# Best Vulnerability Scanner Software - Page 2 *By [Lauren Worth](https://research.g2.com/insights/author/lauren-worth)* Vulnerability scanners continuously monitor applications and networks against an up-to-date database of known vulnerabilities, identifying potential exploits, producing analytical reports on the security state of applications and networks, and providing recommendations to remedy known issues. ### Core Capabilities of Vulnerability Scanner Software To qualify for inclusion in the Vulnerability Scanner category, a product must: - Maintain a database of known vulnerabilities - Continuously scan applications for vulnerabilities - Produce reports analyzing known vulnerabilities and new exploits ### Common Use Cases for Vulnerability Scanner Software Security and IT teams use vulnerability scanners to proactively identify and address weaknesses before they can be exploited. Common use cases include: - Running scheduled and on-demand scans of applications and network infrastructure for known CVEs - Generating prioritized vulnerability reports to guide remediation efforts - Testing application and network security posture as part of ongoing compliance and risk management programs ### How Vulnerability Scanner Software Differs from Other Tools Some vulnerability scanners operate similarly to [dynamic application security testing (DAST)](https://www.g2.com/categories/dynamic-application-security-testing-dast) tools, but the key distinction is that vulnerability scanners test applications and networks against known vulnerability databases rather than mimicking real-world attacks or performing penetration tests. DAST tools simulate attacker behavior to uncover runtime vulnerabilities, while scanners focus on identification and reporting of known weaknesses. ### Insights from G2 on Vulnerability Scanner Software Based on category trends on G2, continuous scanning and comprehensive vulnerability reporting stand out as standout capabilities. Faster identification of critical exposures and improved compliance readiness stand out as primary benefits of adoption. ## How Many Vulnerability Scanner Software Products Does G2 Track? **Total Products under this Category:** 220 ## How Does G2 Rank Vulnerability Scanner Software Products? **Why You Can Trust G2's Software Rankings:** - 30 Analysts and Data Experts - 7,100+ Authentic Reviews - 220+ Products - Unbiased Rankings G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category. ## Which Vulnerability Scanner Software Is Best for Your Use Case? - **Leader:** [Wiz](https://www.g2.com/products/wiz-wiz/reviews) - **Highest Performer:** [BugDazz API Scanner](https://www.g2.com/products/bugdazz-api-scanner/reviews) - **Easiest to Use:** [Wiz](https://www.g2.com/products/wiz-wiz/reviews) - **Top Trending:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews) - **Best Free Software:** [Wiz](https://www.g2.com/products/wiz-wiz/reviews) --- **Sponsored** ### Aikido Security Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido helps teams of any size ship secure software faster, automate protection, and simulate real-world attacks with AI-driven precision. The platform’s proprietary AI cuts noise by 95%, delivers one-click fixes, and saves developers 10+ hours per week. Aikido Intel proactively uncovers vulnerabilities in open source packages before disclosure, helping secure more than 50,000 organizations worldwide, including Revolut, Niantic, Visma, Montblanc, and GoCardless. [Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&secure%5Bad_slot%5D=category_product_list&secure%5Bcategory_id%5D=1423&secure%5Bdisplayable_resource_id%5D=1423&secure%5Bdisplayable_resource_type%5D=Category&secure%5Bmedium%5D=sponsored&secure%5Bplacement_reason%5D=page_category&secure%5Bplacement_resource_ids%5D%5B%5D=1423&secure%5Bprioritized%5D=false&secure%5Bproduct_id%5D=1259627&secure%5Bresource_id%5D=1423&secure%5Bresource_type%5D=Category&secure%5Bsource_type%5D=category_page&secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fvulnerability-scanner%2Fenterprise&secure%5Btoken%5D=1bfac9609eb65116275c357d4a213f1026d2936e69c4fd38ba21ed3e15366841&secure%5Burl%5D=https%3A%2F%2Faikido.dev%2F%3Futm_source%3Dg2%26utm_campaign%3Dg2_promoted_listing%26utm_medium%3Dcpc&secure%5Burl_type%5D=custom_url) --- ## What Are the Top-Rated Vulnerability Scanner Software Products in 2026? ### 1. [InsightVM (Nexpose)](https://www.g2.com/products/insightvm-nexpose/reviews) InsightVM is Rapid7’s vulnerability risk management offering that advances security through cross-department clarity, a deeper understanding of risk, and measurable progress. By informing and aligning technical teams, security teams can remediate vulnerabilities and build Security into the core of the organization. With InsightVM, security teams can: Gain Clarity Into Risk and Across Teams Better understand the risk in your modern environment so you can work in lockstep with technical teams. Extend Security’s Influence Align traditionally siloed teams and drive impact with the shared view and common language of InsightVM. See Shared Progress Take a proactive approach to security with tracking and metrics that create accountability and recognize progress. **Average Rating:** 4.4/5.0 **Total Reviews:** 69 **How Do G2 Users Rate InsightVM (Nexpose)?** - **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10) - **Detection Rate:** 8.8/10 (Category avg: 8.9/10) - **Automated Scans:** 9.4/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.4/10 (Category avg: 8.4/10) **Who Is the Company Behind InsightVM (Nexpose)?** - **Seller:** [Rapid7](https://www.g2.com/sellers/rapid7) - **Year Founded:** 2000 - **HQ Location:** Boston, MA - **Twitter:** @rapid7 (124,244 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/39624/ (3,275 employees on LinkedIn®) - **Ownership:** NASDAQ:RPD **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 51% Enterprise, 32% Mid-Market #### What Are InsightVM (Nexpose)'s Pros and Cons? **Pros:** - Automation (4 reviews) - Vulnerability Identification (4 reviews) - Asset Management (3 reviews) - Features (3 reviews) - Prioritization (3 reviews) **Cons:** - Complexity (3 reviews) - Performance Issues (2 reviews) - Resource Limitations (2 reviews) - Resource Management (2 reviews) - Time-Consuming (2 reviews) ### 2. [Saner CVEM](https://www.g2.com/products/saner-cvem/reviews) SecPod SanerCyberhygiene platform is a continuous vulnerability and exposure management solution built for the modern IT security landscape. IT and Security teams of small, mid-size, and large enterprises use the Saner platform to go beyond traditional vulnerability management practices and get complete visibility and control over the organization’s attack surface. The platform works on a single light-weight multifunctional agent and is hosted on the cloud. Saner is powered by its homegrown, world’s largest SCAP feed with over 190,000+ vulnerability checks. SanerNow allows you to manage multiple use-cases as below from a single console without traversing across a maze of tools. • Run the fastest scans to discover IT assets, vulnerabilities, misconfigurations, and other security risk exposures • Remediate vulnerabilities on time with integrated patching • Adhere with industry compliance benchmarks like HIPAA, PCI, ISO, and NIST • Fix misconfigurations and harden systems • Automate end-to-end tasks and make the process simple and hassle-free **Average Rating:** 4.5/5.0 **Total Reviews:** 72 **How Do G2 Users Rate Saner CVEM?** - **Has the product been a good partner in doing business?:** 9.1/10 (Category avg: 9.2/10) - **Detection Rate:** 8.9/10 (Category avg: 8.9/10) - **Automated Scans:** 9.2/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 9.1/10 (Category avg: 8.4/10) **Who Is the Company Behind Saner CVEM?** - **Seller:** [SecPod](https://www.g2.com/sellers/secpod-b11d8014-d8ec-46e7-9e81-c0d14919fbfc) - **Company Website:** https://www.secpod.com/ - **Year Founded:** 2008 - **HQ Location:** Redwood City, California - **Twitter:** @secpod (542 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/secpod-technologies/ (171 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 41% Small-Business, 38% Mid-Market #### What Are Saner CVEM's Pros and Cons? **Pros:** - Security (14 reviews) - Features (12 reviews) - Ease of Use (10 reviews) - Customer Support (9 reviews) - Compliance Management (8 reviews) **Cons:** - Integration Issues (5 reviews) - Expensive (4 reviews) - Limited Features (4 reviews) - Slow Performance (4 reviews) - Slow Scanning (4 reviews) ### 3. [BugDazz API Scanner](https://www.g2.com/products/bugdazz-api-scanner/reviews) BugDazz API Security Scanner by SecureLayer7 is a comprehensive tool designed to automatically detect vulnerabilities, misconfigurations, and security gaps in API endpoints, aiding security teams in protecting digital assets against increasing API-related threats and potential exploits. It offers real-time scanning capabilities, enabling the automatic detection of vulnerabilities as they arise. It supports authentication and access control management, allowing for the management of API controls within a single platform. BugDazz assists in achieving compliance by accelerating the generation of reports for standards such as PCI DSS and HIPAA. It integrates seamlessly with existing CI/CD pipelines, facilitating the acceleration of product rollouts. The scanner goes beyond standard OWASP Top 10 vulnerabilities, providing comprehensive protection against critical API security risks. **Average Rating:** 4.9/5.0 **Total Reviews:** 11 **How Do G2 Users Rate BugDazz API Scanner?** - **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.2/10) - **Detection Rate:** 9.8/10 (Category avg: 8.9/10) - **Automated Scans:** 9.5/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 9.3/10 (Category avg: 8.4/10) **Who Is the Company Behind BugDazz API Scanner?** - **Seller:** [SecureLayer7](https://www.g2.com/sellers/securelayer7) - **Year Founded:** 2012 - **HQ Location:** Pune, Maharshtra - **Twitter:** @SecureLayer7 (2,512 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/securelayer7/ (121 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 91% Small-Business, 9% Mid-Market #### What Are BugDazz API Scanner's Pros and Cons? **Pros:** - Accuracy of Results (4 reviews) - CD Integration (4 reviews) - CI (4 reviews) - Ease of Use (4 reviews) - Scanning Technology (4 reviews) **Cons:** - Poor Documentation (2 reviews) - Difficult Learning Curve (1 reviews) - Lack of Guidance (1 reviews) - Lack of Information (1 reviews) - Learning Curve (1 reviews) ### 4. [Jit](https://www.g2.com/products/jit/reviews) Jit is redefining application security by introducing the first Agentic AppSec Platform, seamlessly blending human expertise with AI-driven automation. Designed for modern development teams, Jit empowers organizations to proactively manage security risks across the entire software development lifecycle.​ AI-Powered Agents Jit's AI Agents, such as SERA (Security Evaluation and Remediation Agent) and COTA (Communication, Ops, and Ticketing Agent), collaborate with your teams to automate vulnerability triage, risk assessment, and remediation processes, significantly reducing manual workloads. ​ Comprehensive Security Scanning Achieve full-stack security coverage with integrated scanners for SAST, DAST, SCA, IaC, CSPM, and more. Jit's platform ensures continuous monitoring and immediate feedback on code changes, facilitating rapid identification and resolution of security issues. ​ Developer-Centric Experience With integrations into popular IDEs and CI/CD pipelines, Jit provides developers with contextual security insights directly within their workflows, promoting a shift-left approach without disrupting productivity. ​ Agentic AI for AppSec Teams Risk-Based Prioritization Utilizing the Model Context Protocol (MCP), Jit evaluates vulnerabilities in the context of runtime environments, business impact, and compliance requirements, enabling teams to focus on the most critical risks. ​ Seamless Integrations Jit integrates with a wide array of tools, including GitHub, GitLab, AWS, Azure, GCP, Jira, Slack, and more, ensuring that security processes are embedded within your existing technology stack. ​ **Average Rating:** 4.5/5.0 **Total Reviews:** 43 **How Do G2 Users Rate Jit?** - **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.2/10) - **Detection Rate:** 8.4/10 (Category avg: 8.9/10) - **Automated Scans:** 8.6/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.4/10 (Category avg: 8.4/10) **Who Is the Company Behind Jit?** - **Seller:** [jit](https://www.g2.com/sellers/jit) - **Year Founded:** 2021 - **HQ Location:** Boston, MA - **Twitter:** @jit_io (522 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/jit/ (151 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software, Financial Services - **Company Size:** 44% Mid-Market, 42% Small-Business #### What Are Jit's Pros and Cons? **Pros:** - Security (10 reviews) - Easy Integrations (8 reviews) - Ease of Use (7 reviews) - Efficiency (7 reviews) - Integration Support (7 reviews) **Cons:** - Integration Issues (4 reviews) - Limited Features (4 reviews) - Limited Integration (4 reviews) - Poor Documentation (4 reviews) - Complexity (3 reviews) ### 5. [Feroot Security](https://www.g2.com/products/feroot-security/reviews) The Feroot AI Platform brings intelligent automation to ensure compliant and secure user experiences across web and mobile applications—eliminating manual processes, reducing human error, and replacing operational overhead with continuous, real-time protection. Instead of spending months manually auditing websites and mobile applications, organizations can achieve security and compliance in as little as 45 seconds. Feroot automates website security and compliance programs to help meet the requirements of PCI DSS 4.0.1, HIPAA (including Rules on the Use of Online Tracking Technologies), CCPA / CPRA, GDPR, CIPA, and more than 50 global laws and industry standards. At the core of the platform are Feroot AI Agents that continuously monitor, detect, and enforce compliance across client-side environments. They identify and stop hidden threats such as Magecart attacks, formjacking, unauthorized tracking, data leakage, and malicious third-party scripts before they can compromise sensitive data. Feroot is purpose-built to protect high-value web assets including payment pages, login forms, healthcare portals, and other sensitive workflows where customer and patient data is most at risk. The unified platform integrates critical web security and compliance capabilities into a single solution, including: • JavaScript behavior analysis • Web compliance scanning • Third-party script monitoring • Consent audit and policy enforcement • Data privacy posture management By combining security monitoring with automated compliance enforcement, Feroot provides complete visibility and control over client-side risk without adding complexity. From Fortune 500 enterprises to healthcare providers, retailers, SaaS platforms, universities, utilities, municipalities, travel companies, gaming platforms, and payment service providers, organizations of all sizes trust Feroot to safeguard sensitive customer data and maintain regulatory compliance in an increasingly complex digital landscape. Feroot AI solutions include: • PaymentGuard AI – Protects payment workflows and PCI-scoped environments • HealthData Shield AI – Secures patient data and healthcare portals • AlphaPrivacy AI – Ensures data privacy compliance and user consent enforcement • CodeGuard AI – Monitors and protects client-side code integrity and behavior Visit https://www.feroot.com for more information. **Average Rating:** 4.9/5.0 **Total Reviews:** 27 **How Do G2 Users Rate Feroot Security?** - **Has the product been a good partner in doing business?:** 9.8/10 (Category avg: 9.2/10) - **Detection Rate:** 9.2/10 (Category avg: 8.9/10) - **Automated Scans:** 9.4/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.9/10 (Category avg: 8.4/10) **Who Is the Company Behind Feroot Security?** - **Seller:** [Feroot Security](https://www.g2.com/sellers/feroot-security) - **Company Website:** https://www.feroot.com - **Year Founded:** 2017 - **HQ Location:** Toronto, Ontario, Canada - **LinkedIn® Page:** http://www.linkedin.com/company/feroot (45 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 52% Enterprise, 26% Mid-Market #### What Are Feroot Security's Pros and Cons? **Pros:** - Customer Support (14 reviews) - Ease of Use (9 reviews) - Security (9 reviews) - Helpful (7 reviews) - Easy Integrations (6 reviews) **Cons:** - Poor Interface Design (4 reviews) - Complexity (3 reviews) - Not Intuitive (3 reviews) - Complex Setup (2 reviews) - Difficult Setup (2 reviews) ### 6. [Gearset DevOps](https://www.g2.com/products/gearset-devops/reviews) Gearset is the global leader in Salesforce DevOps. It’s a DevOps platform that helps organizations manage, automate, and govern the full Salesforce development lifecycle, from planning and deployment to testing, data management, and compliance. The platform is designed for Salesforce teams that need reliable, scalable DevOps processes across complex org environments. Gearset is used by mid-market and enterprise organizations across regulated and non-regulated industries, including healthcare, financial services, insurance, and technology. Typical users include Salesforce administrators, developers, DevOps engineers, release managers, and platform owners responsible for maintaining deployment quality, security, and operational consistency. The platform supports a wide range of Salesforce use cases, including metadata and CPQ deployments, CI/CD automation, code review workflows, sandbox seeding, test automation, and monitoring. As well as deployment automation, Gearset includes tools for Salesforce data protection and long-term data management, such as automated backups, data restore, and archiving. Observability and Org Intelligence features provide insight into org health, deployment risk, and system changes over time. Gearset also includes governance and compliance capabilities designed for enterprise environments. These features help teams maintain audit readiness and enforce access controls while supporting compliance frameworks such as SOX, ISO, HIPAA, and GDPR. The platform is delivered as a managed service and integrates with Salesforce environments without requiring complex local infrastructure. Key features and capabilities include: - Salesforce metadata, CPQ, and data deployments with CI/CD automation and version control integration - Code review, test automation, and release validation to support quality and consistency - Automated Salesforce backups, restore, and data archiving for data protection and retention - Sandbox seeding, observability, and Org Intelligence to support environment management and visibility - Governance features including audit trails, role-based access controls, and compliance support Gearset is a Salesforce Partner and has supported Salesforce teams globally since 2015. The platform is used by organizations managing multiple orgs (across regions), frequent releases, and complex compliance requirements, helping teams reduce deployment risk, improve operational visibility, and maintain control over Salesforce change management processes. **Average Rating:** 4.7/5.0 **Total Reviews:** 279 **How Do G2 Users Rate Gearset DevOps?** - **Has the product been a good partner in doing business?:** 9.5/10 (Category avg: 9.2/10) - **Detection Rate:** 7.5/10 (Category avg: 8.9/10) - **Automated Scans:** 8.9/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.3/10 (Category avg: 8.4/10) **Who Is the Company Behind Gearset DevOps?** - **Seller:** [Gearset](https://www.g2.com/sellers/gearset) - **Company Website:** https://www.gearset.com - **Year Founded:** 2015 - **HQ Location:** Cambridge, Cambridgeshire - **Twitter:** @GearsetHQ (1,192 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/10478150/ (359 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** Salesforce Developer, Salesforce Administrator - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 36% Mid-Market, 34% Small-Business #### What Are Gearset DevOps's Pros and Cons? **Pros:** - Ease of Use (25 reviews) - Deployment (21 reviews) - Easy Deployment (17 reviews) - Customer Support (16 reviews) - Deployment Ease (15 reviews) **Cons:** - Deployment Issues (6 reviews) - Complexity (4 reviews) - Data Management (4 reviews) - Expensive (4 reviews) - Missing Features (4 reviews) ### 7. [Armor Agent](https://www.g2.com/products/armor-agent/reviews) Armor Agent protects Windows and Linux servers wherever they run, in public cloud, private cloud, or on-premises environments, with a single, lightweight agent that installs with one line of code. The agent combines malware protection, intrusion prevention (IDS/IPS), file integrity monitoring, vulnerability scanning, patch monitoring, and behavioral threat detection into one deployment. Rather than stitching together multiple point tools, Armor Agent consolidates core workload security into a unified agent managed through the Armor platform. Armor Agent is available in two tiers. The Free Tier covers up to 5 endpoints at no cost, with full malware and intrusion defense, vulnerability scanning, patch monitoring, and file integrity monitoring included. The Premium Tier adds security alerts, log search, threat intelligence, threat hunting, dedicated support, and 24×7 SOC monitoring at $99/month per endpoint with no endpoint limit. Both tiers support compliance requirements for HIPAA, PCI DSS, HITRUST, and ISO frameworks. Get started with the Free Tier at https://www.armor.com/free/armor-agent **Average Rating:** 4.8/5.0 **Total Reviews:** 12 **How Do G2 Users Rate Armor Agent?** - **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.2/10) - **Detection Rate:** 9.2/10 (Category avg: 8.9/10) - **Automated Scans:** 9.0/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 10.0/10 (Category avg: 8.4/10) **Who Is the Company Behind Armor Agent?** - **Seller:** [Armor](https://www.g2.com/sellers/armor) - **Year Founded:** 2009 - **HQ Location:** Plano, Texas - **Twitter:** @Armor (9,751 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/333863/ (204 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 83% Small-Business, 17% Mid-Market ### 8. [Fortra VM](https://www.g2.com/products/fortra-vm/reviews) Fortra VM is a proactive, risk-based vulnerability management solution that helps organizations identify, assess, and prioritize security weaknesses across their infrastructure. Beyond basic scanning, Fortra VM provides contextual risk prioritization through its Security GPA rating system, Peer Insight for industry benchmarking, and threat ranking to identify exploitation vectors that are used in real world attacks. Conveniently delivered via SAAS, Fortra VM creates easily understood reporting for efficient and effective remediation. **Average Rating:** 4.3/5.0 **Total Reviews:** 67 **How Do G2 Users Rate Fortra VM?** - **Has the product been a good partner in doing business?:** 9.1/10 (Category avg: 9.2/10) - **Detection Rate:** 8.5/10 (Category avg: 8.9/10) - **Automated Scans:** 9.2/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.2/10 (Category avg: 8.4/10) **Who Is the Company Behind Fortra VM?** - **Seller:** [Fortra](https://www.g2.com/sellers/fortra) - **Year Founded:** 1982 - **HQ Location:** Eden Prairie, Minnesota - **Twitter:** @fortraofficial (2,766 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/fortra (1,738 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Financial Services, Banking - **Company Size:** 45% Mid-Market, 35% Small-Business #### What Are Fortra VM's Pros and Cons? **Pros:** - Reliability (2 reviews) - Customer Support (1 reviews) - Data Security (1 reviews) - Ease of Use (1 reviews) - Incident Management (1 reviews) ### 9. [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) Invicti is an automated application and API security testing solution that allows enterprise organizations to secure thousands of websites, web apps, and APIs and dramatically reduce the risk of attack. By empowering security teams with the most unique DAST + IAST scanning capabilities on the market, Invicti allows organizations with complicated environments to confidently automate their web application and API security. With Invicti, security teams can: - Automate security tasks and save hundreds of hours each month - Gain complete visibility into all your applications — even those that are lost, forgotten, or hidden - Automatically give developers rapid feedback that trains them to write more secure code — so they create fewer vulnerabilities over time - Feel confident that you are equipped with the most powerful application security scanning tool on the market You have the most demanding security needs, and Invicti is the best-in-class application security solution you deserve. **Average Rating:** 4.6/5.0 **Total Reviews:** 65 **How Do G2 Users Rate Invicti (formerly Netsparker)?** - **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.2/10) - **Detection Rate:** 9.0/10 (Category avg: 8.9/10) - **Automated Scans:** 9.1/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.3/10 (Category avg: 8.4/10) **Who Is the Company Behind Invicti (formerly Netsparker)?** - **Seller:** [Invicti Security](https://www.g2.com/sellers/invicti-security-04cb0d3d-fd96-45b2-83dc-2038fc9dac92) - **Company Website:** https://www.invicti.com/ - **Year Founded:** 2018 - **HQ Location:** Austin, Texas - **Twitter:** @InvictiSecurity (2,561 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/invicti-security/people/ (332 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 46% Enterprise, 28% Mid-Market #### What Are Invicti (formerly Netsparker)'s Pros and Cons? **Pros:** - Ease of Use (9 reviews) - Scanning Technology (7 reviews) - Features (6 reviews) - Reporting Quality (6 reviews) - Vulnerability Detection (6 reviews) **Cons:** - Poor Customer Support (3 reviews) - Slow Performance (3 reviews) - Slow Scanning (3 reviews) - API Issues (2 reviews) - Complex Setup (2 reviews) ### 10. [VulScan](https://www.g2.com/products/vulscan/reviews) Automated Vulnerability Scanning. Affordably Priced For Everyone! With almost 70 new hidden vulnerabilities identified every day, you would need to be a super hero with X-ray vision to find them all. Or, you can let VulScan do it for you. VulScan is purpose-built for MSPs and for IT Departments that handle their own IT security. It has all the features you need for both internal and external vulnerability management, but without all the complexity found in older solutions. Best of all, VulScan is priced so that cost is no longer a barrier to scanning as many assets as you need, as frequently as you want. That’s why our slogan is “Vulnerability Management For The Rest of Us! VulScan is an affordable cloud-based vulnerability management platform. It includes the software needed to spin up an unlimited number of virtual network scanner appliances using Hyper-V or VMWare, and a cloud-based portal to control the scanners and manage the discovered issues. For internal network scanning, the appliances can be installed on any existing computer that has excess capacity on the network, or installed on a dedicated box to be permanently installed. You can add multiple scanners and configure them each to scan separate parts of the network to get even faster results pushed into the same client site dashboard at no additional cost. For external scanning, the appliances are installed on the MSP’s data center or other remote location and “pointed” to the public facing IP addresses of the target network. **Average Rating:** 4.1/5.0 **Total Reviews:** 120 **How Do G2 Users Rate VulScan?** - **Has the product been a good partner in doing business?:** 8.2/10 (Category avg: 9.2/10) - **Detection Rate:** 7.7/10 (Category avg: 8.9/10) - **Automated Scans:** 8.6/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 6.9/10 (Category avg: 8.4/10) **Who Is the Company Behind VulScan?** - **Seller:** [Kaseya](https://www.g2.com/sellers/kaseya) - **Company Website:** https://www.kaseya.com/ - **Year Founded:** 2000 - **HQ Location:** Miami, FL - **Twitter:** @KaseyaCorp (17,428 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/kaseya/ (5,512 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 67% Small-Business, 32% Mid-Market #### What Are VulScan's Pros and Cons? **Pros:** - Ease of Use (42 reviews) - Features (20 reviews) - Reporting (17 reviews) - Reporting Features (17 reviews) - Scanning Efficiency (17 reviews) **Cons:** - Inadequate Reporting (10 reviews) - UX Improvement (10 reviews) - Difficult Setup (8 reviews) - Limited Reporting (8 reviews) - Poor Customer Support (8 reviews) ### 11. [Pentest-Tools.com](https://www.g2.com/products/pentest-tools-com/reviews) Discover what's possible. Prove what's real. With proprietary tech and key experts in offensive security. Pentest-Tools.com is built for actual security testing, not just detection. We provide the coverage, consolidation, and automation cybersecurity teams need to optimize vulnerability assessment workflows. And we ensure the depth, control, and customization on which professional pentesters count to increase engagement quality and profitability. ✔️ Comprehensive toolkit with real-world coverage ✔️ Validated findings rich with evidence ✔️ Automation options with granular control ✔️ Flexible, high-quality reporting ✔️ Workflow-friendly by design Optimize and scale penetration testing and vulnerability assessment workflows - without sacrificing accuracy, control, or manual testing depth. 🎯 Attack surface mapping and recon 🎯 Comprehensive vulnerability scanning 🎯 Vulnerability exploitation 🎯 Customizable pentest reporting and data exports 🎯 Continuous vulnerability monitoring In our company, we build what we use We launched Pentest-Tools.com in 2017 as a team of professional penetration testers - and we've kept that mindset ever since. Our experts still drive product development today, focusing relentlessly on accuracy, speed, and control. Every new feature, detection, and workflow comes from real-world experience. We constantly improve the product with updated attack techniques, smarter automation, and validation that reflects how malicious hackers actually operate - so your team can deliver security work that's faster, more visible, and built on proof. **Average Rating:** 4.8/5.0 **Total Reviews:** 99 **How Do G2 Users Rate Pentest-Tools.com?** - **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10) - **Detection Rate:** 8.5/10 (Category avg: 8.9/10) - **Automated Scans:** 9.2/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 7.6/10 (Category avg: 8.4/10) **Who Is the Company Behind Pentest-Tools.com?** - **Seller:** [Pentest-Tools.com](https://www.g2.com/sellers/pentest-tools-com) - **Year Founded:** 2017 - **HQ Location:** Sectorul 1, Bucharest - **Twitter:** @pentesttoolscom (4,071 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/33242531/ (65 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** CEO - **Top Industries:** Computer & Network Security, Information Technology and Services - **Company Size:** 65% Small-Business, 20% Mid-Market #### What Are Pentest-Tools.com's Pros and Cons? **Pros:** - Ease of Use (6 reviews) - Automation (4 reviews) - Customer Support (4 reviews) - Pentesting Efficiency (4 reviews) - Scheduling (4 reviews) **Cons:** - Difficult Customization (2 reviews) - Limited Features (2 reviews) - Slow Scanning (2 reviews) - Bugs (1 reviews) - Confusing Interface (1 reviews) ### 12. [Google Cloud Security Scanner](https://www.g2.com/products/google-cloud-security-scanner/reviews) Automatically scan your App Engine apps for common vulnerabilities **Average Rating:** 4.1/5.0 **Total Reviews:** 21 **How Do G2 Users Rate Google Cloud Security Scanner?** - **Has the product been a good partner in doing business?:** 7.5/10 (Category avg: 9.2/10) - **Detection Rate:** 7.4/10 (Category avg: 8.9/10) - **Automated Scans:** 8.3/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 7.4/10 (Category avg: 8.4/10) **Who Is the Company Behind Google Cloud Security Scanner?** - **Seller:** [Google](https://www.g2.com/sellers/google) - **Year Founded:** 1998 - **HQ Location:** Mountain View, CA - **Twitter:** @google (31,890,350 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/1441/ (336,169 employees on LinkedIn®) - **Ownership:** NASDAQ:GOOG **Who Uses This Product?** - **Top Industries:** Computer Software - **Company Size:** 41% Mid-Market, 36% Small-Business ### 13. [Semgrep](https://www.g2.com/products/semgrep/reviews) Semgrep is a modern static analysis (SAST), software composition analysis (SCA), and secrets detection platform designed for both developers and security teams. It combines fast, deterministic analysis with context-aware AI that triages findings like a senior security engineer. The AI Assistant helps reduce false positives, prioritize meaningful results, and offers clear remediation guidance. Its “Memories” feature learns from past decisions to further reduce triage noise over time. Semgrep also supports deep analysis of transitive dependencies, not just direct ones, helping teams surface and address hidden risks in their supply chain. It integrates well into modern development workflows and is easy to customize across environments. **Average Rating:** 4.6/5.0 **Total Reviews:** 55 **How Do G2 Users Rate Semgrep?** - **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.2/10) - **Detection Rate:** 8.0/10 (Category avg: 8.9/10) - **Automated Scans:** 9.0/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.0/10 (Category avg: 8.4/10) **Who Is the Company Behind Semgrep?** - **Seller:** [Semgrep](https://www.g2.com/sellers/semgrep) - **Company Website:** https://semgrep.dev - **Year Founded:** 2017 - **HQ Location:** San Francisco, US - **Twitter:** @semgrep (4,304 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/returntocorp (238 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 45% Enterprise, 42% Mid-Market #### What Are Semgrep's Pros and Cons? **Pros:** - Ease of Use (16 reviews) - Features (14 reviews) - Vulnerability Detection (13 reviews) - Scanning Efficiency (12 reviews) - Security (12 reviews) **Cons:** - Not User-Friendly (7 reviews) - Limited Features (6 reviews) - Difficult Learning (5 reviews) - Lack of Guidance (5 reviews) - Learning Curve (5 reviews) ### 14. [Microsoft Defender Vulnerability Management](https://www.g2.com/products/microsoft-defender-vulnerability-management/reviews) Defender Vulnerability Management delivers asset visibility, intelligent assessments, and built-in remediation tools for Windows, macOS, Linux, Android, iOS, and network devices. Leveraging Microsoft threat intelligence, breach likelihood predictions, business contexts, and devices assessments, Defender Vulnerability Management rapidly and continuously prioritizes the biggest vulnerabilities on your most critical assets and provides security recommendations to mitigate risk. Reduce risk with continuous vulnerability assessment, risk-based prioritization, and remediation. Defender Vulnerability Management is available for cloud workloads and endpoints. Defender for Endpoint Plan 2 customers can access advanced vulnerability management capabilities with the Defender Vulnerability Management add-on, now generally available. **Average Rating:** 4.4/5.0 **Total Reviews:** 34 **How Do G2 Users Rate Microsoft Defender Vulnerability Management?** - **Has the product been a good partner in doing business?:** 8.6/10 (Category avg: 9.2/10) - **Detection Rate:** 8.3/10 (Category avg: 8.9/10) - **Automated Scans:** 7.2/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 7.2/10 (Category avg: 8.4/10) **Who Is the Company Behind Microsoft Defender Vulnerability Management?** - **Seller:** [Microsoft](https://www.g2.com/sellers/microsoft) - **Year Founded:** 1975 - **HQ Location:** Redmond, Washington - **Twitter:** @microsoft (13,105,638 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/microsoft/ (227,697 employees on LinkedIn®) - **Ownership:** MSFT **Who Uses This Product?** - **Top Industries:** Computer & Network Security - **Company Size:** 41% Small-Business, 35% Enterprise ### 15. [Tenable Cloud Security](https://www.g2.com/products/tenable-tenable-cloud-security/reviews) Tenable Cloud Security is an actionable cloud security platform that exposes and closes priority security gaps caused by misconfigurations, risky entitlements and vulnerabilities. Organizations use its intuitive UI to unify siloed tools to secure the full cloud stack, achieving end-to-end visibility, prioritization and remediation across infrastructure, workloads, identities, data and AI services. Users can access the extensive knowledgebase of Tenable Research, reducing the risk of breaches with advanced prioritization that understands resource, identity and risk relationships. Tenable uses this context to pinpoint toxic combinations of risk most likely to be exploited. Take action, even if you only have 5 minutes, with guided remediations and code snippets that significantly reduce MTTR. With one click, report on compliance with industry benchmarks and regulatory requirements, e.g. SOC 2, GDPR & HIPAA. TCS is part of Tenable’s AI-powered exposure management platform, Tenable One. **Average Rating:** 4.6/5.0 **Total Reviews:** 37 **How Do G2 Users Rate Tenable Cloud Security?** - **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.2/10) - **Detection Rate:** 9.2/10 (Category avg: 8.9/10) - **Automated Scans:** 7.5/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 7.5/10 (Category avg: 8.4/10) **Who Is the Company Behind Tenable Cloud Security?** - **Seller:** [Tenable](https://www.g2.com/sellers/tenable) - **Company Website:** https://www.tenable.com/ - **HQ Location:** Columbia, MD - **Twitter:** @TenableSecurity (87,700 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/25452/ (2,339 employees on LinkedIn®) - **Ownership:** NASDAQ: TENB **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 57% Mid-Market, 38% Enterprise #### What Are Tenable Cloud Security's Pros and Cons? **Pros:** - Compliance (6 reviews) - Detailed Analysis (6 reviews) - Ease of Use (5 reviews) - Features (5 reviews) - Integrations (5 reviews) **Cons:** - Complex Setup (4 reviews) - Expensive (4 reviews) - Feature Limitations (4 reviews) - Difficult Setup (3 reviews) - Implementation Difficulty (3 reviews) ### 16. [Pynt - API Security Testing](https://www.g2.com/products/pynt-api-security-testing/reviews) Pynt is an innovative API Security Testing platform exposing verified API threats through simulated attacks. Hundreds of companies rely on Pynt to continuously monitor, classify and attack poorly secured APIs, before hackers do. **Average Rating:** 4.8/5.0 **Total Reviews:** 44 **How Do G2 Users Rate Pynt - API Security Testing?** - **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.2/10) - **Detection Rate:** 9.0/10 (Category avg: 8.9/10) - **Automated Scans:** 9.2/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.3/10 (Category avg: 8.4/10) **Who Is the Company Behind Pynt - API Security Testing?** - **Seller:** [Pynt](https://www.g2.com/sellers/pynt) - **Year Founded:** 2022 - **HQ Location:** Tel Aviv, IL - **Twitter:** @pynt_io (363 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/pynt (19 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software, Computer & Network Security - **Company Size:** 57% Small-Business, 23% Enterprise #### What Are Pynt - API Security Testing's Pros and Cons? **Pros:** - Vulnerability Detection (20 reviews) - Security (19 reviews) - API Management (17 reviews) - Easy Integrations (17 reviews) - Automation (15 reviews) **Cons:** - Complex Setup (12 reviews) - Setup Complexity (7 reviews) - Limited Features (4 reviews) - Poor Interface Design (4 reviews) - UX Improvement (4 reviews) ### 17. [ResilientX Security Platform](https://www.g2.com/products/resilientx-security-platform/reviews) ResilientX Unified Exposure Management Platform is the leading platform that unifies Attack Surface Management, Web Application Security Testing, Network Security Testing, Cloud Security Posture Management, and Third-Party Risk Management. **Average Rating:** 5.0/5.0 **Total Reviews:** 17 **How Do G2 Users Rate ResilientX Security Platform?** - **Has the product been a good partner in doing business?:** 9.8/10 (Category avg: 9.2/10) - **Detection Rate:** 10.0/10 (Category avg: 8.9/10) - **Automated Scans:** 10.0/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 9.8/10 (Category avg: 8.4/10) **Who Is the Company Behind ResilientX Security Platform?** - **Seller:** [ResilientX](https://www.g2.com/sellers/resilientx) - **Year Founded:** 2022 - **HQ Location:** London - **Twitter:** @ResilientXcyber (33 Twitter followers) - **LinkedIn® Page:** http://www.linkedin.com/company/resilientx (12 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 47% Mid-Market, 35% Small-Business #### What Are ResilientX Security Platform's Pros and Cons? **Pros:** - Security (8 reviews) - Vulnerability Detection (8 reviews) - Vulnerability Identification (6 reviews) - Customer Support (4 reviews) - Detection (4 reviews) **Cons:** - Complex Setup (1 reviews) - Difficult Customization (1 reviews) - Difficult Initial Setup (1 reviews) - Integration Issues (1 reviews) - Lack of Integration (1 reviews) ### 18. [Beagle Security](https://www.g2.com/products/beagle-security/reviews) Beagle Security helps you identify vulnerabilities in your web applications, APIs, GraphQL and remediate them with actionable insights before hackers harm you in any manner. With Beagle Security, you can integrate automated penetration testing into your CI/CD pipeline to identify security issues earlier in your development lifecycle and ship safer web applications. Major features: - Checks your web apps & APIs for 3000+ test cases to find security loopholes - OWASP & SANS standards - Recommendations to address security issues - Security test complex web apps with login - Compliance reports (GDPR, HIPAA & PCI DSS) - Test scheduling - DevSecOps integrations - API integration - Team access - Integrations with popular tools like Slack, Jira, Asana, Trello & 100+ other tools **Average Rating:** 4.7/5.0 **Total Reviews:** 85 **How Do G2 Users Rate Beagle Security?** - **Has the product been a good partner in doing business?:** 9.5/10 (Category avg: 9.2/10) - **Detection Rate:** 9.2/10 (Category avg: 8.9/10) - **Automated Scans:** 9.5/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.3/10 (Category avg: 8.4/10) **Who Is the Company Behind Beagle Security?** - **Seller:** [Beagle Security](https://www.g2.com/sellers/beagle-security) - **Year Founded:** 2020 - **HQ Location:** San Francisco, US - **Twitter:** @beaglesecure (209 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/beaglesecurity/ (43 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** Director, CEO - **Top Industries:** Marketing and Advertising, Information Technology and Services - **Company Size:** 91% Small-Business, 7% Mid-Market #### What Are Beagle Security's Pros and Cons? **Pros:** - Reporting Quality (1 reviews) - Setup Ease (1 reviews) ### 19. [Qualys VMDR](https://www.g2.com/products/qualys-vmdr/reviews) Qualys VMDR is an all-in-one risk-based vulnerability management solution that quantifies cyber risk. It gives organizations unprecedented insights into their risk posture and provides actionable steps to reduce risk. It also gives cybersecurity and IT teams a shared platform to collaborate, and the power to quickly align and automate no-code workflows to respond to threats with automated remediation and integrations with ITSM solutions such as ServiceNow. **Average Rating:** 4.4/5.0 **Total Reviews:** 164 **How Do G2 Users Rate Qualys VMDR?** - **Has the product been a good partner in doing business?:** 8.6/10 (Category avg: 9.2/10) - **Detection Rate:** 8.5/10 (Category avg: 8.9/10) - **Automated Scans:** 8.6/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.4/10 (Category avg: 8.4/10) **Who Is the Company Behind Qualys VMDR?** - **Seller:** [Qualys](https://www.g2.com/sellers/qualys) - **Year Founded:** 1999 - **HQ Location:** Foster City, CA - **Twitter:** @qualys (34,195 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/8561/ (3,564 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** Security Engineer - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 51% Enterprise, 28% Mid-Market #### What Are Qualys VMDR's Pros and Cons? **Pros:** - Customer Support (2 reviews) - Features (2 reviews) - Vulnerability Detection (2 reviews) - Vulnerability Identification (2 reviews) - Alerting System (1 reviews) **Cons:** - Complexity (2 reviews) - Complex Reporting (1 reviews) - Complex Setup (1 reviews) - Difficult Learning (1 reviews) - Feature Complexity (1 reviews) ### 20. [Mend.io](https://www.g2.com/products/mend-io/reviews) Modern risk doesn't live in one layer, it lives between them. Mend.io is built for every risk, across AI and AppSec, securing the code layer, the AI layer, and the interactions between them. From discovery and red teaming to guardrails and runtime protection, Mend.io delivers continuous protection across the entire AI application lifecycle. Mend.io solutions include: 1. Mend AI secures the layer where modern risk actually lives—the interaction between code and AI. It continuously discovers AI components (agents, prompts, models), tests real behavioral risk through automated red teaming, and enforces in-app runtime guardrails for one continuous control system for the AI lifecycle. 2. Mend AppSec secures the modern code layer by continuously discovering and prioritizing risk across code, libraries, containers, and dependencies, giving teams the clarity they need to reduce exposure and ship secure software faster. 3. Mend Renovate secures the foundation of every codebase by automatically updating dependencies, rating the likelihood each update will succeed without breaking changes, and grouping them by confidence level so teams can resolve them faster. **Average Rating:** 4.3/5.0 **Total Reviews:** 105 **How Do G2 Users Rate Mend.io?** - **Has the product been a good partner in doing business?:** 8.8/10 (Category avg: 9.2/10) **Who Is the Company Behind Mend.io?** - **Seller:** [Mend](https://www.g2.com/sellers/mend-ab79a83a-6747-4682-8072-a3c176489d0b) - **Company Website:** https://mend.io - **Year Founded:** 2011 - **HQ Location:** Boston, Massachusetts - **Twitter:** @Mend_io (11,300 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/2440656/ (258 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** Software Engineer - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 38% Small-Business, 34% Mid-Market #### What Are Mend.io's Pros and Cons? **Pros:** - Scanning Efficiency (8 reviews) - Ease of Use (7 reviews) - Easy Integrations (6 reviews) - Scanning Technology (6 reviews) - Vulnerability Detection (6 reviews) **Cons:** - Integration Issues (6 reviews) - Limited Features (3 reviews) - Missing Features (3 reviews) - Complex Implementation (2 reviews) - Confusing Interface (2 reviews) ### 21. [APPCHECK](https://www.g2.com/products/appcheck/reviews) AppCheck is a Dynamic Application Security Testing (DAST) and network vulnerability testing solution, developed and supported by experienced penetration testers. We approach security testing as a hacker would, leveraging multiple proprietary crawling engines to analyse target behaviour across both modern and traditional technologies, including Single Page Applications (SPAs), APIs, and complex authentication flows such as SSO, 2FA, and TOTP. Organisations can conduct unlimited security assessments across Web Applications, SPAs, APIs, cloud services, networks, across internal or external assets. Supporting production and UAT testing, AppCheck also helps organisations ‘shift left’ by integrating with CI/CD pipelines and build servers, including ADO, GitHub, Jenkins, TeamCity, CircleCI, TravisCI, Bamboo, and GitLab CI/CD. Allowing automated security testing throughout development, identifying risks as soon as changes are introduced. AppCheck are proud to be part of the CVE Numbering Authority (CNA), contributing to global security research **Average Rating:** 4.6/5.0 **Total Reviews:** 67 **How Do G2 Users Rate APPCHECK?** - **Has the product been a good partner in doing business?:** 9.5/10 (Category avg: 9.2/10) - **Detection Rate:** 9.2/10 (Category avg: 8.9/10) - **Automated Scans:** 9.5/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.8/10 (Category avg: 8.4/10) **Who Is the Company Behind APPCHECK?** - **Seller:** [APPCHECK](https://www.g2.com/sellers/appcheck) - **Company Website:** https://www.appcheck-ng.com - **Year Founded:** 2014 - **HQ Location:** Leeds, GB - **Twitter:** @AppcheckNG (648 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/appcheck-ng-ltd/ (99 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 49% Mid-Market, 30% Small-Business #### What Are APPCHECK's Pros and Cons? **Pros:** - Vulnerability Detection (7 reviews) - Ease of Use (6 reviews) - Features (5 reviews) - Pentesting Efficiency (5 reviews) - Automated Scanning (4 reviews) **Cons:** - Poor Customer Support (2 reviews) - UX Improvement (2 reviews) - API Issues (1 reviews) - Difficult Customization (1 reviews) - Difficult Learning Curve (1 reviews) ### 22. [Semperis Directory Services Protector](https://www.g2.com/products/semperis-directory-services-protector/reviews) Semperis Directory Services Protector puts Active Directory security and identity threat detection and response on autopilot with continuous AD threat monitoring, real-time alerts, and autonomous remediation capabilities. DSP helps you respond more effectively to Active Directory security incidents and everyday operational mistakes. It provides a complete picture of risk exposure in hybrid environments and provides backup and recovery of critical Entra ID resources **Average Rating:** 4.8/5.0 **Total Reviews:** 25 **How Do G2 Users Rate Semperis Directory Services Protector?** - **Has the product been a good partner in doing business?:** 9.7/10 (Category avg: 9.2/10) - **Detection Rate:** 7.7/10 (Category avg: 8.9/10) - **Automated Scans:** 8.1/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.1/10 (Category avg: 8.4/10) **Who Is the Company Behind Semperis Directory Services Protector?** - **Seller:** [Semperis](https://www.g2.com/sellers/semperis) - **Company Website:** https://www.semperis.com - **Year Founded:** 2015 - **HQ Location:** Hoboken, New Jersey - **Twitter:** @SemperisTech (10,095 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/semperis/ (658 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 80% Enterprise, 20% Mid-Market #### What Are Semperis Directory Services Protector's Pros and Cons? **Pros:** - Ease of Use (8 reviews) - Security (7 reviews) - Features (6 reviews) - Customer Support (5 reviews) - Automation (4 reviews) **Cons:** - Communication Issues (2 reviews) - Data Inconsistency (2 reviews) - Lack of Information (2 reviews) - Limited Reporting (2 reviews) - Poor Customer Support (2 reviews) ### 23. [Aqua Security](https://www.g2.com/products/aqua-security/reviews) Aqua Security sees and stops attacks across the entire cloud native application lifecycle in a single, integrated platform. From software supply chain security for developers to cloud security and runtime protection for security teams, Aqua helps customers reduce risk while building the future of their businesses. The Aqua Platform is the industry’s most comprehensive Cloud Native Application Protection Platform (CNAPP). Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries. **Average Rating:** 4.2/5.0 **Total Reviews:** 57 **How Do G2 Users Rate Aqua Security?** - **Has the product been a good partner in doing business?:** 8.5/10 (Category avg: 9.2/10) - **Detection Rate:** 7.7/10 (Category avg: 8.9/10) - **Automated Scans:** 8.3/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 6.8/10 (Category avg: 8.4/10) **Who Is the Company Behind Aqua Security?** - **Seller:** [Aqua Security Software Ltd](https://www.g2.com/sellers/aqua-security-software-ltd) - **Year Founded:** 2015 - **HQ Location:** Burlington, US - **Twitter:** @AquaSecTeam (7,685 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/aquasecteam/ (499 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software, Financial Services - **Company Size:** 56% Enterprise, 39% Mid-Market #### What Are Aqua Security's Pros and Cons? **Pros:** - Security (19 reviews) - Ease of Use (18 reviews) - Features (12 reviews) - Detection (10 reviews) - Vulnerability Identification (9 reviews) **Cons:** - Missing Features (9 reviews) - Lack of Features (6 reviews) - Limited Features (6 reviews) - Difficult Navigation (4 reviews) - Improvement Needed (4 reviews) ### 24. [LevelBlue USM Anywhere](https://www.g2.com/products/levelblue-usm-anywhere/reviews) LevelBlue USM Anywhere is a cloud-based security management solution that accelerates and centralizes threat detection, incident response, and compliance management for your cloud, hybrid cloud, and on-premises environments. USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physical IT infrastructure. With USM Anywhere, you can rapidly deploy sensors into your cloud and on-premises environments while centrally managing data collection, security analysis, and threat detection from the AlienVault Secure Cloud. Five Essential Security Capabilities in a Single SaaS Platform AlienVault USM Anywhere provides five essential security capabilities in a single SaaS solution, giving you everything you need for threat detection, incident response, and compliance management—all in a single pane of glass. With USM Anywhere, you can focus on finding and responding to threats, not managing software. An elastic, cloud-based security solution, USM Anywhere can readily scale to meet your threat detection needs as your hybrid cloud environment changes and grows. 1. Asset Discovery 2. Vulnerability Assessment 3. Intrusion Detection 4. Behavioral Monitoring 5. SIEM **Average Rating:** 4.4/5.0 **Total Reviews:** 102 **How Do G2 Users Rate LevelBlue USM Anywhere?** - **Has the product been a good partner in doing business?:** 8.6/10 (Category avg: 9.2/10) - **Detection Rate:** 9.2/10 (Category avg: 8.9/10) - **Automated Scans:** 9.2/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.6/10 (Category avg: 8.4/10) **Who Is the Company Behind LevelBlue USM Anywhere?** - **Seller:** [LevelBlue](https://www.g2.com/sellers/levelblue-49a2e3c1-ca90-4308-b899-08973f657bae) - **HQ Location:** Dallas, Texas, United States - **LinkedIn® Page:** https://www.linkedin.com/company/levelbluecyber/ (638 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Financial Services - **Company Size:** 62% Mid-Market, 20% Small-Business ### 25. [Kiuwan Code Security & Insights](https://www.g2.com/products/kiuwan-code-security-insights/reviews) Fast, Flexible Code Security! Kiuwan is a robust, end-to-end application security platform that integrates seamlessly into your development process. Our toolset includes Static Application Security Testing (SAST), Software Composition Analysis (SCA), Software Governance and Code Quality, empowering your team to quickly identify and remediate vulnerabilities. By integrating seamlessly into your CI/CD pipeline, Kiuwan enables early detection and remediation of security issues. Kiuwan supports strict compliance with industry standards including OWASP, CWE, MISRA, NIST, PCI DSS, and CERT, among others. Top features: ✅ Extensive language support: Over 30 programming languages. ✅ Detailed action plans: Prioritize remediation with tailored action plans. ✅ Code Security: Seamless Static Application Security Testing (SAST) integration. ✅ Insights: On-demand or continuous scanning Software Composition Analysis (SCA) to help reduce third-party threats. ✅ One-click Software Bill of Materials (SBOM) generation. Kiuwan is now part of Sembi - a global portfolio of market-leading software brands focused on software quality, security, and developer productivity. Code Smarter. Secure Faster. Ship Sooner **Average Rating:** 4.5/5.0 **Total Reviews:** 29 **How Do G2 Users Rate Kiuwan Code Security & Insights?** - **Has the product been a good partner in doing business?:** 8.9/10 (Category avg: 9.2/10) - **Detection Rate:** 8.5/10 (Category avg: 8.9/10) - **Automated Scans:** 8.6/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 6.5/10 (Category avg: 8.4/10) **Who Is the Company Behind Kiuwan Code Security & Insights?** - **Seller:** [Idera, Inc.](https://www.g2.com/sellers/idera-inc-6c9eda01-43cf-4bd5-b70c-70f59610d9a0) - **Year Founded:** 1999 - **HQ Location:** Houston, TX - **Twitter:** @MigrationWiz (483 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/bittitan (69 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Banking - **Company Size:** 41% Enterprise, 35% Mid-Market #### What Are Kiuwan Code Security & Insights's Pros and Cons? **Pros:** - Accuracy (2 reviews) - Accuracy of Findings (2 reviews) - Customer Support (2 reviews) - Ease of Use (2 reviews) - Automation Testing (1 reviews) ## What Is Vulnerability Scanner Software? [DevSecOps Software](https://www.g2.com/categories/devsecops) ## What Software Categories Are Similar to Vulnerability Scanner Software? - [Website Security Software](https://www.g2.com/categories/website-security) - [Penetration Testing Tools](https://www.g2.com/categories/penetration-testing-tools) - [Dynamic Application Security Testing (DAST) Software](https://www.g2.com/categories/dynamic-application-security-testing-dast) - [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis) - [Risk-Based Vulnerability Management Software](https://www.g2.com/categories/risk-based-vulnerability-management) - [Cloud Security Posture Management (CSPM) Software](https://www.g2.com/categories/cloud-security-posture-management-cspm) - [ Attack Surface Management Software](https://www.g2.com/categories/attack-surface-management) --- ## How Do You Choose the Right Vulnerability Scanner Software? ### What You Should Know About Vulnerability Scanner Software ### What is Vulnerability Scanner Software? Vulnerability scanners are used to examine applications, networks, and environments for security flaws and misconfigurations. These tools run a variety of dynamic security tests to identify security threats along an application or network’s attack surface. Scans can be used for anything from an application penetration test to a compliance scan. Depending on the specific objectives a user has, they can customize the vulnerability scanner to test for specific issues or requirements. Companies can configure these tests to their unique environment. Companies that handle lots of personal or financial data may scan to ensure every transaction or datastore is encrypted from the public. They could also test their web applications against specific threats like SQL injection or cross-site scripting (XSS) attacks. The highly-customizable nature of vulnerability scanners provides users with tailor-made solutions for application and network security examination. Many of these tools offer continuous scanning and testing for nonstop protection and monitoring. Whatever administrators set as a priority will be tested periodically and inform employees of issues or incidents. Continuous monitoring makes it much easier to discover vulnerabilities before they become an issue and drastically reduce the amount of time a vulnerability takes to remediate. Key Benefits of Vulnerability Scanner Software - Scan networks and applications for security flaws - Diagnose, track, and remediate vulnerabilities - Identify and resolve misconfigurations - Perform ad hoc security tests ### Why Use Vulnerability Scanner Software? Applications and networks are only beneficial to a business if they operate smoothly and securely. Vulnerability scanners are a useful tool to view internal systems and applications from the perspective of the attacker. These tools allow for dynamic testing while applications operate. This helps security teams take a step beyond patches and code analysis to evaluate security posture while the application, network, or instance actually runs. **Application security—** Cloud, web, and desktop applications all require security, but operate differently. While many vulnerability scanners support testing for all kinds of applications, vulnerability scanners often support a few application types, but not others. Still, they will all examine the application itself, as well as the paths a user needs to access it. For example, if a vulnerability scanner is used on a web application, the tool will take into account the various attack vectors a hacker might take. This includes a site’s navigation, regional access, privileges, and other factors decided by the user. From there, the scanner will output reports on specific vulnerabilities, compliance issues, and other operational flaws. **Networks —** While software applications are often the most obvious use cases for vulnerability scanners, network vulnerability scanners are also quite common. These tools take into account the network itself, as well as computers, servers, mobile devices and any other asset accessing a network. This helps businesses identify vulnerable devices and abnormal behaviors within a network to identify and remediate issues as well as improve their network's security posture. Many even provide visual tools for mapping networks and their associated assets to simplify the management and prioritization of vulnerabilities requiring remediation. **Cloud environments —** Not to be confused with cloud-based solutions delivered in a SaaS model, cloud vulnerability scanners examine cloud services, cloud computing environments, and integrated connections. Like network vulnerability scanners, cloud environments require an examination on a few levels. Cloud assets come in many forms including devices, domains, and instances; but all must be accounted for and scanned. In a properly secured cloud computing environment, integrations and API connections, assets, and environments must all be mapped, configurations must be monitored, and requirements must be enforced. ### What are the Common Features of Vulnerability Scanner Software? Vulnerability scanners can provide a wide range of features, but here are a few of the most common found in the market. **Network mapping —** Network mapping features provide a visual representation of network assets including endpoints, servers, and mobile devices to intuitively demonstrate an entire network’s components. **Web inspection —** Web inspection features are used to assess the security of a web application in the context of its availability. This includes site navigation, taxonomies, scripts, and other web-based operations that may impact a hacker’s abilities. [**Defect tracking**](https://www.g2.com/categories/vulnerability-scanner/f/issue-tracking) **—** Defect and issue tracking functionality helps users discover and document vulnerabilities and track them to their source through the resolution process. **Interactive scanning —** Interactive scanning or interactive application security testing features allow a user to be directly involved in the scanning process, watch tests in real time, and perform ad hoc tests. [**Perimeter scanning**](https://www.g2.com/categories/vulnerability-scanner/f/perimeter-scanning) **—** Perimeter scanning will analyze assets connected to a network or cloud environment for vulnerabilities. [**Black box testing**](https://www.g2.com/categories/vulnerability-scanner/f/black-box-testing) **—** Black box scanning refers to tests conducted from the hacker’s perspective. Black box scanning examines functional applications externally for vulnerabilities like SQL injection or XSS. **Continuous monitoring —** Continuous monitoring allows users to set it and forget it. They enable scanners to run all the time as they alert users of new vulnerabilities. [**Compliance monitoring**](https://www.g2.com/categories/vulnerability-scanner/f/compliance-testing) **—** Compliance-related monitoring features are used to monitor data quality and send alerts based on violations or misuse. **Asset discovery —** Asset discovery features unveil applications in use and trends associated with asset traffic, access, and usage. **Logging and reporting —** Log documentation and reporting provides required reports to manage operations. It provides adequate logging to troubleshoot and support auditing. **Threat intelligence —** Threat intelligence features integrate with or store information related to common threats and how to resolve them once incidents occur. **Risk analysis —** Risk scoring and risk analysis features identify, score, and prioritize security risks, vulnerabilities, and compliance impacts of attacks and breaches. **Extensibility —** Extensibility and integration features provide the ability to extend the platform or product to include additional features and functionalities. Many vulnerability scanner tools will also offer the following features:  - [Configuration monitoring capabilities](https://www.g2.com/categories/vulnerability-scanner/f/configuration-monitoring) - [Automated scan capabilities](https://www.g2.com/categories/vulnerability-scanner/f/automated-scans) - [Manual application testing capabilities](https://www.g2.com/categories/vulnerability-scanner/f/manual-application-testing) - [Static code analysis capabilities](https://www.g2.com/categories/vulnerability-scanner/f/static-code-analysis) ### Potential Issues with Vulnerability Scanner Software **False positives —** False positives are one of the most common issues with security tools. They indicate a tool is not running efficiently and introduce lots of unnecessary labor. Users should examine figures related to specific products and their accuracy before purchasing a solution. **Integrations —** Integrations can make an application or product do virtually anything, but only if the integration is supported. If a specific solution must be integrated or a specific data source is highly relevant, be sure it’s compatible with the vulnerability scanner before making that decision. **Scalability —** Scalability is always important, especially for growing teams. Cloud and SaaS-based solutions are traditionally the most scalable, but desktop and open source tools may be as well. Scalability will be important for teams considering collaborative use, concurrent use, and multi-application and environment scanning. ### Software and Services Related to Vulnerability Scanner Software These technology families are either closely related to vulnerability scanners or there is frequent overlap between products. [**Risk-based vulnerability management software**](https://www.g2.com/categories/risk-based-vulnerability-management) **—** Risk-based vulnerability management software is used to analyze security posture based on a wide array of risk factors. From there, companies prioritize vulnerabilities based on their risk score. These tools often have some overlapping features, but they’re more geared towards prioritizing risks in large organizations rather than identifying vulnerabilities to individual applications or environments. [**Dynamic application security testing (DAST) software**](https://www.g2.com/categories/dynamic-application-security-testing-dast) **—** DAST software is very closely related to vulnerability scanners and are sometimes used interchangeably. The differentiating factor here, though, is the ability to scan networks, cloud services, and IT assets in addition to applications. While they do scan for vulnerabilities, they won’t allow users to map networks, visualize environments, or examine vulnerabilities beyond the scope of the application. [**Static application security testing (SAST) software**](https://www.g2.com/categories/static-application-security-testing-sast) **—** SAST software is not that similar to vulnerability scanners, unlike DAST tools. SAST tools allow for the examination of source code and non-operational application components. They also can’t simulate attacks or perform functional security tests. Still, these can be useful for defect and bug tracking if the vulnerability is rooted in an application’s source code. [**Penetration testing software**](https://www.g2.com/categories/penetration-testing) **—** Penetration testing software is one aspect of vulnerability scanning, but a penetration test will not provide a wide variety of security tests. They are useful for testing common attack types, but they won’t be very effective in identifying and remediating the root cause of a vulnerability.