprise, 28% Mid-Market #### Pros & Cons **Pros:** - Security (2 reviews) - Vulnerability Detection (2 reviews) - Accuracy of Results (1 reviews) - Automated Scanning (1 reviews) - Code Quality (1 reviews) **Cons:** - Expensive (1 reviews) - Licensing Issues (1 reviews) - Pricing Issues (1 reviews) ### 8. [Akto API Security Platform](https://www.g2.com/products/akto-api-security-platform/reviews) Akto is a trusted platform for application security and product security teams to build an enterprise-grade API security program throughout their DevSecOps pipeline. Our industry-leading suite of — API discovery, API security posture management, sensitive data exposure, and API security testing solutions enables organizations to gain visibility in their API security posture. 1,000+ Application Security teams globally trust Akto for their API security needs. Akto use cases: 1. API Discovery 2. API Security Testing in CI/CD 3. API Security Posture Management 4. Authentication and Authorization Testing 5. Sensitive data Exposure 6. Shift left in DevSecOps **Average Rating:** 4.5/5.0 **Total Reviews:** 51 **User Satisfaction Scores:** - **Ease of Use:** 8.6/10 (Category avg: 8.2/10) - **Quality of Support:** 9.1/10 (Category avg: 8.9/10) - **Has the product been a good partner in doing business?:** 9.1/10 (Category avg: 9.2/10) - **Ease of Admin:** 8.4/10 (Category avg: 8.5/10) **Seller Details:** - **Seller:** [Akto.io](https://www.g2.com/sellers/akto-io) - **Company Website:** https://www.akto.io - **Year Founded:** 2022 - **HQ Location:** San Francisco, California - **Twitter:** @Aktodotio (1,347 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/akto-io/ (29 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Financial Services, Computer Software - **Company Size:** 46% Mid-Market, 35% Small-Business #### Pros & Cons **Pros:** - Ease of Use (22 reviews) - API Testing (20 reviews) - Automation Testing (19 reviews) - API Management (17 reviews) - Security (17 reviews) **Cons:** - Complex Setup (9 reviews) - Poor Documentation (8 reviews) - API Issues (7 reviews) - Complexity (7 reviews) - Setup Complexity (7 reviews) ### 9. [NowSecure](https://www.g2.com/products/nowsecure/reviews) NowSecure Inc., based in Oak Park, Illinois, was formed in 2009 with a mission to advance mobile security worldwide. We help secure mobile devices, enterprises and mobile apps. **Average Rating:** 4.6/5.0 **Total Reviews:** 27 **User Satisfaction Scores:** - **Ease of Use:** 8.2/10 (Category avg: 8.2/10) - **Quality of Support:** 9.7/10 (Category avg: 8.9/10) - **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10) - **Ease of Admin:** 9.0/10 (Category avg: 8.5/10) **Seller Details:** - **Seller:** [NowSecure](https://www.g2.com/sellers/nowsecure) - **Year Founded:** 2009 - **HQ Location:** Chicago, Illinois - **Twitter:** @nowsecuremobile (6,388 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/nowsecure (104 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 41% Mid-Market, 37% Enterprise ### 10. [GuardRails](https://www.g2.com/products/guardrails-guardrails/reviews) GuardRails is an end-to-end security platform that makes AppSec easier for both security and development teams. We scan, detect, and provide real-time guidance to fix vulnerabilities early. Trusted by hundreds of teams around the world to build safer apps, GuardRails integrates seamlessly into the developers’ workflow, quietly scans as they code, and shows how to fix security issues on the spot via Just-in-Time training. GuardRails commits to keeping the noise low and only reporting high-impact vulnerabilities that are relevant to your organization. GuardRails helps organizations shift security everywhere and build a strong DevSecOps pipeline, so they can go faster to market without risking security. **Average Rating:** 4.3/5.0 **Total Reviews:** 29 **User Satisfaction Scores:** - **Ease of Use:** 8.3/10 (Category avg: 8.2/10) - **Quality of Support:** 8.5/10 (Category avg: 8.9/10) - **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10) - **Ease of Admin:** 8.7/10 (Category avg: 8.5/10) **Seller Details:** - **Seller:** [GuardRails](https://www.g2.com/sellers/guardrails) - **Year Founded:** 2017 - **HQ Location:** Singapore, Singapore - **Twitter:** @guardrailsio (1,555 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/13599521 (13 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Financial Services - **Company Size:** 52% Small-Business, 48% Mid-Market #### Pros & Cons **Pros:** - Security (13 reviews) - Vulnerability Detection (11 reviews) - Ease of Use (9 reviews) - Error Reduction (9 reviews) - Threat Detection (9 reviews) **Cons:** - Missing Features (4 reviews) - Time Management (3 reviews) - Bug Issues (2 reviews) - Dashboard Issues (2 reviews) - False Positives (2 reviews) ### 11. [PT Application Inspector](https://www.g2.com/products/pt-application-inspector/reviews) PT Application Inspector™ (PT AI™) is a comprehensive source code analysis tool that offers protection for web applications of any scale. Its holistic approach combines the advantages of static, dynamic, and interactive analysis to maintain application security throughout every stage of development—from the very first line of code to the go-live. **Average Rating:** 5.0/5.0 **Total Reviews:** 2 **User Satisfaction Scores:** - **Ease of Use:** 10.0/10 (Category avg: 8.2/10) - **Quality of Support:** 10.0/10 (Category avg: 8.9/10) - **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.2/10) - **Ease of Admin:** 10.0/10 (Category avg: 8.5/10) **Seller Details:** - **Seller:** [Positive Technologies](https://www.g2.com/sellers/positive-technologies) - **HQ Location:** N/A - **Twitter:** @PTsecurity_UK (6 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/positivetechnologies/ (734 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 67% Enterprise, 33% Small-Business ### 12. [Seeker](https://www.g2.com/products/seeker/reviews) Accurate, automated security testing for your web applications. The industrys first IAST solution with active verification and sensitive-data tracking for web-based applications. **Average Rating:** 4.8/5.0 **Total Reviews:** 2 **User Satisfaction Scores:** - **Ease of Use:** 8.3/10 (Category avg: 8.2/10) - **Quality of Support:** 9.2/10 (Category avg: 8.9/10) - **Has the product been a good partner in doing business?:** 8.3/10 (Category avg: 9.2/10) - **Ease of Admin:** 8.3/10 (Category avg: 8.5/10) **Seller Details:** - **Seller:** [Synopsys](https://www.g2.com/sellers/synopsys-53e76f66-bf39-4c28-b0f2-97178ec8ddfd) - **Year Founded:** 1986 - **HQ Location:** Mountain View, CA - **Twitter:** @synopsys (24,249 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/2457/ (28,121 employees on LinkedIn®) - **Ownership:** NASDAQ:SNPS **Reviewer Demographics:** - **Company Size:** 50% Mid-Market, 50% Small-Business ### 13. [ZeroThreat](https://www.g2.com/products/zerothreat/reviews) ZeroThreat is an AI-powered web application and API penetration testing platform designed to identify real, exploitable vulnerabilities, not just surface-level findings. Built for modern engineering teams, it combines Agentic AI pentesting with a high-performance scanning engine to deliver up to 10× faster, deeply validated security testing. Unlike traditional DAST tools that rely on static signatures and generate excessive noise, ZeroThreat executes adaptive, attacker-style workflows that evolve based on application behavior. Its interpreter-driven vulnerability intelligence continuously ingests emerging threats and newly disclosed CVEs, enabling near real-time detection updates and rapid CVE-to-exploit mapping. The platform supports over 100,000 vulnerability checks, including native Nuclei template execution, and extends beyond known issues with zero-day detection through behavioral pattern analysis. It validates every finding through live exploit execution, ensuring only real, impactful vulnerabilities are reported, with clear proof of risk and exposed data. **Average Rating:** 4.8/5.0 **Total Reviews:** 11 **User Satisfaction Scores:** - **Ease of Use:** 8.8/10 (Category avg: 8.2/10) - **Quality of Support:** 9.4/10 (Category avg: 8.9/10) - **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10) - **Ease of Admin:** 8.8/10 (Category avg: 8.5/10) **Seller Details:** - **Seller:** [ZeroThreat](https://www.g2.com/sellers/zerothreat) - **HQ Location:** Delaware, US - **LinkedIn® Page:** https://www.linkedin.com/company/zerothreat (6 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 45% Enterprise, 27% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (9 reviews) - Vulnerability Detection (8 reviews) - Accuracy of Results (7 reviews) - Setup Ease (7 reviews) - Easy Setup (6 reviews) **Cons:** - Inefficient Filtering (3 reviews) - Integration Issues (3 reviews) - Limited Integration (3 reviews) - Slow Performance (3 reviews) - UX Improvement (3 reviews) ### 14. [Staris](https://www.g2.com/products/staris/reviews) Staris is an AI-powered application security validation platform that continuously discovers, proves, and remediates exploitable vulnerabilities in running applications — in hours, not weeks. Traditional security scanners generate thousands of potential vulnerabilities, forcing teams to rely on expensive, slow manual pentesting to determine which ones are actually exploitable. Staris replaces that bottleneck by combining SAST, DAST, and context-rich whitebox testing to validate real attack paths in your running applications, delivering zero false positives with proof of exploitability for every finding. Staris is purpose-built for application security leaders, DevSecOps teams, and engineering organizations that need to move fast without compromising security. The platform ingests your documentation, policies, and source code to understand your unique application context, then continuously tests for vulnerabilities that matter — not hypothetical risks. Key capabilities: Proves exploitable vulnerabilities with evidence, not just flags them Delivers results in ~4 hours vs. the ~40 hours a typical expert requires (40:1 efficiency) Closed-loop AI-driven remediation that fixes issues and verifies the fix Integrates into CI/CD pipelines for continuous security validation Zero false positives — every finding is proven exploitable Staris is ideal for organizations that are tired of triaging thousands of scanner alerts, waiting weeks for pentest results, or shipping code without knowing whether their applications are actually secure. **Average Rating:** 5.0/5.0 **Total Reviews:** 1 **User Satisfaction Scores:** - **Ease of Use:** 8.3/10 (Category avg: 8.2/10) - **Quality of Support:** 10.0/10 (Category avg: 8.9/10) - **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.2/10) - **Ease of Admin:** 8.3/10 (Category avg: 8.5/10) **Seller Details:** - **Seller:** [Staris AI](https://www.g2.com/sellers/staris-ai) - **HQ Location:** N/A - **LinkedIn® Page:** https://www.linkedin.com/company/staris-security/ (2 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 100% Small-Business ### 15. [Data Theorem](https://www.g2.com/products/data-theorem-data-theorem/reviews) RamQuest’s solutions include our fully integrated closing, escrow accounting, imaging, transaction management, esigning, and digital marketplace solutions and are available on-premise or in a hosted environment **Average Rating:** 4.0/5.0 **Total Reviews:** 1 **Seller Details:** - **Seller:** [Data Theorem](https://www.g2.com/sellers/data-theorem) - **Year Founded:** 2013 - **HQ Location:** Palo Alto, California, United States - **LinkedIn® Page:** https://www.linkedin.com/company/datatheorem/ (94 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 100% Enterprise ### 16. [esChecker MAST (SAST, DAST & IAST)](https://www.g2.com/products/eschecker-mast-sast-dast-iast/reviews) esChecker combines many years of penetration testing experience with a unique dynamic engine simulating attack techniques, such as reverse-engineering or code tampering. No source code is needed, only the app binary (Android apk or iOS ipa). esChecker provides immediate feedback about the way your app reacts against many hacking techniques. You can now spare your pentest budget for in-depth vulnerability analyses. **Average Rating:** 4.3/5.0 **Total Reviews:** 2 **User Satisfaction Scores:** - **Ease of Use:** 10.0/10 (Category avg: 8.2/10) - **Quality of Support:** 10.0/10 (Category avg: 8.9/10) **Seller Details:** - **Seller:** [eShard](https://www.g2.com/sellers/eshard) - **Year Founded:** 2015 - **HQ Location:** Pessac, FR - **LinkedIn® Page:** https://www.linkedin.com/company/eshard (47 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 100% Small-Business ### 17. [Hexway ASOC](https://www.g2.com/products/hexway-asoc/reviews) Universal DevSecOps platform to simplify vulnerability management. Assess, analyze, and assign vulnerabilities, ensuring a secure and controlled environment. **Seller Details:** - **Seller:** [Hexway](https://www.g2.com/sellers/hexway) - **HQ Location:** N/A - **LinkedIn® Page:** https://www.linkedin.com/company/hexway (2 employees on LinkedIn®) ### 18. [Quokka Q-mast](https://www.g2.com/products/quokka-q-mast/reviews) Designed for app development, Q-mast embeds security directly into your workflow to identify security, privacy, and compliance risks before the mobile app is released. With a design tailored for DevSecOps workflows, Q-mast supports continuous, automated security testing that aligns with tools like Jenkins, GitLab, and GitHub. Q-mast capabilities: • Automated scanning in minutes, no source code needed • Analysis of compiled app binary, regardless of in-app or run-time obfuscations • Precise SBOM generation and analysis for vulnerability reporting to specific library version, including embedded libraries • Comprehensive static (SAST), dynamic (DAST), interactive (IAST), and forced-path execution app analysis • Malicious behavior profiling, including app collusion • Checks against privacy & security standards: NIAP, NIST, MASVS **Seller Details:** - **Seller:** [Quokka (formerly Kryptowire)](https://www.g2.com/sellers/quokka-formerly-kryptowire) - **Year Founded:** 2011 - **HQ Location:** San Jose, US - **LinkedIn® Page:** https://www.linkedin.com/company/quokka-io/ (53 employees on LinkedIn®) ### 19. [ZeroDay](https://www.g2.com/products/zeroday/reviews) An advanced interactive application security tool identifying vulnerabilities in both self-developed code and open-source dependencies. Seamlessly integrate into CI/CD and can be applied in both application development phase and application deployment phase. **Seller Details:** - **Seller:** [ZeroDay](https://www.g2.com/sellers/zeroday) - **Year Founded:** 2013 - **HQ Location:** London, GB - **LinkedIn® Page:** https://www.linkedin.com/company/zeroday-appsec (4 employees on LinkedIn®) ## Parent Category [DevSecOps Software](https://www.g2.com/categories/devsecops) ## Related Categories - [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast) - [Dynamic Application Security Testing (DAST) Software](https://www.g2.com/categories/dynamic-application-security-testing-dast) - [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis)