# Best Vulnerability Scanner Software for Small Business

  *By [Lauren Worth](https://research.g2.com/insights/author/lauren-worth)*

   Products classified in the overall Vulnerability Scanner category are similar in many regards and help companies of all sizes solve their business problems. However, small business features, pricing, setup, and installation differ from businesses of other sizes, which is why we match buyers to the right Small Business Vulnerability Scanner to fit their needs. Compare product ratings based on reviews from enterprise users or connect with one of G2&#39;s buying advisors to find the right solutions within the Small Business Vulnerability Scanner category.

In addition to qualifying for inclusion in the Vulnerability Scanner Software category, to qualify for inclusion in the Small Business Vulnerability Scanner Software category, a product must have at least 10 reviews left by a reviewer from a small business.


## Category Overview

**Total Products under this Category:** 219


## Trust & Credibility Stats

**Why You Can Trust G2's Software Rankings:**

- 30 Analysts and Data Experts
- 7,100+ Authentic Reviews
- 219+ Products
- Unbiased Rankings

G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category.


---

**Sponsored**

### Intruder

Intruder is an exposure management platform for scaling to mid-market businesses. Over 3000 companies - across all industries - use Intruder to find critical exposures, respond faster and prevent breaches. Unifying Attack Surface Management, Vulnerability Management and Cloud security into one powerful, easy to use platform, Intruder simplifies the complex task of securing an ever-expanding attack surface. Recognizing no two business are alike, Intruder provides real-time, accurate scanning combined with intelligent risk prioritization, ensuring businesses focus on the exposures that are most relevant to them. And our proactive approach limits the window of risk, continuously monitoring for new threats while eliminating the noise that slows teams down. Whether you&#39;re an IT Manager, in DevOps or a CISO, Intruder&#39;s easy setup and context-driven approach will free you up to focus on exposures that cause real breaches, not just technical vulnerabilities. Keeping you one step ahead of attackers.


[Try for Free](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&amp;secure%5Bad_slot%5D=category_product_list&amp;secure%5Bcategory_id%5D=1423&amp;secure%5Bdisplayable_resource_id%5D=1423&amp;secure%5Bdisplayable_resource_type%5D=Category&amp;secure%5Bmedium%5D=sponsored&amp;secure%5Bplacement_reason%5D=page_category&amp;secure%5Bplacement_resource_ids%5D%5B%5D=1423&amp;secure%5Bprioritized%5D=false&amp;secure%5Bproduct_id%5D=27706&amp;secure%5Bresource_id%5D=1423&amp;secure%5Bresource_type%5D=Category&amp;secure%5Bsource_type%5D=category_page&amp;secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fvulnerability-scanner%2Fsmall-business&amp;secure%5Btoken%5D=d33edfcd304c34b726f8713aff87a34bd33f4d1a777f9c88ab9a1f7e5393aa08&amp;secure%5Burl%5D=https%3A%2F%2Fwww.intruder.io%2F%3Futm_source%3Dg2%26utm_medium%3Dp_referral%26utm_campaign%3Dglobal%7Cfixed%7Cg2_clicks_2025&amp;secure%5Burl_type%5D=free_trial)

---

## Top-Rated Products (Ranked by G2 Score)
  ### 1. [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
  Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido helps teams of any size ship secure software faster, automate protection, and simulate real-world attacks with AI-driven precision. The platform’s proprietary AI cuts noise by 95%, delivers one-click fixes, and saves developers 10+ hours per week. Aikido Intel proactively uncovers vulnerabilities in open source packages before disclosure, helping secure more than 50,000 organizations worldwide, including Revolut, Niantic, Visma, Montblanc, and GoCardless.


  **Average Rating:** 4.6/5.0
  **Total Reviews:** 139

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10)
- **Detection Rate:** 9.0/10 (Category avg: 8.9/10)
- **Automated Scans:** 8.9/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 8.1/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [Aikido Security](https://www.g2.com/sellers/aikido-security)
- **Company Website:** https://aikido.dev
- **Year Founded:** 2022
- **HQ Location:** Ghent, Belgium
- **Twitter:** @AikidoSecurity (6,307 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/aikido-security/ (175 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Who Uses This:** CTO, Founder
  - **Top Industries:** Computer Software, Information Technology and Services
  - **Company Size:** 71% Small-Business, 17% Mid-Market


#### Pros & Cons

**Pros:**

- Ease of Use (78 reviews)
- Security (55 reviews)
- Features (52 reviews)
- Easy Integrations (47 reviews)
- Easy Setup (47 reviews)

**Cons:**

- Missing Features (19 reviews)
- Expensive (17 reviews)
- Limited Features (16 reviews)
- Pricing Issues (15 reviews)
- Lacking Features (14 reviews)

  ### 2. [Intruder](https://www.g2.com/products/intruder/reviews)
  Intruder is an exposure management platform for scaling to mid-market businesses. Over 3000 companies - across all industries - use Intruder to find critical exposures, respond faster and prevent breaches. Unifying Attack Surface Management, Vulnerability Management and Cloud security into one powerful, easy to use platform, Intruder simplifies the complex task of securing an ever-expanding attack surface. Recognizing no two business are alike, Intruder provides real-time, accurate scanning combined with intelligent risk prioritization, ensuring businesses focus on the exposures that are most relevant to them. And our proactive approach limits the window of risk, continuously monitoring for new threats while eliminating the noise that slows teams down. Whether you&#39;re an IT Manager, in DevOps or a CISO, Intruder&#39;s easy setup and context-driven approach will free you up to focus on exposures that cause real breaches, not just technical vulnerabilities. Keeping you one step ahead of attackers.


  **Average Rating:** 4.8/5.0
  **Total Reviews:** 206

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.7/10 (Category avg: 9.2/10)
- **Detection Rate:** 9.3/10 (Category avg: 8.9/10)
- **Automated Scans:** 9.5/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 9.5/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [Intruder](https://www.g2.com/sellers/intruder)
- **Company Website:** https://www.intruder.io
- **Year Founded:** 2015
- **HQ Location:** London
- **Twitter:** @intruder_io (980 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/6443623/ (84 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Who Uses This:** CTO, Director
  - **Top Industries:** Computer Software, Information Technology and Services
  - **Company Size:** 57% Small-Business, 36% Mid-Market


#### Pros & Cons

**Pros:**

- Ease of Use (41 reviews)
- Vulnerability Detection (30 reviews)
- Customer Support (26 reviews)
- User Interface (24 reviews)
- Vulnerability Identification (24 reviews)

**Cons:**

- Expensive (10 reviews)
- Slow Scanning (8 reviews)
- Licensing Issues (7 reviews)
- False Positives (6 reviews)
- Limited Features (6 reviews)

  ### 3. [Sysdig Secure](https://www.g2.com/products/sysdig-sysdig-secure/reviews)
  Sysdig Secure is the real-time cloud-native application protection platform (CNAPP) trusted by organizations of all sizes around the world.. Built by the creators of Falco and Wireshark, Sysdig uniquely delivers runtime-powered visibility and agentic AI to stop cloud attacks instantly, not after the damage is done. With Sysdig, you can: - Stop threats in 2 seconds and respond in minutes - Cut vulnerability noise by 95% with runtime prioritization - Detect real risk instantly across workloads, identities, and misconfigurations - Close permissions gaps in under 2 minutes Sysdig Secure consolidates CSPM, CWPP, CIEM, vulnerability management, and threat detection into a single open, real-time platform. Unlike other CNAPPs, Sysdig connects signals across runtime, identity, and posture to eliminate blind spots, reduce tool sprawl, and accelerate innovation without compromise. No guesswork. No black boxes. Just cloud security, the right way. Learn more at https://sysdig.com


  **Average Rating:** 4.8/5.0
  **Total Reviews:** 110

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.7/10 (Category avg: 9.2/10)
- **Detection Rate:** 9.5/10 (Category avg: 8.9/10)
- **Automated Scans:** 9.5/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 9.5/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [Sysdig](https://www.g2.com/sellers/sysdig-715eaed9-9743-4f27-bd2b-d3730923ac3e)
- **Company Website:** https://www.sysdig.com
- **Year Founded:** 2013
- **HQ Location:** San Francisco, California
- **Twitter:** @Sysdig (10,256 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/3592486/ (640 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Who Uses This:** Security Engineer
  - **Top Industries:** Financial Services, Information Technology and Services
  - **Company Size:** 46% Enterprise, 40% Mid-Market


#### Pros & Cons

**Pros:**

- Security (33 reviews)
- Vulnerability Detection (32 reviews)
- Threat Detection (31 reviews)
- Detection Efficiency (30 reviews)
- Features (23 reviews)

**Cons:**

- Feature Limitations (10 reviews)
- Complexity (9 reviews)
- Missing Features (8 reviews)
- Difficult Learning (7 reviews)
- Feature Complexity (7 reviews)

  ### 4. [Astra Pentest](https://www.g2.com/products/astra-pentest/reviews)
  Astra is a leading penetration testing company that provides PTaaS and continuous threat exposure management capabilities. Our comprehensive cybersecurity solutions blend automation and manual expertise to run 15,000+ tests and compliance checks, ensuring complete safety, irrespective of the threat and attack location. With a 360° view of an organization’s security posture, continuous proactive insights, real-time reporting, and AI-first defensive strategies, we aim to help CTOs shift left at scale with continuous pentests. The offensive scanner engine, seamless tech stack integrations, and expert support help make pentesting simple, effective and hassle-free for 1000+ businesses worldwide. Moreover, our industry-specific AI test cases, world-class Astranaut Bot, and customizable reports are designed to make your experience smoother while saving you millions of dollars proactively.


  **Average Rating:** 4.6/5.0
  **Total Reviews:** 181

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.2/10)
- **Detection Rate:** 8.7/10 (Category avg: 8.9/10)
- **Automated Scans:** 8.9/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 8.7/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [ASTRA IT, Inc.](https://www.g2.com/sellers/astra-it-inc)
- **Company Website:** https://www.getastra.com/
- **Year Founded:** 2018
- **HQ Location:** New Delhi, IN
- **Twitter:** @getastra (691 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/getastra/ (120 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Who Uses This:** CTO, CEO
  - **Top Industries:** Computer Software, Information Technology and Services
  - **Company Size:** 65% Small-Business, 30% Mid-Market


#### Pros & Cons

**Pros:**

- Customer Support (65 reviews)
- Vulnerability Detection (52 reviews)
- Ease of Use (51 reviews)
- Pentesting Efficiency (42 reviews)
- Vulnerability Identification (38 reviews)

**Cons:**

- Poor Customer Support (12 reviews)
- Poor Interface Design (10 reviews)
- Slow Performance (8 reviews)
- UX Improvement (7 reviews)
- False Positives (6 reviews)

  ### 5. [Wiz](https://www.g2.com/products/wiz-wiz/reviews)
  Wiz transforms cloud security for customers – including more than 50% of the Fortune 100 – by enabling a new operating model. With Wiz, organizations can democratize security across the development lifecycle, empowering them to build fast and securely. Its Cloud Native Application Protection Platform (CNAPP) consolidates CSPM, KSPM, CWPP, Vulnerability management, IaC scanning, CIEM, DSPM into a single platform. Wiz drives visibility, risk prioritization, and business agility. Protecting Your Cloud Environments Requires a Unified, Cloud Native Platform. Wiz connects to every cloud environment, scans every layer, and covers every aspect of your cloud security - including elements that normally require installing agents. Its comprehensive approach has all of these cloud security solutions built in. Hundreds of organizations worldwide, including 50 percent of the Fortune 100, to rapidly identify and remove critical risks in cloud environments. Its customers include Salesforce, Slack, Mars, BMW, Avery Dennison, Priceline, Cushman &amp; Wakefield, DocuSign, Plaid, and Agoda, among others. Wiz is backed by Sequoia, Index Ventures, Insight Partners, Salesforce, Blackstone, Advent, Greenoaks, Lightspeed and Aglaé. Visit https://www.wiz.io for more information.


  **Average Rating:** 4.7/5.0
  **Total Reviews:** 772

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10)
- **Detection Rate:** 8.8/10 (Category avg: 8.9/10)
- **Automated Scans:** 9.0/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 8.8/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [Wiz](https://www.g2.com/sellers/wiz-76a0133b-42e5-454e-b5da-860e503471db)
- **Company Website:** https://www.wiz.io/
- **Year Founded:** 2020
- **HQ Location:** New York, US
- **Twitter:** @wiz_io (22,550 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/wizsecurity/ (3,248 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Who Uses This:** CISO, Security Engineer
  - **Top Industries:** Financial Services, Information Technology and Services
  - **Company Size:** 54% Enterprise, 39% Mid-Market


#### Pros & Cons

**Pros:**

- Features (113 reviews)
- Security (107 reviews)
- Ease of Use (104 reviews)
- Visibility (87 reviews)
- Easy Setup (68 reviews)

**Cons:**

- Improvement Needed (35 reviews)
- Feature Limitations (34 reviews)
- Learning Curve (34 reviews)
- Improvements Needed (29 reviews)
- Complexity (27 reviews)

  ### 6. [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews)
  Built for security practitioners, by security professionals, Nessus products by Tenable are the de-facto industry standard for vulnerability assessment. Nessus performs point-in-time assessments to help security professionals quickly and easily identify and fix vulnerabilities, including software flaws, missing patches, malware, and misconfigurations - across a variety of operating systems, devices, and applications. With features such as pre-built policies and templates, customizable reporting, group “snooze” functionality, and real-time updates, Nessus is designed to make vulnerability assessment simple, easy, and intuitive. The result: less time and effort to assess, prioritize, and remediate issues.


  **Average Rating:** 4.5/5.0
  **Total Reviews:** 287

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 8.7/10 (Category avg: 9.2/10)
- **Detection Rate:** 8.9/10 (Category avg: 8.9/10)
- **Automated Scans:** 9.0/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 8.4/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [Tenable](https://www.g2.com/sellers/tenable)
- **Company Website:** https://www.tenable.com/
- **HQ Location:** Columbia, MD
- **Twitter:** @TenableSecurity (87,651 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/25452/ (2,357 employees on LinkedIn®)
- **Ownership:** NASDAQ: TENB

**Reviewer Demographics:**
  - **Who Uses This:** Security Engineer, Network Engineer
  - **Top Industries:** Information Technology and Services, Computer &amp; Network Security
  - **Company Size:** 40% Mid-Market, 34% Enterprise


#### Pros & Cons

**Pros:**

- Vulnerability Identification (21 reviews)
- Vulnerability Detection (19 reviews)
- Automated Scanning (18 reviews)
- Ease of Use (17 reviews)
- Features (15 reviews)

**Cons:**

- Slow Scanning (8 reviews)
- Expensive (6 reviews)
- Limited Features (6 reviews)
- Complexity (5 reviews)
- False Positives (5 reviews)

  ### 7. [VulScan](https://www.g2.com/products/vulscan/reviews)
  Automated Vulnerability Scanning. Affordably Priced For Everyone! With almost 70 new hidden vulnerabilities identified every day, you would need to be a super hero with X-ray vision to find them all. Or, you can let VulScan do it for you. VulScan is purpose-built for MSPs and for IT Departments that handle their own IT security. It has all the features you need for both internal and external vulnerability management, but without all the complexity found in older solutions. Best of all, VulScan is priced so that cost is no longer a barrier to scanning as many assets as you need, as frequently as you want. That’s why our slogan is “Vulnerability Management For The Rest of Us! VulScan is an affordable cloud-based vulnerability management platform. It includes the software needed to spin up an unlimited number of virtual network scanner appliances using Hyper-V or VMWare, and a cloud-based portal to control the scanners and manage the discovered issues. For internal network scanning, the appliances can be installed on any existing computer that has excess capacity on the network, or installed on a dedicated box to be permanently installed. You can add multiple scanners and configure them each to scan separate parts of the network to get even faster results pushed into the same client site dashboard at no additional cost. For external scanning, the appliances are installed on the MSP’s data center or other remote location and “pointed” to the public facing IP addresses of the target network.


  **Average Rating:** 4.1/5.0
  **Total Reviews:** 120

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 8.2/10 (Category avg: 9.2/10)
- **Detection Rate:** 7.7/10 (Category avg: 8.9/10)
- **Automated Scans:** 8.6/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 6.9/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [Kaseya](https://www.g2.com/sellers/kaseya)
- **Company Website:** https://www.kaseya.com/
- **Year Founded:** 2000
- **HQ Location:** Miami, FL
- **Twitter:** @KaseyaCorp (17,431 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/kaseya/ (5,512 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Top Industries:** Information Technology and Services, Computer &amp; Network Security
  - **Company Size:** 67% Small-Business, 32% Mid-Market


#### Pros & Cons

**Pros:**

- Ease of Use (42 reviews)
- Features (20 reviews)
- Reporting (17 reviews)
- Reporting Features (17 reviews)
- Scanning Efficiency (17 reviews)

**Cons:**

- Inadequate Reporting (10 reviews)
- UX Improvement (10 reviews)
- Difficult Setup (8 reviews)
- Limited Reporting (8 reviews)
- Poor Customer Support (8 reviews)

  ### 8. [Burp Suite](https://www.g2.com/products/burp-suite/reviews)
  Burp Suite is a complete ecosystem for web application and API security testing, combining two products: Burp Suite DAST - a best-of-breed, precision DAST solution that automates runtime testing, and Burp Suite Professional - the industry-standard toolkit for manual penetration testing. Developed by PortSwigger, more than 85,000 security professionals rely on Burp Suite to find, verify, and understand vulnerabilities across complex modern web applications. Burp Suite DAST is PortSwigger’s enterprise dynamic application security testing (DAST) solution, purpose-built for continuous, automated scanning of web applications and APIs. Unlike many DAST solutions, which are part of a wider AST offering, Burp Suite DAST is not a bolt-on tool - instead it’s precision-built from over 20 years of dynamic testing experience. Burp Suite DAST reveals the runtime issues that static analysis tools miss, such as authentication flaws, configuration drift, and chained vulnerabilities. Built on the same proprietary scanning engine that powers Burp Suite Professional, it delivers precise, low-noise results that security teams trust. Key capabilities of Burp Suite DAST include: Continuous, automated scanning of web applications and APIs, integration with CI/CD pipelines and vulnerability management tools, flexible deployment across cloud, and on-premise environments, shared scanning logic and configurations between automated and manual testing, accurate, low-noise detection informed by PortSwigger Research. Burp Suite Professional complements DAST with deep manual testing capability. It’s the industry-standard toolkit for penetration testers, consultants, and AppSec engineers who need complete insight and flexibility when validating or exploring vulnerabilities. Findings discovered by DAST can be investigated and verified in Burp Suite Professional, ensuring every result is accurate, contextual, and actionable. Together, Burp Suite DAST and Burp Suite Professional create a unified ecosystem that delivers automation at breadth and manual depth where it counts. Burp Suite is built for AppSec teams who need scalable, trustworthy coverage across web and API environments, enabling a seamless handoff between automated and manual testing.


  **Average Rating:** 4.8/5.0
  **Total Reviews:** 125

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.7/10 (Category avg: 9.2/10)
- **Detection Rate:** 8.7/10 (Category avg: 8.9/10)
- **Automated Scans:** 8.6/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 8.0/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [PortSwigger](https://www.g2.com/sellers/portswigger)
- **Company Website:** https://www.portswigger.net
- **Year Founded:** 2008
- **HQ Location:** Knutsford, GB
- **Twitter:** @Burp_Suite (137,275 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/portswigger-web-security/ (321 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Who Uses This:** Cyber Security Analyst
  - **Top Industries:** Computer &amp; Network Security, Information Technology and Services
  - **Company Size:** 41% Mid-Market, 31% Small-Business


#### Pros & Cons

**Pros:**

- Ease of Use (12 reviews)
- User Interface (8 reviews)
- Testing Services (7 reviews)
- Features (5 reviews)
- Clear Interface (4 reviews)

**Cons:**

- Expensive (5 reviews)
- Slow Performance (5 reviews)
- High Learning Curve (2 reviews)
- Learning Curve (2 reviews)
- Limited Customization (2 reviews)

  ### 9. [CyberSmart](https://www.g2.com/products/cybersmart/reviews)
  CyberSmart is the UK’s leading cybersecurity platform for small and medium-sized businesses and the organisations that support them. As the UK’s largest provider of Cyber Essentials certification and a National Ambassador to the Cyber Resilience Centres network, CyberSmart plays a central role in raising cyber maturity across the UK economy. We work closely with businesses, managed service providers, and government-backed initiatives to deliver practical, scalable cybersecurity that aligns with real-world commercial pressures. A recognised market leader in delivering Cyber Essentials and Cyber Essentials Plus at scale, CyberSmart helps organisations achieve trusted certification quickly and maintain continuous compliance long after the audit is complete. As regulatory requirements, supply chain scrutiny, and insurance expectations continue to increase, businesses need more than a point-in-time assessment - they need ongoing assurance. The CyberSmart platform brings together people, process and technology in one integrated solution. It combines always-on device monitoring, vulnerability management, automated patch management, security awareness training, certification, privacy management and streamlined access to cyber insurance. By unifying protection and compliance within a single platform, CyberSmart reduces tool sprawl, simplifies security operations, and provides clear, prioritised visibility into risk. CyberSmart also supports larger organisations and supply-chain assurance programmes by enabling certification at scale across supplier tiers, providing executive-level visibility of supplier risk, and leveraging a network of over 1,000 MSP partners to drive adoption without disrupting commercial relationships. Trusted by over 7,000 businesses and partners worldwide, CyberSmart delivers Complete Cyber Confidence - helping organisations stay secure, demonstrate compliance, and build measurable resilience over time.


  **Average Rating:** 4.4/5.0
  **Total Reviews:** 49

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.7/10 (Category avg: 9.2/10)
- **Detection Rate:** 8.8/10 (Category avg: 8.9/10)
- **Automated Scans:** 10.0/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 10.0/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [CyberSmart](https://www.g2.com/sellers/cybersmart)
- **Year Founded:** 2016
- **HQ Location:** London, GB
- **Twitter:** @CyberSmartUK (1,934 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/be-cybersmart (82 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Top Industries:** Information Technology and Services, Computer &amp; Network Security
  - **Company Size:** 65% Small-Business, 20% Mid-Market


#### Pros & Cons

**Pros:**

- Ease of Use (34 reviews)
- Customer Support (20 reviews)
- Helpful (16 reviews)
- Implementation Ease (14 reviews)
- Setup Ease (12 reviews)

**Cons:**

- Technical Issues (8 reviews)
- False Positives (7 reviews)
- Expensive (6 reviews)
- Pricing Issues (6 reviews)
- Improvement Needed (5 reviews)

  ### 10. [BugDazz API Scanner](https://www.g2.com/products/bugdazz-api-scanner/reviews)
  BugDazz API Security Scanner by SecureLayer7 is a comprehensive tool designed to automatically detect vulnerabilities, misconfigurations, and security gaps in API endpoints, aiding security teams in protecting digital assets against increasing API-related threats and potential exploits. It offers real-time scanning capabilities, enabling the automatic detection of vulnerabilities as they arise. It supports authentication and access control management, allowing for the management of API controls within a single platform. BugDazz assists in achieving compliance by accelerating the generation of reports for standards such as PCI DSS and HIPAA. It integrates seamlessly with existing CI/CD pipelines, facilitating the acceleration of product rollouts. The scanner goes beyond standard OWASP Top 10 vulnerabilities, providing comprehensive protection against critical API security risks.


  **Average Rating:** 4.9/5.0
  **Total Reviews:** 11

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.2/10)
- **Detection Rate:** 9.8/10 (Category avg: 8.9/10)
- **Automated Scans:** 9.5/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 9.3/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [SecureLayer7](https://www.g2.com/sellers/securelayer7)
- **Year Founded:** 2012
- **HQ Location:** Pune, Maharshtra
- **Twitter:** @SecureLayer7 (2,512 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/securelayer7/ (121 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Company Size:** 91% Small-Business, 9% Mid-Market


#### Pros & Cons

**Pros:**

- Accuracy of Results (4 reviews)
- CD Integration (4 reviews)
- CI (4 reviews)
- Ease of Use (4 reviews)
- Scanning Technology (4 reviews)

**Cons:**

- Poor Documentation (2 reviews)
- Difficult Learning Curve (1 reviews)
- Lack of Guidance (1 reviews)
- Lack of Information (1 reviews)
- Learning Curve (1 reviews)

  ### 11. [Snyk](https://www.g2.com/products/snyk/reviews)
  Snyk (pronounced sneak) is a developer security platform for securing custom code, open source dependencies, containers, and cloud infrastructure all from a single platform. Snyk’s developer security solutions enable modern applications to be built securely, empowering developers to own and build security for the whole application, from code &amp; open source to containers &amp; cloud infrastructure. Secure while you code in your IDE: find issues quickly using the scanner, fix issues easily with remediation advice, verify the updated code. Integrate your source code repositories to secure applications: integrate a repository to find issues, prioritize with context, fix &amp; merge. Secure your containers as you build, throughout the SDLC: start fixing containers as soon as your write a Dockerfile, continuously monitor container images throughout their lifecycle, and prioritize with context. Secure build and deployment pipelines: Integrate natively with your CI/CD tool, configure your rules, find &amp; fix issues in your application, and monitor your applications. Secure your apps quickly with Snyk’s vulnerability scanning and automated fixes - Try for Free!


  **Average Rating:** 4.5/5.0
  **Total Reviews:** 131

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 8.8/10 (Category avg: 9.2/10)
- **Detection Rate:** 8.5/10 (Category avg: 8.9/10)
- **Automated Scans:** 9.1/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 8.2/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [Snyk](https://www.g2.com/sellers/snyk)
- **HQ Location:** Boston, Massachusetts
- **Twitter:** @snyksec (20,978 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/10043614/ (1,207 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Who Uses This:** Software Engineer
  - **Top Industries:** Computer Software, Information Technology and Services
  - **Company Size:** 44% Mid-Market, 35% Small-Business


#### Pros & Cons

**Pros:**

- Vulnerability Detection (3 reviews)
- Vulnerability Identification (3 reviews)
- Easy Integrations (2 reviews)
- Features (2 reviews)
- Integrations (2 reviews)

**Cons:**

- False Positives (2 reviews)
- Poor Interface Design (2 reviews)
- Scanning Issues (2 reviews)
- Software Bugs (2 reviews)
- Code Management (1 reviews)

  ### 12. [Armor Anywhere](https://www.g2.com/products/armor-anywhere/reviews)
  Armor Agent protects Windows and Linux servers wherever they run, in public cloud, private cloud, or on-premises environments, with a single, lightweight agent that installs with one line of code. The agent combines malware protection, intrusion prevention (IDS/IPS), file integrity monitoring, vulnerability scanning, patch monitoring, and behavioral threat detection into one deployment. Rather than stitching together multiple point tools, Armor Agent consolidates core workload security into a unified agent managed through the Armor platform. Armor Agent is available in two tiers. The Free Tier covers up to 5 endpoints at no cost, with full malware and intrusion defense, vulnerability scanning, patch monitoring, and file integrity monitoring included. The Premium Tier adds security alerts, log search, threat intelligence, threat hunting, dedicated support, and 24×7 SOC monitoring at $99/month per endpoint with no endpoint limit. Both tiers support compliance requirements for HIPAA, PCI DSS, HITRUST, and ISO frameworks. Get started with the Free Tier at https://www.armor.com/free/armor-agent


  **Average Rating:** 4.8/5.0
  **Total Reviews:** 12

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.2/10)
- **Detection Rate:** 9.2/10 (Category avg: 8.9/10)
- **Automated Scans:** 9.0/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 10.0/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [Armor](https://www.g2.com/sellers/armor)
- **Year Founded:** 2009
- **HQ Location:** Plano, Texas
- **Twitter:** @Armor (9,759 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/333863/ (211 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Company Size:** 83% Small-Business, 17% Mid-Market


  ### 13. [Indusface WAS](https://www.g2.com/products/indusface-was/reviews)
  Indusface WAS (Web Application Scanner) provides comprehensive managed dynamic application security testing (DAST) solution. It is a zero-touch, non-intrusive cloud-based solution that provides daily monitoring for web applications, checking for systems and application vulnerabilities, and malware. Indusface WAS with its automated scans &amp; manual pentesting done by certified security experts ensures none of the OWASP Top10, business logic vulnerabilities, and malware go unnoticed. With zero false-positive guarantee and comprehensive reporting with remediation guidance, Indusface web app scanning ensures developers to quickly fix vulnerabilities seamlessly.


  **Average Rating:** 4.6/5.0
  **Total Reviews:** 63

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10)
- **Detection Rate:** 9.2/10 (Category avg: 8.9/10)
- **Automated Scans:** 9.3/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 8.8/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [Indusface](https://www.g2.com/sellers/indusface)
- **Year Founded:** 2012
- **HQ Location:** Vadodara
- **Twitter:** @Indusface (3,477 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/indusface/ (174 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Top Industries:** Computer Software, Information Technology and Services
  - **Company Size:** 52% Small-Business, 37% Mid-Market


#### Pros & Cons

**Pros:**

- Vulnerability Detection (19 reviews)
- Vulnerability Identification (16 reviews)
- Customer Support (6 reviews)
- Scanning Efficiency (6 reviews)
- Security (6 reviews)

**Cons:**

- Expensive (2 reviews)
- Confusing Interface (1 reviews)
- Lacking Features (1 reviews)
- Limited Scope (1 reviews)
- Poor Interface Design (1 reviews)

  ### 14. [Amazon Inspector](https://www.g2.com/products/amazon-inspector/reviews)
  Amazon Inspector is an automated vulnerability management service that continuously scans AWS workloads—including Amazon EC2 instances, container images in Amazon ECR, AWS Lambda functions, and code repositories—for software vulnerabilities and unintended network exposure. By integrating seamlessly with AWS environments, it provides real-time detection and prioritization of security issues, enabling organizations to enhance their security posture efficiently. Key Features and Functionality: - Automated Discovery and Continuous Scanning: Automatically identifies and assesses AWS resources for vulnerabilities and network exposures, ensuring comprehensive coverage without manual intervention. - Contextualized Risk Scoring: Generates risk scores by correlating vulnerability data with environmental factors such as network accessibility and exploitability, aiding in the prioritization of remediation efforts. - Integration with AWS Services: Seamlessly integrates with AWS Security Hub and Amazon EventBridge, facilitating automated workflows and centralized management of security findings. - Support for Multiple Resource Types: Extends vulnerability management to various AWS services, including EC2 instances, container images, Lambda functions, and code repositories, providing a unified security assessment across the cloud environment. - Agentless Scanning for EC2 Instances: Offers continuous monitoring of EC2 instances for software vulnerabilities without the need for installing additional agents, simplifying deployment and maintenance. Primary Value and Problem Solved: Amazon Inspector addresses the critical need for continuous and automated vulnerability management within AWS environments. By providing real-time detection and prioritization of security issues, it enables organizations to proactively identify and remediate vulnerabilities, reducing the risk of security breaches and ensuring compliance with industry standards. Its integration with existing AWS services and support for various resource types streamline security operations, allowing teams to focus on strategic initiatives while maintaining a robust security posture.


  **Average Rating:** 4.4/5.0
  **Total Reviews:** 24

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10)
- **Detection Rate:** 9.2/10 (Category avg: 8.9/10)
- **Automated Scans:** 9.2/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 7.8/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [Amazon Web Services (AWS)](https://www.g2.com/sellers/amazon-web-services-aws-3e93cc28-2e9b-4961-b258-c6ce0feec7dd)
- **Year Founded:** 2006
- **HQ Location:** Seattle, WA
- **Twitter:** @awscloud (2,223,984 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/amazon-web-services/ (156,424 employees on LinkedIn®)
- **Ownership:** NASDAQ: AMZN

**Reviewer Demographics:**
  - **Top Industries:** Computer Software
  - **Company Size:** 42% Small-Business, 35% Mid-Market


#### Pros & Cons

**Pros:**

- Security Protection (3 reviews)
- Customer Support (2 reviews)
- Centralization Management (1 reviews)
- Collaboration (1 reviews)
- Security (1 reviews)

**Cons:**

- Complexity (1 reviews)
- Complexity Issues (1 reviews)
- Learning Curve (1 reviews)
- Limited Features (1 reviews)
- Not User-Friendly (1 reviews)

  ### 15. [Tenable Vulnerability Management](https://www.g2.com/products/tenable-vulnerability-management/reviews)
  Tenable Vulnerability Management provides a risk-based approach to identifying, prioritizing, and remediating vulnerabilities across your entire attack surface. Powered by Nessus technology and AI-driven analytics, it goes beyond CVSS scores to assess exploitability, asset criticality, and business impact—so you can focus on what matters most. With continuous visibility, automated scanning, and real-time risk insights, security teams can quickly expose and close critical vulnerabilities before they’re exploited. Advanced asset identification ensures accurate tracking in dynamic environments, while intuitive dashboards, comprehensive reporting, and seamless third-party integrations help streamline workflows. As a cloud-based solution, Tenable Vulnerability Management scales with your organization, empowering security teams to maximize efficiency, reduce risk, and improve resilience against evolving threats.


  **Average Rating:** 4.5/5.0
  **Total Reviews:** 112

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 8.6/10 (Category avg: 9.2/10)
- **Detection Rate:** 9.0/10 (Category avg: 8.9/10)
- **Automated Scans:** 9.3/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 8.7/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [Tenable](https://www.g2.com/sellers/tenable)
- **Company Website:** https://www.tenable.com/
- **HQ Location:** Columbia, MD
- **Twitter:** @TenableSecurity (87,651 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/25452/ (2,357 employees on LinkedIn®)
- **Ownership:** NASDAQ: TENB

**Reviewer Demographics:**
  - **Top Industries:** Information Technology and Services, Financial Services
  - **Company Size:** 55% Enterprise, 34% Mid-Market


#### Pros & Cons

**Pros:**

- Ease of Use (12 reviews)
- Scanning Efficiency (10 reviews)
- Vulnerability Identification (10 reviews)
- Automated Scanning (7 reviews)
- Features (7 reviews)

**Cons:**

- Expensive (6 reviews)
- Pricing Issues (6 reviews)
- Complexity (5 reviews)
- Inadequate Reporting (5 reviews)
- Limited Reporting (5 reviews)

  ### 16. [Orca Security](https://www.g2.com/products/orca-security/reviews)
  The Orca Cloud Security Platform identifies, prioritizes, and remediates risks and compliance issues in workloads, configurations, and identities across your cloud estate spanning AWS, Azure, Google Cloud, Kubernetes, Alibaba Cloud, and Oracle Cloud. Orca offers the industry’s most comprehensive cloud security solution in a single platform — eliminating the need to deploy and maintain multiple point solutions. Orca is agentless-first, and connects to your environment in minutes using Orca’s patented SideScanning™ technology that provides deep and wide visibility into your cloud environment, without requiring agents. In addition, Orca can integrate with third-party agents for runtime visibility and protection for critical workloads. Orca is at the forefront of leveraging Generative AI for simplified investigations and accelerated remediation – reducing required skill levels and saving cloud security, DevOps, and development teams time and effort, while significantly improving security outcomes. As a Cloud Native Application Protection Platform (CNAPP), Orca consolidates many point solutions in one platform, including: CSPM, CWPP, CIEM, Vulnerability Management, Container and Kubernetes Security, DSPM, API Security, CDR, Multi-cloud Compliance, Shift Left Security, and AI-SPM.


  **Average Rating:** 4.6/5.0
  **Total Reviews:** 237

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10)
- **Detection Rate:** 8.8/10 (Category avg: 8.9/10)
- **Automated Scans:** 9.2/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 8.8/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [Orca Security](https://www.g2.com/sellers/orca-security)
- **Company Website:** https://orca.security
- **Year Founded:** 2019
- **HQ Location:** Portland, Oregon
- **Twitter:** @orcasec (4,832 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/35573984/ (495 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Who Uses This:** Security Engineer, CISO
  - **Top Industries:** Information Technology and Services, Computer Software
  - **Company Size:** 48% Mid-Market, 41% Enterprise


#### Pros & Cons

**Pros:**

- Ease of Use (37 reviews)
- Features (33 reviews)
- Security (29 reviews)
- User Interface (22 reviews)
- Visibility (22 reviews)

**Cons:**

- Improvement Needed (15 reviews)
- Feature Limitations (12 reviews)
- Limited Features (10 reviews)
- Missing Features (10 reviews)
- Ineffective Alerts (9 reviews)

  ### 17. [Beagle Security](https://www.g2.com/products/beagle-security/reviews)
  Beagle Security helps you identify vulnerabilities in your web applications, APIs, GraphQL and remediate them with actionable insights before hackers harm you in any manner. With Beagle Security, you can integrate automated penetration testing into your CI/CD pipeline to identify security issues earlier in your development lifecycle and ship safer web applications. Major features: - Checks your web apps &amp; APIs for 3000+ test cases to find security loopholes - OWASP &amp; SANS standards - Recommendations to address security issues - Security test complex web apps with login - Compliance reports (GDPR, HIPAA &amp; PCI DSS) - Test scheduling - DevSecOps integrations - API integration - Team access - Integrations with popular tools like Slack, Jira, Asana, Trello &amp; 100+ other tools


  **Average Rating:** 4.7/5.0
  **Total Reviews:** 85

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.5/10 (Category avg: 9.2/10)
- **Detection Rate:** 9.2/10 (Category avg: 8.9/10)
- **Automated Scans:** 9.5/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 8.3/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [Beagle Security](https://www.g2.com/sellers/beagle-security)
- **Year Founded:** 2020
- **HQ Location:** San Francisco, US
- **Twitter:** @beaglesecure (209 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/beaglesecurity/ (43 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Who Uses This:** Director, CEO
  - **Top Industries:** Marketing and Advertising, Information Technology and Services
  - **Company Size:** 91% Small-Business, 7% Mid-Market


#### Pros & Cons

**Pros:**

- Reporting Quality (1 reviews)
- Setup Ease (1 reviews)


  ### 18. [Pentest-Tools.com](https://www.g2.com/products/pentest-tools-com/reviews)
  Discover what&#39;s possible. Prove what&#39;s real. With proprietary tech and key experts in offensive security. Pentest-Tools.com is built for actual security testing, not just detection. We provide the coverage, consolidation, and automation cybersecurity teams need to optimize vulnerability assessment workflows. And we ensure the depth, control, and customization on which professional pentesters count to increase engagement quality and profitability. ✔️ Comprehensive toolkit with real-world coverage ✔️ Validated findings rich with evidence ✔️ Automation options with granular control ✔️ Flexible, high-quality reporting ✔️ Workflow-friendly by design Optimize and scale penetration testing and vulnerability assessment workflows - without sacrificing accuracy, control, or manual testing depth. 🎯 Attack surface mapping and recon 🎯 Comprehensive vulnerability scanning 🎯 Vulnerability exploitation 🎯 Customizable pentest reporting and data exports 🎯 Continuous vulnerability monitoring In our company, we build what we use We launched Pentest-Tools.com in 2017 as a team of professional penetration testers - and we&#39;ve kept that mindset ever since. Our experts still drive product development today, focusing relentlessly on accuracy, speed, and control. Every new feature, detection, and workflow comes from real-world experience. We constantly improve the product with updated attack techniques, smarter automation, and validation that reflects how malicious hackers actually operate - so your team can deliver security work that&#39;s faster, more visible, and built on proof.


  **Average Rating:** 4.8/5.0
  **Total Reviews:** 99

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10)
- **Detection Rate:** 8.5/10 (Category avg: 8.9/10)
- **Automated Scans:** 9.2/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 7.6/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [Pentest-Tools.com](https://www.g2.com/sellers/pentest-tools-com)
- **Year Founded:** 2017
- **HQ Location:** Sectorul 1, Bucharest
- **Twitter:** @pentesttoolscom (4,067 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/33242531/ (65 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Who Uses This:** CEO
  - **Top Industries:** Computer &amp; Network Security, Information Technology and Services
  - **Company Size:** 65% Small-Business, 20% Mid-Market


#### Pros & Cons

**Pros:**

- Ease of Use (6 reviews)
- Automation (4 reviews)
- Customer Support (4 reviews)
- Pentesting Efficiency (4 reviews)
- Scheduling (4 reviews)

**Cons:**

- Difficult Customization (2 reviews)
- Limited Features (2 reviews)
- Slow Scanning (2 reviews)
- Bugs (1 reviews)
- Confusing Interface (1 reviews)

  ### 19. [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews)
  Invicti is an automated application and API security testing solution that allows enterprise organizations to secure thousands of websites, web apps, and APIs and dramatically reduce the risk of attack. By empowering security teams with the most unique DAST + IAST scanning capabilities on the market, Invicti allows organizations with complicated environments to confidently automate their web application and API security. With Invicti, security teams can: - Automate security tasks and save hundreds of hours each month - Gain complete visibility into all your applications — even those that are lost, forgotten, or hidden - Automatically give developers rapid feedback that trains them to write more secure code — so they create fewer vulnerabilities over time - Feel confident that you are equipped with the most powerful application security scanning tool on the market You have the most demanding security needs, and Invicti is the best-in-class application security solution you deserve.


  **Average Rating:** 4.6/5.0
  **Total Reviews:** 65

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.2/10)
- **Detection Rate:** 9.0/10 (Category avg: 8.9/10)
- **Automated Scans:** 9.1/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 8.3/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [Invicti Security](https://www.g2.com/sellers/invicti-security-04cb0d3d-fd96-45b2-83dc-2038fc9dac92)
- **Company Website:** https://www.invicti.com/
- **Year Founded:** 2018
- **HQ Location:** Austin, Texas
- **Twitter:** @InvictiSecurity (2,559 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/invicti-security/people/ (332 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Top Industries:** Computer Software, Information Technology and Services
  - **Company Size:** 47% Enterprise, 26% Mid-Market


#### Pros & Cons

**Pros:**

- Ease of Use (9 reviews)
- Scanning Technology (7 reviews)
- Features (6 reviews)
- Reporting Quality (6 reviews)
- Vulnerability Detection (6 reviews)

**Cons:**

- Poor Customer Support (3 reviews)
- Slow Performance (3 reviews)
- Slow Scanning (3 reviews)
- API Issues (2 reviews)
- Complex Setup (2 reviews)

  ### 20. [Acunetix by Invicti](https://www.g2.com/products/acunetix-by-invicti/reviews)
  Acunetix (by Invicti) is an automated application security testing tool that enables small security teams to tackle huge application security challenges. With fast scanning, comprehensive results, and intelligent automation, Acunetix helps organizations to reduce risk across all types of web applications, websites, and APIs. With Acunetix, security teams can: - Save time and resources by automating manual security processes - Work more seamlessly with developers, or embrace DevSecOps by integrating directly into development tools - Feel confident that every web application has been crawled entirely thanks to DAST + IAST scanning and intelligent crawling technology - Finally, make web application and API security a priority and not just an add-on with a solution that is dedicated to application and API security 100% of the time You can depend on Acunetix to meet your organization’s needs today and face the challenges of modern web technology together tomorrow.


  **Average Rating:** 4.1/5.0
  **Total Reviews:** 100

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 8.2/10 (Category avg: 9.2/10)
- **Detection Rate:** 8.5/10 (Category avg: 8.9/10)
- **Automated Scans:** 8.6/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 7.9/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [Invicti Security](https://www.g2.com/sellers/invicti-security-04cb0d3d-fd96-45b2-83dc-2038fc9dac92)
- **Company Website:** https://www.invicti.com/
- **Year Founded:** 2018
- **HQ Location:** Austin, Texas
- **Twitter:** @InvictiSecurity (2,559 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/invicti-security/people/ (332 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Top Industries:** Information Technology and Services, Computer Software
  - **Company Size:** 40% Enterprise, 34% Mid-Market


#### Pros & Cons

**Pros:**

- Vulnerability Detection (7 reviews)
- Ease of Use (6 reviews)
- Security (5 reviews)
- Vulnerability Identification (5 reviews)
- Accuracy of Results (4 reviews)

**Cons:**

- Expensive (4 reviews)
- Complexity (3 reviews)
- Complex Setup (3 reviews)
- Slow Scanning (3 reviews)
- Difficult Customization (2 reviews)

  ### 21. [Jit](https://www.g2.com/products/jit/reviews)
  Jit is redefining application security by introducing the first Agentic AppSec Platform, seamlessly blending human expertise with AI-driven automation. Designed for modern development teams, Jit empowers organizations to proactively manage security risks across the entire software development lifecycle.​ AI-Powered Agents Jit&#39;s AI Agents, such as SERA (Security Evaluation and Remediation Agent) and COTA (Communication, Ops, and Ticketing Agent), collaborate with your teams to automate vulnerability triage, risk assessment, and remediation processes, significantly reducing manual workloads. ​ Comprehensive Security Scanning Achieve full-stack security coverage with integrated scanners for SAST, DAST, SCA, IaC, CSPM, and more. Jit&#39;s platform ensures continuous monitoring and immediate feedback on code changes, facilitating rapid identification and resolution of security issues. ​ Developer-Centric Experience With integrations into popular IDEs and CI/CD pipelines, Jit provides developers with contextual security insights directly within their workflows, promoting a shift-left approach without disrupting productivity. ​ Agentic AI for AppSec Teams Risk-Based Prioritization Utilizing the Model Context Protocol (MCP), Jit evaluates vulnerabilities in the context of runtime environments, business impact, and compliance requirements, enabling teams to focus on the most critical risks. ​ Seamless Integrations Jit integrates with a wide array of tools, including GitHub, GitLab, AWS, Azure, GCP, Jira, Slack, and more, ensuring that security processes are embedded within your existing technology stack. ​


  **Average Rating:** 4.5/5.0
  **Total Reviews:** 43

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.2/10)
- **Detection Rate:** 8.4/10 (Category avg: 8.9/10)
- **Automated Scans:** 8.6/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 8.4/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [jit](https://www.g2.com/sellers/jit)
- **Year Founded:** 2021
- **HQ Location:** Boston, MA
- **Twitter:** @jit_io (523 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/jit/ (151 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Top Industries:** Computer Software, Financial Services
  - **Company Size:** 44% Mid-Market, 42% Small-Business


#### Pros & Cons

**Pros:**

- Security (10 reviews)
- Easy Integrations (8 reviews)
- Ease of Use (7 reviews)
- Efficiency (7 reviews)
- Integration Support (7 reviews)

**Cons:**

- Integration Issues (4 reviews)
- Limited Features (4 reviews)
- Limited Integration (4 reviews)
- Poor Documentation (4 reviews)
- Complexity (3 reviews)

  ### 22. [Microsoft Defender Vulnerability Management](https://www.g2.com/products/microsoft-defender-vulnerability-management/reviews)
  Defender Vulnerability Management delivers asset visibility, intelligent assessments, and built-in remediation tools for Windows, macOS, Linux, Android, iOS, and network devices. Leveraging Microsoft threat intelligence, breach likelihood predictions, business contexts, and devices assessments, Defender Vulnerability Management rapidly and continuously prioritizes the biggest vulnerabilities on your most critical assets and provides security recommendations to mitigate risk. Reduce risk with continuous vulnerability assessment, risk-based prioritization, and remediation. Defender Vulnerability Management is available for cloud workloads and endpoints. Defender for Endpoint Plan 2 customers can access advanced vulnerability management capabilities with the Defender Vulnerability Management add-on, now generally available.


  **Average Rating:** 4.4/5.0
  **Total Reviews:** 34

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 8.6/10 (Category avg: 9.2/10)
- **Detection Rate:** 8.3/10 (Category avg: 8.9/10)
- **Automated Scans:** 7.2/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 7.2/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [Microsoft](https://www.g2.com/sellers/microsoft)
- **Year Founded:** 1975
- **HQ Location:** Redmond, Washington
- **Twitter:** @microsoft (13,105,844 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/microsoft/ (227,697 employees on LinkedIn®)
- **Ownership:** MSFT

**Reviewer Demographics:**
  - **Top Industries:** Computer &amp; Network Security
  - **Company Size:** 41% Small-Business, 35% Enterprise


  ### 23. [Cyrisma](https://www.g2.com/products/cyrisma/reviews)
  Cyrisma helps MSPs and MSSPs turn cyber risk and compliance into revenue. Its unified platform combines vulnerability management, data and asset discovery, compliance tracking, secure configuration, and dark web monitoring into one continuous experience - enabling partners to identify, prioritize, and remediate cyber risk efficiently. With executive-ready reporting, risk monetization insights, and elegant visuals, Cyrisma helps MSPs demonstrate measurable value, strengthen client relationships, and scale their security services profitably.


  **Average Rating:** 4.6/5.0
  **Total Reviews:** 59

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10)
- **Detection Rate:** 8.7/10 (Category avg: 8.9/10)
- **Automated Scans:** 8.7/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 7.9/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [Cyrisma](https://www.g2.com/sellers/cyrisma)
- **Company Website:** https://www.cyrisma.com/
- **Year Founded:** 2018
- **HQ Location:** Rochester, NY
- **Twitter:** @Cyrisma_USA (43 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/cyrisma/ (15 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Who Uses This:** CEO
  - **Top Industries:** Information Technology and Services, Computer &amp; Network Security
  - **Company Size:** 76% Small-Business, 22% Mid-Market


#### Pros & Cons

**Pros:**

- Time-saving (13 reviews)
- Ease of Use (12 reviews)
- Customer Support (10 reviews)
- Features (9 reviews)
- Vulnerability Identification (9 reviews)

**Cons:**

- Missing Features (4 reviews)
- Not User-Friendly (4 reviews)
- Integration Issues (3 reviews)
- Limited Flexibility (3 reviews)
- Poor Customer Support (3 reviews)

  ### 24. [Saner CVEM](https://www.g2.com/products/saner-cvem/reviews)
  SecPod SanerCyberhygiene platform is a continuous vulnerability and exposure management solution built for the modern IT security landscape. IT and Security teams of small, mid-size, and large enterprises use the Saner platform to go beyond traditional vulnerability management practices and get complete visibility and control over the organization’s attack surface. The platform works on a single light-weight multifunctional agent and is hosted on the cloud. Saner is powered by its homegrown, world’s largest SCAP feed with over 190,000+ vulnerability checks. SanerNow allows you to manage multiple use-cases as below from a single console without traversing across a maze of tools. • Run the fastest scans to discover IT assets, vulnerabilities, misconfigurations, and other security risk exposures • Remediate vulnerabilities on time with integrated patching • Adhere with industry compliance benchmarks like HIPAA, PCI, ISO, and NIST • Fix misconfigurations and harden systems • Automate end-to-end tasks and make the process simple and hassle-free


  **Average Rating:** 4.5/5.0
  **Total Reviews:** 72

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.1/10 (Category avg: 9.2/10)
- **Detection Rate:** 8.9/10 (Category avg: 8.9/10)
- **Automated Scans:** 9.2/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 9.1/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [SecPod](https://www.g2.com/sellers/secpod-b11d8014-d8ec-46e7-9e81-c0d14919fbfc)
- **Company Website:** https://www.secpod.com/
- **Year Founded:** 2008
- **HQ Location:** Redwood City, California
- **Twitter:** @secpod (543 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/secpod-technologies/ (171 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Top Industries:** Information Technology and Services, Computer &amp; Network Security
  - **Company Size:** 41% Small-Business, 38% Mid-Market


#### Pros & Cons

**Pros:**

- Security (14 reviews)
- Features (12 reviews)
- Ease of Use (10 reviews)
- Customer Support (9 reviews)
- Compliance Management (8 reviews)

**Cons:**

- Integration Issues (5 reviews)
- Expensive (4 reviews)
- Limited Features (4 reviews)
- Slow Performance (4 reviews)
- Slow Scanning (4 reviews)

  ### 25. [Fortra VM](https://www.g2.com/products/fortra-vm/reviews)
  Fortra VM is a proactive, risk-based vulnerability management solution that helps organizations identify, assess, and prioritize security weaknesses across their infrastructure. Beyond basic scanning, Fortra VM provides contextual risk prioritization through its Security GPA rating system, Peer Insight for industry benchmarking, and threat ranking to identify exploitation vectors that are used in real world attacks. Conveniently delivered via SAAS, Fortra VM creates easily understood reporting for efficient and effective remediation.


  **Average Rating:** 4.3/5.0
  **Total Reviews:** 67

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.1/10 (Category avg: 9.2/10)
- **Detection Rate:** 8.5/10 (Category avg: 8.9/10)
- **Automated Scans:** 9.2/10 (Category avg: 9.0/10)
- **Configuration Monitoring:** 8.2/10 (Category avg: 8.4/10)


**Seller Details:**

- **Seller:** [Fortra](https://www.g2.com/sellers/fortra)
- **Year Founded:** 1982
- **HQ Location:** Eden Prairie, Minnesota
- **Twitter:** @fortraofficial (2,758 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/fortra (1,738 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Top Industries:** Financial Services, Banking
  - **Company Size:** 45% Mid-Market, 35% Small-Business


#### Pros & Cons

**Pros:**

- Reliability (2 reviews)
- Customer Support (1 reviews)
- Data Security (1 reviews)
- Ease of Use (1 reviews)
- Incident Management (1 reviews)


## Parent Category

[DevSecOps Software](https://www.g2.com/categories/devsecops)


## Related Categories

- [Penetration Testing Tools](https://www.g2.com/categories/penetration-testing-tools)
- [Dynamic Application Security Testing (DAST) Software](https://www.g2.com/categories/dynamic-application-security-testing-dast)
- [Risk-Based Vulnerability Management Software](https://www.g2.com/categories/risk-based-vulnerability-management)


---

## Buyer Guide

### What You Should Know About Vulnerability Scanner Software

### What is Vulnerability Scanner Software?

Vulnerability scanners are used to examine applications, networks, and environments for security flaws and misconfigurations. These tools run a variety of dynamic security tests to identify security threats along an application or network’s attack surface. Scans can be used for anything from an application penetration test to a compliance scan. Depending on the specific objectives a user has, they can customize the vulnerability scanner to test for specific issues or requirements.

Companies can configure these tests to their unique environment. Companies that handle lots of personal or financial data may scan to ensure every transaction or datastore is encrypted from the public. They could also test their web applications against specific threats like SQL injection or cross-site scripting (XSS) attacks. The highly-customizable nature of vulnerability scanners provides users with tailor-made solutions for application and network security examination.

Many of these tools offer continuous scanning and testing for nonstop protection and monitoring. Whatever administrators set as a priority will be tested periodically and inform employees of issues or incidents. Continuous monitoring makes it much easier to discover vulnerabilities before they become an issue and drastically reduce the amount of time a vulnerability takes to remediate.

Key Benefits of Vulnerability Scanner Software

- Scan networks and applications for security flaws
- Diagnose, track, and remediate vulnerabilities
- Identify and resolve misconfigurations
- Perform ad hoc security tests

### Why Use Vulnerability Scanner Software?

Applications and networks are only beneficial to a business if they operate smoothly and securely. Vulnerability scanners are a useful tool to view internal systems and applications from the perspective of the attacker. These tools allow for dynamic testing while applications operate. This helps security teams take a step beyond patches and code analysis to evaluate security posture while the application, network, or instance actually runs.

**Application security—** Cloud, web, and desktop applications all require security, but operate differently. While many vulnerability scanners support testing for all kinds of applications, vulnerability scanners often support a few application types, but not others. Still, they will all examine the application itself, as well as the paths a user needs to access it. For example, if a vulnerability scanner is used on a web application, the tool will take into account the various attack vectors a hacker might take. This includes a site’s navigation, regional access, privileges, and other factors decided by the user. From there, the scanner will output reports on specific vulnerabilities, compliance issues, and other operational flaws.

**Networks —** While software applications are often the most obvious use cases for vulnerability scanners, network vulnerability scanners are also quite common. These tools take into account the network itself, as well as computers, servers, mobile devices and any other asset accessing a network. This helps businesses identify vulnerable devices and abnormal behaviors within a network to identify and remediate issues as well as improve their network&#39;s security posture. Many even provide visual tools for mapping networks and their associated assets to simplify the management and prioritization of vulnerabilities requiring remediation.

**Cloud environments —** Not to be confused with cloud-based solutions delivered in a SaaS model, cloud vulnerability scanners examine cloud services, cloud computing environments, and integrated connections. Like network vulnerability scanners, cloud environments require an examination on a few levels. Cloud assets come in many forms including devices, domains, and instances; but all must be accounted for and scanned. In a properly secured cloud computing environment, integrations and API connections, assets, and environments must all be mapped, configurations must be monitored, and requirements must be enforced.

### What are the Common Features of Vulnerability Scanner Software?

Vulnerability scanners can provide a wide range of features, but here are a few of the most common found in the market.

**Network mapping —** Network mapping features provide a visual representation of network assets including endpoints, servers, and mobile devices to intuitively demonstrate an entire network’s components.

**Web inspection —** Web inspection features are used to assess the security of a web application in the context of its availability. This includes site navigation, taxonomies, scripts, and other web-based operations that may impact a hacker’s abilities.

[**Defect tracking**](https://www.g2.com/categories/vulnerability-scanner/f/issue-tracking) **—** Defect and issue tracking functionality helps users discover and document vulnerabilities and track them to their source through the resolution process.

**Interactive scanning —** Interactive scanning or interactive application security testing features allow a user to be directly involved in the scanning process, watch tests in real time, and perform ad hoc tests.

[**Perimeter scanning**](https://www.g2.com/categories/vulnerability-scanner/f/perimeter-scanning) **—** Perimeter scanning will analyze assets connected to a network or cloud environment for vulnerabilities.

[**Black box testing**](https://www.g2.com/categories/vulnerability-scanner/f/black-box-testing) **—** Black box scanning refers to tests conducted from the hacker’s perspective. Black box scanning examines functional applications externally for vulnerabilities like SQL injection or XSS.

**Continuous monitoring —** Continuous monitoring allows users to set it and forget it. They enable scanners to run all the time as they alert users of new vulnerabilities.

[**Compliance monitoring**](https://www.g2.com/categories/vulnerability-scanner/f/compliance-testing) **—** Compliance-related monitoring features are used to monitor data quality and send alerts based on violations or misuse.

**Asset discovery —** Asset discovery features unveil applications in use and trends associated with asset traffic, access, and usage.

**Logging and reporting —** Log documentation and reporting provides required reports to manage operations. It provides adequate logging to troubleshoot and support auditing.

**Threat intelligence —** Threat intelligence features integrate with or store information related to common threats and how to resolve them once incidents occur.

**Risk analysis —** Risk scoring and risk analysis features identify, score, and prioritize security risks, vulnerabilities, and compliance impacts of attacks and breaches.

**Extensibility —** Extensibility and integration features provide the ability to extend the platform or product to include additional features and functionalities.

Many vulnerability scanner tools will also offer the following features:&amp;nbsp;

- [Configuration monitoring capabilities](https://www.g2.com/categories/vulnerability-scanner/f/configuration-monitoring)
- [Automated scan capabilities](https://www.g2.com/categories/vulnerability-scanner/f/automated-scans)
- [Manual application testing capabilities](https://www.g2.com/categories/vulnerability-scanner/f/manual-application-testing)
- [Static code analysis capabilities](https://www.g2.com/categories/vulnerability-scanner/f/static-code-analysis)

### Potential Issues with Vulnerability Scanner Software

**False positives —** False positives are one of the most common issues with security tools. They indicate a tool is not running efficiently and introduce lots of unnecessary labor. Users should examine figures related to specific products and their accuracy before purchasing a solution.

**Integrations —** Integrations can make an application or product do virtually anything, but only if the integration is supported. If a specific solution must be integrated or a specific data source is highly relevant, be sure it’s compatible with the vulnerability scanner before making that decision.

**Scalability —** Scalability is always important, especially for growing teams. Cloud and SaaS-based solutions are traditionally the most scalable, but desktop and open source tools may be as well. Scalability will be important for teams considering collaborative use, concurrent use, and multi-application and environment scanning.

### Software and Services Related to Vulnerability Scanner Software

These technology families are either closely related to vulnerability scanners or there is frequent overlap between products.

[**Risk-based vulnerability management software**](https://www.g2.com/categories/risk-based-vulnerability-management) **—** Risk-based vulnerability management software is used to analyze security posture based on a wide array of risk factors. From there, companies prioritize vulnerabilities based on their risk score. These tools often have some overlapping features, but they’re more geared towards prioritizing risks in large organizations rather than identifying vulnerabilities to individual applications or environments.

[**Dynamic application security testing (DAST) software**](https://www.g2.com/categories/dynamic-application-security-testing-dast) **—** DAST software is very closely related to vulnerability scanners and are sometimes used interchangeably. The differentiating factor here, though, is the ability to scan networks, cloud services, and IT assets in addition to applications. While they do scan for vulnerabilities, they won’t allow users to map networks, visualize environments, or examine vulnerabilities beyond the scope of the application.

[**Static application security testing (SAST) software**](https://www.g2.com/categories/static-application-security-testing-sast) **—** SAST software is not that similar to vulnerability scanners, unlike DAST tools. SAST tools allow for the examination of source code and non-operational application components. They also can’t simulate attacks or perform functional security tests. Still, these can be useful for defect and bug tracking if the vulnerability is rooted in an application’s source code.

[**Penetration testing software**](https://www.g2.com/categories/penetration-testing) **—** Penetration testing software is one aspect of vulnerability scanning, but a penetration test will not provide a wide variety of security tests. They are useful for testing common attack types, but they won’t be very effective in identifying and remediating the root cause of a vulnerability.