# Best Vulnerability Scanner Software - Page 3 *By [Lauren Worth](https://research.g2.com/insights/author/lauren-worth)* Vulnerability scanners continuously monitor applications and networks against an up-to-date database of known vulnerabilities, identifying potential exploits, producing analytical reports on the security state of applications and networks, and providing recommendations to remedy known issues. ### Core Capabilities of Vulnerability Scanner Software To qualify for inclusion in the Vulnerability Scanner category, a product must: - Maintain a database of known vulnerabilities - Continuously scan applications for vulnerabilities - Produce reports analyzing known vulnerabilities and new exploits ### Common Use Cases for Vulnerability Scanner Software Security and IT teams use vulnerability scanners to proactively identify and address weaknesses before they can be exploited. Common use cases include: - Running scheduled and on-demand scans of applications and network infrastructure for known CVEs - Generating prioritized vulnerability reports to guide remediation efforts - Testing application and network security posture as part of ongoing compliance and risk management programs ### How Vulnerability Scanner Software Differs from Other Tools Some vulnerability scanners operate similarly to [dynamic application security testing (DAST)](https://www.g2.com/categories/dynamic-application-security-testing-dast) tools, but the key distinction is that vulnerability scanners test applications and networks against known vulnerability databases rather than mimicking real-world attacks or performing penetration tests. DAST tools simulate attacker behavior to uncover runtime vulnerabilities, while scanners focus on identification and reporting of known weaknesses. ### Insights from G2 on Vulnerability Scanner Software Based on category trends on G2, continuous scanning and comprehensive vulnerability reporting stand out as standout capabilities. Faster identification of critical exposures and improved compliance readiness stand out as primary benefits of adoption. ## Category Overview **Total Products under this Category:** 220 ## Trust & Credibility Stats **Why You Can Trust G2's Software Rankings:** - 30 Analysts and Data Experts - 7,100+ Authentic Reviews - 220+ Products - Unbiased Rankings G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category. ## Best Vulnerability Scanner Software At A Glance - **Leader:** [Wiz](https://www.g2.com/products/wiz-wiz/reviews) - **Highest Performer:** [BugDazz API Scanner](https://www.g2.com/products/bugdazz-api-scanner/reviews) - **Easiest to Use:** [Wiz](https://www.g2.com/products/wiz-wiz/reviews) - **Top Trending:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews) - **Best Free Software:** [Wiz](https://www.g2.com/products/wiz-wiz/reviews) --- **Sponsored** ### Aikido Security Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido helps teams of any size ship secure software faster, automate protection, and simulate real-world attacks with AI-driven precision. The platform’s proprietary AI cuts noise by 95%, delivers one-click fixes, and saves developers 10+ hours per week. Aikido Intel proactively uncovers vulnerabilities in open source packages before disclosure, helping secure more than 50,000 organizations worldwide, including Revolut, Niantic, Visma, Montblanc, and GoCardless. [Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&secure%5Bad_slot%5D=category_product_list&secure%5Bcategory_id%5D=1423&secure%5Bdisplayable_resource_id%5D=1423&secure%5Bdisplayable_resource_type%5D=Category&secure%5Bmedium%5D=sponsored&secure%5Bplacement_reason%5D=page_category&secure%5Bplacement_resource_ids%5D%5B%5D=1423&secure%5Bprioritized%5D=false&secure%5Bproduct_id%5D=1259627&secure%5Bresource_id%5D=1423&secure%5Bresource_type%5D=Category&secure%5Bsource_type%5D=category_page&secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fvulnerability-scanner%2Ff%2Fstatic-code-analysis&secure%5Btoken%5D=d5bf95bc32cee2f8f3100f9bec1c081342187eb11b1676d736691f651fa3ee7e&secure%5Burl%5D=https%3A%2F%2Faikido.dev%2F&secure%5Burl_type%5D=custom_url&secure%5Bvisitor_segment%5D=180) --- ## Top-Rated Products (Ranked by G2 Score) ### 1. [Aqua Security](https://www.g2.com/products/aqua-security/reviews) Aqua Security sees and stops attacks across the entire cloud native application lifecycle in a single, integrated platform. From software supply chain security for developers to cloud security and runtime protection for security teams, Aqua helps customers reduce risk while building the future of their businesses. The Aqua Platform is the industry’s most comprehensive Cloud Native Application Protection Platform (CNAPP). Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries. **Average Rating:** 4.2/5.0 **Total Reviews:** 57 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 8.5/10 (Category avg: 9.2/10) - **Detection Rate:** 7.7/10 (Category avg: 8.9/10) - **Automated Scans:** 8.3/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 6.8/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Aqua Security Software Ltd](https://www.g2.com/sellers/aqua-security-software-ltd) - **Year Founded:** 2015 - **HQ Location:** Burlington, US - **Twitter:** @AquaSecTeam (7,690 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/aquasecteam/ (499 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer Software, Financial Services - **Company Size:** 56% Enterprise, 39% Mid-Market #### Pros & Cons **Pros:** - Security (19 reviews) - Ease of Use (18 reviews) - Features (12 reviews) - Detection (10 reviews) - Vulnerability Identification (9 reviews) **Cons:** - Missing Features (9 reviews) - Lack of Features (6 reviews) - Limited Features (6 reviews) - Difficult Navigation (4 reviews) - Improvement Needed (4 reviews) ### 2. [Harness Platform](https://www.g2.com/products/harness-platform/reviews) Simplify your developer experience with the world's first AI-augmented software delivery platform. Upgrade your software delivery with Harness' innovative CI/CD, Feature Flags, Infrastructure as Code Management, and Chaos Engineering tools. We are a software delivery platform that helps developers and infrastructure engineers build and ship code for cloud and on-premise projects. We automate the continuous integration and continuous delivery (CI/CD) process to help teams build faster, ship more frequently, and improve quality, efficiency, and governance. We help companies in four key areas: Number one, we accelerate innovation through DevOps modernization. We provide an approach for software delivery that automates processes, reduces manual interventions, consolidates tools, and accelerates time-to-market for new products, features, and fixes. Number two, we improve developer experience. We give you the ability to attract, retain, and onboard high-caliber engineering talent while fostering a culture of continuous innovation and improvement. Number three, we secure software delivery. We give you the ability to integrate security into every phase of the SDLC. And last but not least is, we optimize cloud costs. We give you the ability to eliminate waste and to ensure that appropriate cloud resources are allocated at the right place at the right time. **Average Rating:** 4.6/5.0 **Total Reviews:** 277 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.2/10) - **Detection Rate:** 7.9/10 (Category avg: 8.9/10) - **Automated Scans:** 8.3/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 7.1/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Harness](https://www.g2.com/sellers/harness-25016f40-e80f-4417-bea8-39412055d17a) - **Company Website:** https://harness.io/ - **Year Founded:** 2018 - **HQ Location:** San Francisco - **Twitter:** @HarnessWealth (1,405 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/harnessinc/ (1,611 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Software Engineer, DevOps Engineer - **Top Industries:** Computer Software, Financial Services - **Company Size:** 41% Enterprise, 39% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (113 reviews) - Features (72 reviews) - Feature Flags (49 reviews) - Easy Setup (40 reviews) - Easy Integrations (31 reviews) **Cons:** - Missing Features (23 reviews) - Limitations (20 reviews) - Limited Features (20 reviews) - Learning Curve (17 reviews) - Poor UI (16 reviews) ### 3. [Acunetix by Invicti](https://www.g2.com/products/acunetix-by-invicti/reviews) Acunetix (by Invicti) is an automated application security testing tool that enables small security teams to tackle huge application security challenges. With fast scanning, comprehensive results, and intelligent automation, Acunetix helps organizations to reduce risk across all types of web applications, websites, and APIs. With Acunetix, security teams can: - Save time and resources by automating manual security processes - Work more seamlessly with developers, or embrace DevSecOps by integrating directly into development tools - Feel confident that every web application has been crawled entirely thanks to DAST + IAST scanning and intelligent crawling technology - Finally, make web application and API security a priority and not just an add-on with a solution that is dedicated to application and API security 100% of the time You can depend on Acunetix to meet your organization’s needs today and face the challenges of modern web technology together tomorrow. **Average Rating:** 4.1/5.0 **Total Reviews:** 100 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 8.2/10 (Category avg: 9.2/10) - **Detection Rate:** 8.5/10 (Category avg: 8.9/10) - **Automated Scans:** 8.6/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 7.9/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Invicti Security](https://www.g2.com/sellers/invicti-security-04cb0d3d-fd96-45b2-83dc-2038fc9dac92) - **Company Website:** https://www.invicti.com/ - **Year Founded:** 2018 - **HQ Location:** Austin, Texas - **Twitter:** @InvictiSecurity (2,565 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/invicti-security/people/ (332 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 40% Enterprise, 34% Mid-Market #### Pros & Cons **Pros:** - Vulnerability Detection (7 reviews) - Ease of Use (6 reviews) - Security (5 reviews) - Vulnerability Identification (5 reviews) - Accuracy of Results (4 reviews) **Cons:** - Expensive (4 reviews) - Complexity (3 reviews) - Complex Setup (3 reviews) - Slow Scanning (3 reviews) - Difficult Customization (2 reviews) ### 4. [Bright Security](https://www.g2.com/products/bright-security/reviews) Bright Security’s dev-centric DAST platform empowers both developers and AppSec professionals with enterprise-grade security testing capabilities for web applications, APIs, and GenAI and LLM applications. Bright knows how to deliver the right tests, at the right time in the SDLC, in developers and AppSec tools and stacks of choice with minimal false positives and alert fatigue. **Average Rating:** 4.7/5.0 **Total Reviews:** 29 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.2/10) - **Detection Rate:** 7.8/10 (Category avg: 8.9/10) - **Automated Scans:** 8.3/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.3/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Bright Security ](https://www.g2.com/sellers/bright-security) - **Year Founded:** 2018 - **HQ Location:** San Rafael - **Twitter:** @BrightAppSec (1,519 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/brightappsec (118 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer & Network Security, Information Technology and Services - **Company Size:** 52% Enterprise, 34% Mid-Market #### Pros & Cons **Pros:** - Accuracy of Results (4 reviews) - Automated Scanning (4 reviews) - Ease of Use (4 reviews) - Detection (3 reviews) - Easy Integrations (3 reviews) **Cons:** - Learning Curve (3 reviews) - Complex Setup (2 reviews) - Setup Complexity (2 reviews) - Complexity (1 reviews) - Confusing Interface (1 reviews) ### 5. [Cyrisma](https://www.g2.com/products/cyrisma/reviews) Cyrisma helps MSPs and MSSPs turn cyber risk and compliance into revenue. Its unified platform combines vulnerability management, data and asset discovery, compliance tracking, secure configuration, and dark web monitoring into one continuous experience - enabling partners to identify, prioritize, and remediate cyber risk efficiently. With executive-ready reporting, risk monetization insights, and elegant visuals, Cyrisma helps MSPs demonstrate measurable value, strengthen client relationships, and scale their security services profitably. **Average Rating:** 4.6/5.0 **Total Reviews:** 59 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10) - **Detection Rate:** 8.7/10 (Category avg: 8.9/10) - **Automated Scans:** 8.7/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 7.9/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Cyrisma](https://www.g2.com/sellers/cyrisma) - **Company Website:** https://www.cyrisma.com/ - **Year Founded:** 2018 - **HQ Location:** Rochester, NY - **Twitter:** @Cyrisma_USA (43 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/cyrisma/ (15 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** CEO - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 76% Small-Business, 22% Mid-Market #### Pros & Cons **Pros:** - Time-saving (13 reviews) - Ease of Use (12 reviews) - Customer Support (10 reviews) - Features (9 reviews) - Vulnerability Identification (9 reviews) **Cons:** - Missing Features (4 reviews) - Not User-Friendly (4 reviews) - Integration Issues (3 reviews) - Limited Flexibility (3 reviews) - Poor Customer Support (3 reviews) ### 6. [Probely](https://www.g2.com/products/probely/reviews) Probely is a web vulnerability scanner that enables customers to easily test the security of their Web Applications & APIs. Our goal is to narrow the gap between development, security, and operations by making security an intrinsic characteristic of web applications development life-cycle, and only report security vulnerabilities that matter, false-positive free and with simple instructions on how to fix them. Probely allows Security teams to efficiently scale security testing by shifting security testing to Development or DevOps teams. We adapt to our customers’ internal processes and integrate Probely into their stack. Probely scan restful APIs, websites, and complex web applications, including rich Javascript applications such as single-page applications (SPA). It detects over 20,000 vulnerabilities, including SQL injection, Cross-Site Scripting (XSS), Log4j, OS Command Injection, and SSL/TLS issues. **Average Rating:** 4.7/5.0 **Total Reviews:** 19 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.8/10 (Category avg: 9.2/10) - **Detection Rate:** 9.6/10 (Category avg: 8.9/10) - **Automated Scans:** 10.0/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 9.2/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Probely](https://www.g2.com/sellers/probely) - **Year Founded:** 2016 - **HQ Location:** Porto, PT - **Twitter:** @probely (528 Twitter followers) - **LinkedIn® Page:** https://pt.linkedin.com/company/probely (4 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 47% Small-Business, 37% Mid-Market ### 7. [Contrast Security](https://www.g2.com/products/contrast-security-contrast-security/reviews) Contrast Security is the global leader in Application Detection and Response (ADR), empowering organizations to see and stop attacks on applications and APIs in real time. Contrast embeds patented threat sensors directly into the software, delivering unmatched visibility and protection. With continuous, real-time defense, Contrast uncovers hidden application layer risks that traditional solutions miss. Contrast’s powerful Runtime Security technology equips developers, AppSec teams and SecOps with one platform that proactively protects and defends applications and APIs against evolving threats. **Average Rating:** 4.5/5.0 **Total Reviews:** 49 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.0/10 (Category avg: 9.2/10) **Seller Details:** - **Seller:** [Contrast Security](https://www.g2.com/sellers/contrast-security) - **Company Website:** https://contrastsecurity.com - **Year Founded:** 2014 - **HQ Location:** Pleasanton, CA - **Twitter:** @contrastsec (5,483 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/contrast-security/ (224 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Insurance, Information Technology and Services - **Company Size:** 67% Enterprise, 20% Mid-Market #### Pros & Cons **Pros:** - Accuracy of Findings (2 reviews) - Accuracy of Results (2 reviews) - Vulnerability Detection (2 reviews) - Automated Scanning (1 reviews) - Automation (1 reviews) **Cons:** - Complex Setup (1 reviews) - Difficult Setup (1 reviews) - Performance Issues (1 reviews) - Problematic Updates (1 reviews) - Setup Complexity (1 reviews) ### 8. [StackHawk](https://www.g2.com/products/stackhawk/reviews) StackHawk is reimagining AppSec for AI-driven development, where applications are built faster than traditional AppSec tools can keep up. Our AppSec Intelligence Platform combines scalable runtime testing with complete attack surface discovery from source code. We integrate directly into development workflows and provide context-aware remediations to developers, enabling teams to find and fix exploitable vulnerabilities before they reach production. With real-time visibility and centralized program intelligence, AppSec teams can prioritize testing and fixing what matters. Companies like British Airways, ITV, and Norstella trust StackHawk to evaluate application risk, prove program value, and scale testing coverage to match development velocity. **Average Rating:** 4.6/5.0 **Total Reviews:** 67 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.1/10 (Category avg: 9.2/10) - **Detection Rate:** 8.7/10 (Category avg: 8.9/10) - **Automated Scans:** 8.7/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 5.3/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [StackHawk](https://www.g2.com/sellers/stackhawk) - **Company Website:** https://stackhawk.com - **Year Founded:** 2019 - **HQ Location:** Denver, CO - **Twitter:** @StackHawk (1,139 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/40780406/ (44 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 46% Small-Business, 35% Mid-Market #### Pros & Cons **Pros:** - Easy Integrations (10 reviews) - Customer Support (9 reviews) - Ease of Use (9 reviews) - Integrations (7 reviews) - Scanning Efficiency (5 reviews) **Cons:** - Setup Complexity (5 reviews) - Complex Setup (4 reviews) - High Learning Curve (3 reviews) - Lacking Features (3 reviews) - Limited Scope (3 reviews) ### 9. [Threatspy](https://www.g2.com/products/secure-blink-threatspy/reviews) Threatspy, is a developer-first, AI-powered AppSec management platform. Threatspy empowers developers and security teams to proactively identify and mitigate both known and unknown vulnerabilities in applications and APIs through automated detection, prioritization, and remediation processes. By leveraging Threatspy, organisations can enhance their security posture, reduce risk, and ensure the resilience of their digital infrastructure. **Average Rating:** 4.7/5.0 **Total Reviews:** 24 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10) - **Detection Rate:** 9.7/10 (Category avg: 8.9/10) - **Automated Scans:** 9.4/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 9.7/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Secure Blink](https://www.g2.com/sellers/secure-blink) - **Year Founded:** 2020 - **HQ Location:** Lewes, Delaware - **LinkedIn® Page:** https://www.linkedin.com/company/secure-blink/ (9 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services - **Company Size:** 42% Mid-Market, 42% Small-Business #### Pros & Cons **Pros:** - Security (6 reviews) - Ease of Use (5 reviews) - Vulnerability Identification (5 reviews) - Customer Support (4 reviews) - Efficiency Improvement (3 reviews) **Cons:** - Limited Customization (1 reviews) - Poor Customer Support (1 reviews) - Slow Scanning (1 reviews) - Vulnerability Management (1 reviews) ### 10. [Defendify All-In-One Cybersecurity Solution](https://www.g2.com/products/defendify-all-in-one-cybersecurity-solution/reviews) Founded in 2017, Defendify is pioneering All-In-One Cybersecurity® for organizations with growing security needs, backed by experts offering ongoing guidance and support. Delivering multiple layers of protection, Defendify provides an all-in-one, easy-to-use platform designed to strengthen cybersecurity across people, process, and technology, continuously. With Defendify, organizations streamline cybersecurity assessments, testing, policies, training, detection, response & containment in one consolidated and cost-effective cybersecurity solution. 3 layers, 13 solutions, 1 platform, including: • Managed Detection & Response • Cyber Incident Response Plan • Cybersecurity Threat Alerts • Phishing Simulations • Cybersecurity Awareness Training • Cybersecurity Awareness Videos • Cybersecurity Awareness Posters & Graphics • Technology Acceptable Use Policy • Cybersecurity Risk Assessments • Penetration Testing • Vulnerability Scanning • Compromised Password Scanning • Website Security Scanning See Defendify in action at www.defendify.com. **Average Rating:** 4.7/5.0 **Total Reviews:** 57 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.8/10 (Category avg: 9.2/10) - **Detection Rate:** 9.2/10 (Category avg: 8.9/10) - **Automated Scans:** 9.4/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.9/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Defendify](https://www.g2.com/sellers/defendify) - **Year Founded:** 2017 - **HQ Location:** Portland, Maine - **Twitter:** @defendify (307 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/11098948/ (38 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 65% Small-Business, 35% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (8 reviews) - Cybersecurity (6 reviews) - Easy Setup (5 reviews) - Insights (5 reviews) - Monitoring (5 reviews) **Cons:** - Inadequate Reporting (4 reviews) - Poor Reporting (4 reviews) - Lack of Information (2 reviews) - Limited Customization (2 reviews) - Limited Features (2 reviews) ### 11. [ARMO Platform](https://www.g2.com/products/armo-platform/reviews) ARMO Platform is the only runtime-driven, open-source first, cloud security platform. It is the only security platform that continuously minimizes cloud attack surface based on runtime insights, while actively detecting and responding to cyberattacks with real risk context. Using an eBPF-based runtime sensor to record application behavior and related activities, ARMO Platform enables DevOps, security, and platform teams to eliminate the security noise and go from thousands of irrelevant alerts to focus on the most important and exploitable threats. This allows those teams to shift from managing hypothetical security issues to mitigating actual risks and providing them with the means to remediate them. ARMO is an open-source-driven company and the creator of Kubescape, a leading open-source Kubernetes security project, now an official CNCF project. To learn more about ARMO Platform please visit: https://www.armosec.io/ **Average Rating:** 4.5/5.0 **Total Reviews:** 44 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.2/10) - **Detection Rate:** 8.4/10 (Category avg: 8.9/10) - **Automated Scans:** 8.7/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.2/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [ARMO](https://www.g2.com/sellers/armo) - **Year Founded:** 2019 - **HQ Location:** Tel Aviv, IL - **Twitter:** @armosec (3,094 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/armosec/ (88 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 59% Small-Business, 36% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (20 reviews) - Security (19 reviews) - Features (16 reviews) - Vulnerability Detection (12 reviews) - Comprehensive Security (11 reviews) **Cons:** - Learning Curve (10 reviews) - Integration Issues (9 reviews) - Difficult Learning (7 reviews) - Limited Integrations (6 reviews) - Missing Features (6 reviews) ### 12. [DefectDojo](https://www.g2.com/products/defectdojo/reviews) DefectDojo unifies and automates vulnerability management, enabling security teams to focus on strategic, data-driven analysis. We help teams reduce time spent on manual tracking and consolidate vulnerabilities from existing tools for seamless vulnerability management. **Average Rating:** 4.6/5.0 **Total Reviews:** 11 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10) - **Detection Rate:** 8.5/10 (Category avg: 8.9/10) - **Automated Scans:** 6.9/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.3/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [DefectDojo](https://www.g2.com/sellers/defectdojo) - **Year Founded:** 2017 - **HQ Location:** Austin, US - **Twitter:** @defectdojo (701 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/defectdojo/ (22 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer & Network Security - **Company Size:** 64% Mid-Market, 36% Small-Business ### 13. [Evolve Security](https://www.g2.com/products/evolve-security-evolve-security/reviews) Evolve Security's patent pending Darwin Attack® platform is a comprehensive collaboration and management tool designed to help organizations manage their cybersecurity services and reduce risks of successful cyberattacks. The platform serves as a repository for research, vulnerability and attack details, compliance requirements, remediation recommendations, and mitigating controls. It also functions as a security feed, collaboration tool, tracking tool, management platform, and reporting platform. The platform enables organizations to actively manage their security program by providing real-time updates on testing progress and findings, which allows for timely remediation. Darwin Attack® is constantly updated with new information and functionality to ensure that it remains effective and efficient in meeting the needs of Evolve Security's clients. **Average Rating:** 4.8/5.0 **Total Reviews:** 51 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.8/10 (Category avg: 9.2/10) - **Detection Rate:** 9.2/10 (Category avg: 8.9/10) - **Automated Scans:** 9.2/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.6/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Evolve Security](https://www.g2.com/sellers/evolve-security) - **Year Founded:** 2016 - **HQ Location:** Chicago, Illinois - **Twitter:** @theevolvesec (787 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/evolve-security/ (70 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 71% Mid-Market, 20% Small-Business #### Pros & Cons **Pros:** - Actionable Intelligence (2 reviews) - Communication (2 reviews) - Ease of Use (2 reviews) - Vulnerability Detection (2 reviews) - Vulnerability Identification (2 reviews) ### 14. [Runecast](https://www.g2.com/products/runecast/reviews) Runecast is an enterprise CNAPP platform which saves your Security and Operations teams time and resources by enabling a proactive approach to ITOM, CSPM, and compliance. It helps you proactively remediate vulnerabilities for continuous compliance, whether on-prem, cloud or containers. By proactively using our agentless scanning in real-time admins discover potential risks and remediation solutions before any issues can develop into a major outage. Runecast’s AI-RAIKA, leverages advanced natural language processing (NLP) capabilities to interpret a vast amount of information to provide automated audits for security compliance standards, vulnerabilities (such as KEVs, CVEs or VMSAs) and technology vendor best practices. The platform has been recognized with Frost & Sullivan's 2023 European New Product Innovation Award in the CNAPP industry for its strong overall performance and commitment to user experience. NAVIGATING YOUR COMPLEXITY Runecast helps teams with a simpler transition to cloud, enabling admins to fully understand their hybrid environments and Cloud Security Posture Management (CSPM) and Kubernetes Security Posture Management (KSPM). Running securely on-premises, it provides insights into what is happening both in the cloud and on-site. IMMEDIATE VALUE FOR TEAMS As Runecast helps teams to stabilize availability and ensure security compliance, it contributes also to greater ROI for both existing and future investments with AWS, Azure, Kubernetes and VMware. FULLY ON-PREM SECURE Operates fully on-prem to analyze your hybrid-cloud environment, so that your data remains safely on-site. To provide additional security, Runecast features a customizable, transparent rules engine. RUNECAST FOR SECURITY AND COMPLIANCE Vulnerability Management Regular automated scanning, recommendations, remediation, and the ability to set up vulnerability management policies are just some of the requirements many enterprises have. The Runecast platform is constantly updated to detect the latest vulnerabilities for all of the supported technologies. Container Security Runecast scans container images for known vulnerabilities and misconfigurations, and can also detect runtime issues such as exposed ports and running processes. It also provides a public API which can be used in your CI/CD platform to analyze the container images and whether they are vulnerable or not to known vulnerabilities, before deploying them in production. Compliance with Security Standards Runecast offers automated audits against security hardening guidelines and common industry standards like CIS Benchmarks, NIST 800-53, PCI DSS, HIPAA, DISA STIG 6, GDPR, KVKK (Turkey), ISO 27001, BSI IT-Grundschutz, Essential 8 and Cyber Essentials Security Standard. RUNECAST FOR IT OPERATIONS TEAMS Vendor Best Practices for Security Hardening Runecast continuously monitors your complex environment, reporting violations and providing recommendations against Vendor Best Practices. It maintains a database with Best Practices of the latest AWS, Azure, Kubernetes, GCP, VMware and Windows and Linux OS. It analyzes your environment to detect any configuration issues against Vendor Best Practices. This delivers valuable insights to improve the stability and security of your infrastructure. Configuration Vault Tracks your configuration to help you prevent drift. Reports your entire configuration and provides the ability to compare your configurations over time. Hardware Compatibility and Upgrade Stimulations Runecast has automated the process of validating the hardware compliance of hosts and clusters against a selected ESXi version, ensuring compliance with the VMware Compatibility Guide (VCG) and vSAN Hardware Compatibility List (vSAN HCL). The AI-powered platform runs a quick and automated analysis using the latest HCL for your servers, I/O devices, and vSAN controllers. For upgrade planning, admins can see the results of multiple HCL upgrade simulation scenarios within seconds, and the findings are presented in a comprehensive way with details about any non-compatibility and how to resolve it. Validates your hardware, drivers, and firmware against current and upstream releases of ESXi for faster upgrade planning. Remediation Scripts A growing number of findings in Runecast offer remediation actions – allowing you to download the customized script to perform the reconfiguration. Some rules offer more than one remediation option, for example PowerCLI and Ansible. SUPPORTED SERVICES SUPPORTED SYSTEMS: AWS, Azure GCP, Kubernetes (1.20 and above), VMware (VMware vSphere, NSX-V, NSX-T, VMware Horizon, VMware Cloud Director, AP HANA for VMware, VMware on Nutanix, Pure Storage), Windows (Microsoft Windows) and Linux OS (RHEL 8, CentOS 7). SECURITY STANDARDS: CIS Benchmarks, NIST 800-53, PCI DSS, HIPAA, DISA STIG 6, GDPR, KVKK (Turkey), ISO 27001, BSI IT-Grundschutz, Essential 8 and Cyber Essentials Security Standard. INTEGRATIONS: Jira, ServiceNow, vSphere Client Plugin, OpenID Connect, REST API, HPE Ezmeral. REMEDIATION TOOLS: Ansible (VMware), PowerCLI (VMware), AWS CLI (AWS), AWS Tools for PowerShell (AWS), GCP CLI **Average Rating:** 4.8/5.0 **Total Reviews:** 21 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.2/10) - **Detection Rate:** 10.0/10 (Category avg: 8.9/10) - **Automated Scans:** 10.0/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 10.0/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Runecast Solutions](https://www.g2.com/sellers/runecast-solutions) - **Year Founded:** 2014 - **HQ Location:** London, London - **Twitter:** @Runecast (1,101 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/5226278 (14 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 48% Enterprise, 24% Mid-Market ### 15. [IBM Guardium Vulnerability Assessment](https://www.g2.com/products/ibm-guardium-vulnerability-assessment/reviews) IBM Guardium Vulnerability Assessment scans data infrastructures (databases, data warehouses and big data environments) to detect vulnerabilities, and suggests remedial actions. The solution identifies exposures such as missing patches, weak passwords, unauthorized changes and misconfigured privileges. Full reports are provided as well as suggestions to address all vulnerabilities. Guardium Vulnerability Assessment detects behavioral vulnerabilities such as account sharing, excessive administrative logins and unusual after-hours activity. It identifies threats and security gaps in databases that could be exploited by hackers. **Average Rating:** 4.5/5.0 **Total Reviews:** 12 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 8.9/10 (Category avg: 9.2/10) - **Automated Scans:** 10.0/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.3/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [IBM](https://www.g2.com/sellers/ibm) - **Year Founded:** 1911 - **HQ Location:** Armonk, NY - **Twitter:** @IBM (709,390 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/1009/ (324,553 employees on LinkedIn®) - **Ownership:** SWX:IBM **Reviewer Demographics:** - **Company Size:** 58% Enterprise, 25% Mid-Market ### 16. [BugProve](https://www.g2.com/products/bugprove/reviews) As former security researchers, we founded BugProve to deliver the level of security that IoT deserves! Experience peace of mind by leveraging our automated firmware analysis platform: Swift Results: Upload your firmware image and receive first results in just 5 minutes. - Supply Chain Risk Management and Compliance: Identify components and known vulnerabilities, and opt for continuous CVE monitoring for compliance assurance. - Zero-day detection: Our built-in zero-day detection engine, PRIS, detects memory corruption vulnerabilities before they can be exploited. - All-in-One Hub: Seamlessly access product security reevaluations, comparisons, and updates, presented in an easily digestible format. - Effortless Sharing: Share findings via live links or export them as PDFs for convenient reporting. Involve your product development team with AI-assisted remediation recommendations. - Accelerated Testing: Save weeks in the pentesting process, enabling you to focus on in-depth discoveries and launch more secure products, without security bottlenecks. - IoT specific, detailed scans: BugProve runs checks directly on firmware, no source code needed. We run advanced static and dynamic analysis, unique multi-binary taint analysis, cryptographic analysis, and security configuration checks. No long-term contracts, commitments, and hidden fees. What’s more, we believe you should test the platform to see what it can do, so we offer a Free Plan. Sign up, and start scanning! **Average Rating:** 4.9/5.0 **Total Reviews:** 20 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.8/10 (Category avg: 9.2/10) - **Detection Rate:** 8.7/10 (Category avg: 8.9/10) - **Automated Scans:** 9.5/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.9/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [BugProve](https://www.g2.com/sellers/bugprove) - **Year Founded:** 2021 - **HQ Location:** Budapest, HU - **Twitter:** @Bugprove (147 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/bugprove (3 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer & Network Security - **Company Size:** 90% Small-Business, 10% Enterprise ### 17. [MalCare](https://www.g2.com/products/malcare/reviews) Mitigate getting blacklisted by Google, being blocked by Webhosts or any possible security threats from the most complex malwares with MalCare's comprehensive and powerful automatic website malware scanning. **Average Rating:** 4.1/5.0 **Total Reviews:** 13 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 6.7/10 (Category avg: 9.2/10) - **Detection Rate:** 6.7/10 (Category avg: 8.9/10) - **Automated Scans:** 6.7/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 7.5/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [MalCare](https://www.g2.com/sellers/malcare) - **Year Founded:** 2016 - **HQ Location:** Bangalore, Karnataka - **Twitter:** @malcaresecurity (540 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/27206560 (1 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 92% Small-Business, 15% Mid-Market #### Pros & Cons **Pros:** - Efficiency Improvement (1 reviews) **Cons:** - False Positives (1 reviews) ### 18. [FOSSA](https://www.g2.com/products/fossa/reviews) Open source is a critical part of your software. In the average modern software product, over 80% of the source code shipped is derived from open source. Each component can have cascading legal, security, and quality implications for your customers, making it one of the most important things to manage correctly. FOSSA helps you manage your open source components. We plug into your development workflow to help your team automatically track, manage, and remediate issues with the open source you use to: - Stay compliant with software licenses and generate required attribution documents - Enforce usage and licensing policies throughout your CI/CD workflow - Monitor and remediate security vulnerabilities - Flag code quality issues and outdated components proactively By enabling open source, we help development teams increase development velocity and decrease risk. **Average Rating:** 4.2/5.0 **Total Reviews:** 15 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 8.3/10 (Category avg: 9.2/10) - **Detection Rate:** 10.0/10 (Category avg: 8.9/10) - **Automated Scans:** 10.0/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 10.0/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [FOSSA](https://www.g2.com/sellers/fossa) - **Year Founded:** 2015 - **HQ Location:** San Francisco, California - **Twitter:** @getfossa (776 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/fossa/ (56 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer Software - **Company Size:** 47% Small-Business, 33% Mid-Market #### Pros & Cons **Pros:** - Easy Integrations (1 reviews) - Issue Resolution (1 reviews) - Remediation Solutions (1 reviews) - Risk Management (1 reviews) - Security (1 reviews) ### 19. [Gomboc.AI](https://www.g2.com/products/gomboc-ai/reviews) Gomboc.AI is a platform engineering solution redefining AI Code Security Assistants (ACSA) for cloud and Infrastructure-as-Code environments. Built for DevOps and platform engineering teams, Gomboc focuses on closing the gap between security findings and reliable remediation. While many AI Code Security Assistants emphasize detection or inline suggestions, Gomboc applies deterministic AI to execute remediation directly in code. When an issue is identified, Gomboc generates a production-ready, standards-aligned code fix and delivers it as a merge-ready pull request through Git and CI/CD workflows. This approach eliminates manual triage, reduces remediation cycles, and helps teams scale secure infrastructure without slowing delivery. **Average Rating:** 3.9/5.0 **Total Reviews:** 24 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.2/10) - **Detection Rate:** 9.2/10 (Category avg: 8.9/10) - **Automated Scans:** 9.2/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 9.2/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Gomboc.AI](https://www.g2.com/sellers/gomboc-ai) - **Company Website:** https://www.gomboc.ai - **Year Founded:** 2022 - **HQ Location:** New York, US - **LinkedIn® Page:** https://www.linkedin.com/company/gomboc-ai (20 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 17% Mid-Market, 8% Enterprise #### Pros & Cons **Pros:** - Ease of Use (15 reviews) - Setup Ease (13 reviews) - Automation (8 reviews) - Security (7 reviews) - Easy Integrations (4 reviews) **Cons:** - Complex Setup (6 reviews) - Bugs (2 reviews) - Expensive (2 reviews) - Integration Issues (2 reviews) - Complexity (1 reviews) ### 20. [Detectify](https://www.g2.com/products/detectify/reviews) Detectify sets a new standard for advanced application security testing, challenging traditional DAST by providing evolving coverage of each and every exposed asset across the changing attack surface. AppSec teams trust Detectify to expose how attackers will exploit their Internet-facing applications. The Detectify platform automates continuous real-world, payload-based attacks fuelled by its global community of elite ethical hackers into its own expert-built engines, exposing critical weaknesses before it's too late. The Detectify solution includes: - Automated discovery of known and unknown digital assets via domain & cloud connectors - Continuous coverage (24/7) of every corner of the attack surface with dynamic testing. Not just predefined targets - 100% payload-based testing fuelled by elite ethical hackers for a high signal-to-noise ratio - Distributed coverage across an unmatched array of relevant technologies - Actionable remediation tips for software development teams - Team functionality to easily share reports - Powerful integrations platform to prioritize and triage vulnerability findings onward to development teams -Advanced API functionality -Capabilities to set custom attack surface security policies **Average Rating:** 4.5/5.0 **Total Reviews:** 49 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.7/10 (Category avg: 9.2/10) - **Detection Rate:** 8.5/10 (Category avg: 8.9/10) - **Automated Scans:** 8.9/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.3/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Detectify](https://www.g2.com/sellers/detectify) - **Year Founded:** 2013 - **HQ Location:** Stockholm, Sweden - **Twitter:** @detectify (11,278 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/2850066/ (96 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 47% Small-Business, 35% Mid-Market #### Pros & Cons **Pros:** - Automation (2 reviews) - Automation Testing (2 reviews) - Customizability (2 reviews) - Features (2 reviews) - Security (2 reviews) **Cons:** - Complexity (1 reviews) - Complex Queries (1 reviews) - Complex Setup (1 reviews) - Expensive (1 reviews) - Inaccuracy (1 reviews) ### 21. [Zenmap](https://www.g2.com/products/zenmap/reviews) Zenmap is the official graphical user interface (GUI) for the Nmap Security Scanner, designed to make network scanning accessible for both beginners and experienced users. This multi-platform, free, and open-source application supports operating systems such as Linux, Windows, Mac OS X, and BSD. Zenmap simplifies the process of network discovery and security auditing by providing an intuitive interface to Nmap's powerful features. Key Features and Functionality: - Profile Management: Users can save frequently used scans as profiles, enabling quick and consistent execution of routine network assessments. - Command Creation: An interactive command creator assists in building Nmap command lines, making it easier to customize scans without extensive command-line knowledge. - Result Management: Scan results can be saved for future reference, compared to identify changes over time, and are stored in a searchable database for efficient retrieval. - Network Topology Visualization: Zenmap offers an interactive, animated visualization of network topology, illustrating the relationships and paths between hosts. - Cross-Platform Compatibility: The application runs on multiple operating systems, ensuring flexibility and broad accessibility. Primary Value and User Solutions: Zenmap addresses the need for a user-friendly interface to Nmap's comprehensive network scanning capabilities. By providing graphical representations and simplified management of scan profiles and results, it enables users to efficiently monitor network security, detect unauthorized devices, and manage service upgrades. This tool is particularly valuable for system and network administrators seeking to maintain secure and well-documented network environments. **Average Rating:** 4.5/5.0 **Total Reviews:** 26 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 7.9/10 (Category avg: 9.2/10) - **Detection Rate:** 8.8/10 (Category avg: 8.9/10) - **Automated Scans:** 8.3/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 7.3/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Nmap](https://www.g2.com/sellers/nmap) - **HQ Location:** N/A - **Twitter:** @nmap (136,745 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/nmap-corp (3 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services - **Company Size:** 50% Mid-Market, 39% Small-Business #### Pros & Cons **Pros:** - Ease of Use (1 reviews) - Implementation Ease (1 reviews) **Cons:** - Issue Management (1 reviews) - Poor Interface Design (1 reviews) ### 22. [S4E](https://www.g2.com/products/s4e/reviews) S4E.io offers a cutting-edge Continuous Threat Exposure Management (CTEM) solution that leverages a robust microservice architecture to deliver unparalleled security. The platform utilizes the power of artificial intelligence to autonomously conduct comprehensive scans across various attack vectors, identifying and prioritizing potential risks in real time. By assessing vulnerabilities and defining their severity, S4E.io provides actionable insights and AI-supported remediation advice, enabling organizations to efficiently address security gaps. Furthermore, its continuous monitoring capabilities ensure that systems remain under vigilant protection, offering round-the-clock surveillance to detect and respond to emerging threats fastly. With S4E.io, businesses can fortify their defenses with advanced, automated, and intelligent security measures, ensuring a proactive approach to safeguarding digital assets. To visit our pricing packages to get an opinion. https://s4e.io/pricing Pleese do not hesitate to contact with our sales team to benefit discounted rates! sales@s4e.io **Average Rating:** 4.4/5.0 **Total Reviews:** 18 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.2/10) - **Detection Rate:** 8.8/10 (Category avg: 8.9/10) - **Automated Scans:** 9.8/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.9/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Security For Everyone](https://www.g2.com/sellers/security-for-everyone) - **Year Founded:** 2020 - **HQ Location:** Tallinn, EE - **Twitter:** @secforeveryone (7,102 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/secforeveryone/ (28 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services - **Company Size:** 61% Small-Business, 33% Mid-Market #### Pros & Cons **Pros:** - Security (4 reviews) - Vulnerability Identification (3 reviews) - Automated Scanning (2 reviews) - Features (2 reviews) - Automation (1 reviews) **Cons:** - Learning Curve (1 reviews) - Navigation Issues (1 reviews) ### 23. [Rainforest Application](https://www.g2.com/products/rainforest-technologies-rainforest-application/reviews) Rainforest is the all-in-one cyber security platform with an end-to-end approach to simplify corporate reputation protection by using multiple intelligences and proactive observability, adding Application and Cloud Security (from DevOps to DevSecOps), Vulnerability Intelligence, and Brand reputation (Fraud and Leak monitoring). Rainforest Application, Rainforest Cloud, and Rainforest Asset modules allow development and security teams have visibility of all applications lifecycle, in a simple and quick way, providing vulnerability management always that a new line is coded. Rainforest Fraud, Rainforest Leak, and Rainforest Asset build an integrated vision of Vulnerability and Brand Intelligence, guiding security and compliance teams in an efficient manner on potential exposure points, according to their importance to the business regarding the company's reputation. **Average Rating:** 4.9/5.0 **Total Reviews:** 12 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.8/10 (Category avg: 9.2/10) - **Detection Rate:** 9.0/10 (Category avg: 8.9/10) - **Automated Scans:** 9.0/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 9.3/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Rainforest Technologies](https://www.g2.com/sellers/rainforest-technologies) - **HQ Location:** Wilmington, Delaware - **LinkedIn® Page:** https://www.linkedin.com/company/80967943 (12 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 42% Small-Business, 42% Mid-Market ### 24. [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews) Veracode helps companies that innovate through software deliver secure code on time. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline,empower developers to fix security defects, and scales your program through best practices to achieve your desired outcomes. Veracode covers your all your AppSec needs in one solution through a combination of five analysis types available for 24 programming languages, 77 frameworks, and application types as varied as microservices, mainframe and mobile apps. **Average Rating:** 3.8/5.0 **Total Reviews:** 24 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 7.9/10 (Category avg: 9.2/10) - **Detection Rate:** 8.3/10 (Category avg: 8.9/10) - **Automated Scans:** 9.2/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 9.4/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [VERACODE](https://www.g2.com/sellers/veracode) - **Year Founded:** 2006 - **HQ Location:** Burlington, MA - **Twitter:** @Veracode (21,994 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/27845/ (515 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services - **Company Size:** 72% Enterprise, 28% Mid-Market #### Pros & Cons **Pros:** - Security (2 reviews) - Vulnerability Detection (2 reviews) - Accuracy of Results (1 reviews) - Automated Scanning (1 reviews) - Code Quality (1 reviews) **Cons:** - Expensive (1 reviews) - Licensing Issues (1 reviews) - Pricing Issues (1 reviews) ### 25. [HostedScan.com](https://www.g2.com/products/hostedscan-com/reviews) HostedScan provides 24x7 alerts and detection for security vulnerabilities. Industry-standard, open-source, vulnerability scans. Automated alerts when something changes. Manage target list manually or import automatically from providers, such as AWS, DigitalOcean, and Linode, with read-only access. Manage and audit risks with dashboarding and reporting. **Average Rating:** 4.3/5.0 **Total Reviews:** 13 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 8.3/10 (Category avg: 9.2/10) - **Detection Rate:** 9.2/10 (Category avg: 8.9/10) - **Automated Scans:** 10.0/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 10.0/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [HostedScan](https://www.g2.com/sellers/hostedscan) - **Year Founded:** 2019 - **HQ Location:** Seattle, Washington - **Twitter:** @hostedscan (59 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/69116669 (5 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 85% Small-Business, 15% Mid-Market ## Parent Category [DevSecOps Software](https://www.g2.com/categories/devsecops) ## Related Categories - [Penetration Testing Tools](https://www.g2.com/categories/penetration-testing-tools) - [Dynamic Application Security Testing (DAST) Software](https://www.g2.com/categories/dynamic-application-security-testing-dast) - [Risk-Based Vulnerability Management Software](https://www.g2.com/categories/risk-based-vulnerability-management) --- ## Buyer Guide ### What You Should Know About Vulnerability Scanner Software ### What is Vulnerability Scanner Software? Vulnerability scanners are used to examine applications, networks, and environments for security flaws and misconfigurations. These tools run a variety of dynamic security tests to identify security threats along an application or network’s attack surface. Scans can be used for anything from an application penetration test to a compliance scan. Depending on the specific objectives a user has, they can customize the vulnerability scanner to test for specific issues or requirements. Companies can configure these tests to their unique environment. Companies that handle lots of personal or financial data may scan to ensure every transaction or datastore is encrypted from the public. They could also test their web applications against specific threats like SQL injection or cross-site scripting (XSS) attacks. The highly-customizable nature of vulnerability scanners provides users with tailor-made solutions for application and network security examination. Many of these tools offer continuous scanning and testing for nonstop protection and monitoring. Whatever administrators set as a priority will be tested periodically and inform employees of issues or incidents. Continuous monitoring makes it much easier to discover vulnerabilities before they become an issue and drastically reduce the amount of time a vulnerability takes to remediate. Key Benefits of Vulnerability Scanner Software - Scan networks and applications for security flaws - Diagnose, track, and remediate vulnerabilities - Identify and resolve misconfigurations - Perform ad hoc security tests ### Why Use Vulnerability Scanner Software? Applications and networks are only beneficial to a business if they operate smoothly and securely. Vulnerability scanners are a useful tool to view internal systems and applications from the perspective of the attacker. These tools allow for dynamic testing while applications operate. This helps security teams take a step beyond patches and code analysis to evaluate security posture while the application, network, or instance actually runs. **Application security—** Cloud, web, and desktop applications all require security, but operate differently. While many vulnerability scanners support testing for all kinds of applications, vulnerability scanners often support a few application types, but not others. Still, they will all examine the application itself, as well as the paths a user needs to access it. For example, if a vulnerability scanner is used on a web application, the tool will take into account the various attack vectors a hacker might take. This includes a site’s navigation, regional access, privileges, and other factors decided by the user. From there, the scanner will output reports on specific vulnerabilities, compliance issues, and other operational flaws. **Networks —** While software applications are often the most obvious use cases for vulnerability scanners, network vulnerability scanners are also quite common. These tools take into account the network itself, as well as computers, servers, mobile devices and any other asset accessing a network. This helps businesses identify vulnerable devices and abnormal behaviors within a network to identify and remediate issues as well as improve their network's security posture. Many even provide visual tools for mapping networks and their associated assets to simplify the management and prioritization of vulnerabilities requiring remediation. **Cloud environments —** Not to be confused with cloud-based solutions delivered in a SaaS model, cloud vulnerability scanners examine cloud services, cloud computing environments, and integrated connections. Like network vulnerability scanners, cloud environments require an examination on a few levels. Cloud assets come in many forms including devices, domains, and instances; but all must be accounted for and scanned. In a properly secured cloud computing environment, integrations and API connections, assets, and environments must all be mapped, configurations must be monitored, and requirements must be enforced. ### What are the Common Features of Vulnerability Scanner Software? Vulnerability scanners can provide a wide range of features, but here are a few of the most common found in the market. **Network mapping —** Network mapping features provide a visual representation of network assets including endpoints, servers, and mobile devices to intuitively demonstrate an entire network’s components. **Web inspection —** Web inspection features are used to assess the security of a web application in the context of its availability. This includes site navigation, taxonomies, scripts, and other web-based operations that may impact a hacker’s abilities. [**Defect tracking**](https://www.g2.com/categories/vulnerability-scanner/f/issue-tracking) **—** Defect and issue tracking functionality helps users discover and document vulnerabilities and track them to their source through the resolution process. **Interactive scanning —** Interactive scanning or interactive application security testing features allow a user to be directly involved in the scanning process, watch tests in real time, and perform ad hoc tests. [**Perimeter scanning**](https://www.g2.com/categories/vulnerability-scanner/f/perimeter-scanning) **—** Perimeter scanning will analyze assets connected to a network or cloud environment for vulnerabilities. [**Black box testing**](https://www.g2.com/categories/vulnerability-scanner/f/black-box-testing) **—** Black box scanning refers to tests conducted from the hacker’s perspective. Black box scanning examines functional applications externally for vulnerabilities like SQL injection or XSS. **Continuous monitoring —** Continuous monitoring allows users to set it and forget it. They enable scanners to run all the time as they alert users of new vulnerabilities. [**Compliance monitoring**](https://www.g2.com/categories/vulnerability-scanner/f/compliance-testing) **—** Compliance-related monitoring features are used to monitor data quality and send alerts based on violations or misuse. **Asset discovery —** Asset discovery features unveil applications in use and trends associated with asset traffic, access, and usage. **Logging and reporting —** Log documentation and reporting provides required reports to manage operations. It provides adequate logging to troubleshoot and support auditing. **Threat intelligence —** Threat intelligence features integrate with or store information related to common threats and how to resolve them once incidents occur. **Risk analysis —** Risk scoring and risk analysis features identify, score, and prioritize security risks, vulnerabilities, and compliance impacts of attacks and breaches. **Extensibility —** Extensibility and integration features provide the ability to extend the platform or product to include additional features and functionalities. Many vulnerability scanner tools will also offer the following features:  - [Configuration monitoring capabilities](https://www.g2.com/categories/vulnerability-scanner/f/configuration-monitoring) - [Automated scan capabilities](https://www.g2.com/categories/vulnerability-scanner/f/automated-scans) - [Manual application testing capabilities](https://www.g2.com/categories/vulnerability-scanner/f/manual-application-testing) - [Static code analysis capabilities](https://www.g2.com/categories/vulnerability-scanner/f/static-code-analysis) ### Potential Issues with Vulnerability Scanner Software **False positives —** False positives are one of the most common issues with security tools. They indicate a tool is not running efficiently and introduce lots of unnecessary labor. Users should examine figures related to specific products and their accuracy before purchasing a solution. **Integrations —** Integrations can make an application or product do virtually anything, but only if the integration is supported. If a specific solution must be integrated or a specific data source is highly relevant, be sure it’s compatible with the vulnerability scanner before making that decision. **Scalability —** Scalability is always important, especially for growing teams. Cloud and SaaS-based solutions are traditionally the most scalable, but desktop and open source tools may be as well. Scalability will be important for teams considering collaborative use, concurrent use, and multi-application and environment scanning. ### Software and Services Related to Vulnerability Scanner Software These technology families are either closely related to vulnerability scanners or there is frequent overlap between products. [**Risk-based vulnerability management software**](https://www.g2.com/categories/risk-based-vulnerability-management) **—** Risk-based vulnerability management software is used to analyze security posture based on a wide array of risk factors. From there, companies prioritize vulnerabilities based on their risk score. These tools often have some overlapping features, but they’re more geared towards prioritizing risks in large organizations rather than identifying vulnerabilities to individual applications or environments. [**Dynamic application security testing (DAST) software**](https://www.g2.com/categories/dynamic-application-security-testing-dast) **—** DAST software is very closely related to vulnerability scanners and are sometimes used interchangeably. The differentiating factor here, though, is the ability to scan networks, cloud services, and IT assets in addition to applications. While they do scan for vulnerabilities, they won’t allow users to map networks, visualize environments, or examine vulnerabilities beyond the scope of the application. [**Static application security testing (SAST) software**](https://www.g2.com/categories/static-application-security-testing-sast) **—** SAST software is not that similar to vulnerability scanners, unlike DAST tools. SAST tools allow for the examination of source code and non-operational application components. They also can’t simulate attacks or perform functional security tests. Still, these can be useful for defect and bug tracking if the vulnerability is rooted in an application’s source code. [**Penetration testing software**](https://www.g2.com/categories/penetration-testing) **—** Penetration testing software is one aspect of vulnerability scanning, but a penetration test will not provide a wide variety of security tests. They are useful for testing common attack types, but they won’t be very effective in identifying and remediating the root cause of a vulnerability.