# Best Dynamic Application Security Testing (DAST) Software

*By [Lauren Worth](https://research.g2.com/insights/author/lauren-worth)*


Dynamic application security testing (DAST) tools automate security tests for a variety of real-world threats. These tools typically test HTTP and HTML interfaces of web applications. DAST is a black-box testing method, meaning it is performed from the outside. Companies use these tools to identify vulnerabilities in their applications from an external perspective to better simulate threats most easily accessed by hackers outside their organization. There are similarities between DAST tools and other application security and vulnerability management solutions, but most other technologies perform internal tests and code analysis instead of focusing on black-box testing.

[SAST vs DAST](https://research.g2.com/blog/sast-vs-dast) — Learn the difference

To qualify for inclusion in the Dynamic Application Security Testing (DAST) category, a product must:

- Test applications in their operational state
- Perform external black-box security tests
- Trace penetrations and exploits to their sources





## Top Dynamic Application Security Testing (DAST) Software at a Glance
| # | Product | Rating | Best For | What Users Say |
|---|---------|--------|----------|----------------|
| 1 | [Aikido Security](https://www.g2.com/products/aikido-security/reviews) | 4.6/5.0 (210 reviews) | Low-noise DAST with unified AppSec scanning | "[Enterprise Security Without an Enterprise Security Team](https://www.g2.com/survey_responses/aikido-security-review-13108704)" |
| 2 | [Astra Pentest](https://www.g2.com/products/astra-pentest/reviews) | 4.6/5.0 (213 reviews) | Validated DAST with human-verified remediation workflows | "[Smooth Onboarding, Responsive Support, and Strong Pentest Lifecycle Controls](https://www.g2.com/survey_responses/astra-pentest-review-13001206)" |
| 3 | [Burp Suite](https://www.g2.com/products/burp-suite/reviews) | 4.8/5.0 (126 reviews) | Proxy-intercept DAST with manual exploit depth | "[Complete Control Over Web Requests with Burp Suite](https://www.g2.com/survey_responses/burp-suite-review-12677559)" |
| 4 | [Qodex.ai](https://www.g2.com/products/qodex-ai/reviews) | 4.9/5.0 (60 reviews) | AI-automated API security testing with self-healing | "[Effortless AI Testing Automation That Accelerates Development](https://www.g2.com/survey_responses/qodex-ai-review-12088697)" |
| 5 | [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) | 4.5/5.0 (68 reviews) | Proof-based DAST with CI/CD integration | "[Accurate, Actionable Scans with Minimal Noise](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-13079965)" |
| 6 | [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews) | 4.5/5.0 (289 reviews) | Credentialed network vulnerability scanning with remediation guidance | "[Self-Contained Nessus Scanning with Full Control in Offline Environments](https://www.g2.com/survey_responses/tenable-nessus-review-12937668)" |
| 7 | [GitLab](https://www.g2.com/products/gitlab/reviews) | 4.5/5.0 (881 reviews) | Pipeline-embedded DAST with unified DevSecOps | "[GitLab’s All-in-One DevOps Platform with CI/CD and Security Scanning](https://www.g2.com/survey_responses/gitlab-review-12864830)" |
| 8 | [Harness Platform](https://www.g2.com/products/harness-platform/reviews) | 4.6/5.0 (300 reviews) | — | "[Best tool for cost optimization and Repository](https://www.g2.com/survey_responses/harness-platform-review-11543262)" |
| 9 | [Intruder](https://www.g2.com/products/intruder/reviews) | 4.8/5.0 (208 reviews) | Continuous external attack surface scanning with auto-remediation | "[Reliable Service with Flexible Plans and Strong Support](https://www.g2.com/survey_responses/intruder-review-13110046)" |
| 10 | [Pynt - API Security Testing](https://www.g2.com/products/pynt-api-security-testing/reviews) | 4.8/5.0 (44 reviews) | API-first DAST with CI/CD-native discovery | "[Comprehensive Review of Pynt Tool](https://www.g2.com/survey_responses/pynt-api-security-testing-review-10046930)" |

---
## What Are the Most Common Questions About Dynamic Application Security Testing (DAST) Software?
*AI-generated · Last updated: May 26, 2026*
### Which DAST tool offers the most comprehensive testing coverage?
Based on G2 reviews, Aikido Security stands out in this category because reviewers consistently describe broad coverage across application and related security testing workflows. According to verified users, it combines DAST with capabilities such as SAST, SCA, container scanning, cloud and infrastructure visibility, and vulnerability management in one place. G2 reviewers mention that this wider coverage helps teams reduce tool sprawl, centralize findings, and speed remediation. Reviewers also repeatedly call out straightforward setup, repository integrations, and developer-friendly workflows. While some users note that certain advanced enterprise controls are still maturing, recent feedback most often highlights Aikido Security for comprehensive, all-in-one testing breadth.


### What best DAST solutions for continuous security integration?
Based on G2 reviews, buyers looking for continuous security integration often prioritize products that fit naturally into development pipelines, automate recurring scans, and reduce operational overhead. G2 reviewers mention that Aikido Security is commonly used inside DevSecOps workflows with repository integrations and automatic scanning, while Invicti is frequently praised for CI/CD integrations and proof-based testing in ongoing web application programs. According to verified users, GitLab is also valued when teams want security checks embedded directly into broader development and deployment workflows. Across recent reviews, the common buying themes are automation, clear reporting, faster remediation, and easier adoption by both security and engineering teams.

**Here are some of the top-rated products on G2:**

- [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – used for automated security scanning inside developer and repository workflows with minimal setup
- [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) – chosen for ongoing web app scanning with CI/CD integrations and proof-based validation
- [GitLab](https://www.g2.com/products/gitlab/reviews) – fits teams that want security checks embedded into pipelines, merge requests, and delivery workflows


### What best tools for combining DAST with SAST?
Based on G2 reviews, teams that want DAST and SAST together often favor platforms that reduce tool switching and present findings in one workflow. According to verified users, Aikido Security is repeatedly described as an all-in-one platform that brings together DAST, SAST, SCA, and other security checks, which helps smaller teams and fast-moving engineering groups centralize remediation. G2 reviewers mention that Invicti is also used for combining DAST with SAST and SCA in a more unified process, especially for organizations managing larger portfolios. GitLab reviews similarly point to built-in security scanning within pipelines, making it useful for teams that want code and application testing closer to delivery processes.

**Here are some of the top-rated products on G2:**

- [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – suited for teams wanting DAST, SAST, and related scanning in one developer-friendly platform
- [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) – useful for organizations seeking DAST plus SAST and SCA within a centralized workflow
- [GitLab](https://www.g2.com/products/gitlab/reviews) – helps embed multiple application security checks into CI/CD and merge request processes


### Which DAST software integrates with CI/CD pipelines?
Based on G2 reviews, Invicti is the strongest fit for this question because reviewers frequently highlight its integrations with CI/CD tools and automated testing workflows. According to verified users, it connects with tools such as Jenkins, GitLab, and Jira, and helps teams move security checks earlier into delivery cycles. G2 reviewers mention that its automation, proof-based validation, and reporting make it easier for development and security teams to focus on real issues instead of manually sorting through excessive noise. Recent feedback also notes that setup can require tuning for more complex environments, but the integration story appears consistently in the review data and is a key reason teams adopt it.


### Which is the best DAST tool for web application security?
Based on G2 reviews, Burp Suite is the clearest answer for web application security use cases. According to verified users, it is widely valued for intercepting, modifying, and replaying web requests, which helps security teams uncover issues in application logic, authentication flows, and input handling. G2 reviewers mention Repeater, Proxy, Intruder, and the broader extension ecosystem as major strengths for deep hands-on testing. Recent reviews also describe Burp Suite as especially effective for web, API, and mobile dynamic testing, with strong support for both manual and automated workflows. Some users note pricing and resource usage concerns, but reviewers consistently position it as a leading tool for web application testing depth.


### What top DAST solutions for cloud-native applications?
Based on G2 reviews, cloud-native buyers tend to favor products that can scan applications while also fitting modern DevSecOps and infrastructure-heavy workflows. G2 reviewers mention that Aikido Security is used across repositories, cloud environments, and container-related security checks, which makes it appealing for teams trying to consolidate tooling. According to verified users, Intruder is also used to monitor vulnerabilities across both cloud resources and applications from a single view. GitLab reviews similarly point to integrated pipelines, automation, and built-in security checks that support cloud-native development practices. Across the recent review set, buyers emphasize ease of setup, workflow integration, and the ability to reduce noise while keeping developers moving quickly.

**Here are some of the top-rated products on G2:**

- [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – works well for teams combining application scans with repository, container, and cloud-focused workflows
- [Intruder](https://www.g2.com/products/intruder/reviews) – fits organizations that want vulnerability visibility across cloud infrastructure and applications in one place
- [GitLab](https://www.g2.com/products/gitlab/reviews) – supports cloud-native delivery with integrated pipelines, automation, and embedded security checks


### What best tools for detecting runtime security issues?
Based on G2 reviews, buyers discussing runtime or live-application risk tend to value products that validate findings in running environments and reduce noisy results. According to verified users, Aikido Security is noted for helping teams connect code and external application risk, and one reviewer specifically highlighted its in-app protection capability for mitigating issues in legacy applications. G2 reviewers also describe Veracode Dynamic Analysis as useful for finding runtime vulnerabilities that static tools can miss, while Burp Suite is frequently used to inspect and manipulate live traffic during testing. The strongest common themes in recent feedback are actionable findings, clearer prioritization, and support for testing realistic application behavior.

**Here are some of the top-rated products on G2:**

- [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – useful for teams wanting live application visibility alongside broader application security workflows
- [Veracode Dynamic Analysis](https://www.g2.com/products/veracode-dynamic-analysis/reviews) – highlighted for identifying runtime vulnerabilities that static tools may miss
- [Burp Suite](https://www.g2.com/products/burp-suite/reviews) – strong for analyzing live web traffic and validating exploitable issues during active testing


### What top platforms for automated application vulnerability testing?
Based on G2 reviews, automated application vulnerability testing buyers often look for products that are easy to deploy, fast to scan, and clear in how they present findings. G2 reviewers mention that Intruder is valued for automated scanning, continuous updates, and low operational overhead, while Aikido Security is praised for automatic scans, developer-friendly workflows, and centralized issue management. According to verified users, Invicti also stands out for proof-based scanning and automation that supports earlier detection in development processes. Across the recent review data, the products most often associated with automation success are the ones that balance broad visibility, manageable noise levels, and integrations that help teams remediate quickly.

**Here are some of the top-rated products on G2:**

- [Intruder](https://www.g2.com/products/intruder/reviews) – designed for automated scanning, continuous monitoring, and straightforward remediation tracking
- [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – automates security scanning and helps developers prioritize and resolve issues faster
- [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) – supports automated web application scanning with validated findings and detailed reporting


### What top-rated DAST platforms for enterprise applications?
Based on G2 reviews, enterprise buyers generally look for scalable scanning, centralized reporting, and support for more complex environments. According to verified users, Invicti is often chosen for larger application portfolios because of endpoint discovery, CI/CD integrations, proof-based validation, and reporting suited to both technical and executive audiences. G2 reviewers also point to Burp Suite for deep testing depth in professional security teams and to GitLab when enterprises want security controls embedded into a broader DevSecOps platform. Recent reviews suggest the best enterprise fit depends on whether the priority is scalable automated scanning, practitioner-led testing depth, or consolidating security within software delivery operations.

**Here are some of the top-rated products on G2:**

- [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) – well suited for enterprise portfolios needing scalable scanning and centralized reporting
- [Burp Suite](https://www.g2.com/products/burp-suite/reviews) – fits enterprise security teams that need deep manual and automated web testing capability
- [GitLab](https://www.g2.com/products/gitlab/reviews) – useful for enterprises embedding security and compliance checks into a unified DevSecOps workflow


### Which DAST tool offers AI-driven vulnerability detection?
Based on G2 reviews, Aikido Security is the strongest grounded answer because multiple reviewers reference AI-related capabilities alongside its broader application security workflow. According to verified users, the platform offers AI-generated pull request fixes and GitHub-related AI features that help teams move from detection to remediation faster. G2 reviewers mention that its developer-friendly design, automated scanning, and prioritization reduce noise and help smaller teams stay productive. Reviewers also note some AI limitations, including cases where GitHub AI suggestions were not always accurate, but the recent review data still shows more direct AI-driven workflow mentions for Aikido Security than for most other products in this category.




## G2 Grid® for Dynamic Application Security Testing (DAST) Software
![G2 Grid® for Dynamic Application Security Testing (DAST) Software plotting products by satisfaction and market presence](https://www.g2.com/categories/dynamic-application-security-testing-dast/grids.png?focus%5B%5D=1259627&focus%5B%5D=154599&focus%5B%5D=32486&focus%5B%5D=1332841&focus%5B%5D=32494&focus%5B%5D=32484&focus%5B%5D=19003&focus%5B%5D=100655)
Highlighted products: Aikido Security, Astra Pentest, Burp Suite, Qodex.ai, Tenable Nessus, Invicti (formerly Netsparker), GitLab, and Harness Platform.
Underlying data: [Grid® JSON](https://www.g2.com/categories/dynamic-application-security-testing-dast/grids.json?focus%5B%5D=aikido-security&amp;focus%5B%5D=astra-pentest&amp;focus%5B%5D=burp-suite&amp;focus%5B%5D=qodex-ai&amp;focus%5B%5D=tenable-nessus&amp;focus%5B%5D=invicti-formerly-netsparker&amp;focus%5B%5D=gitlab&amp;focus%5B%5D=harness-platform)


## How Many Dynamic Application Security Testing (DAST) Software Products Does G2 Track?
**Total Products under this Category:** 94

### Category Stats (Jul 2026)
- **Average Rating**: 4.56/5 The average rating of products in this category, based on all submitted ratings
- **Top Trending Product**: Checkmarx (+0.67%) - Among all products in this category, Checkmarx recorded the largest rating increase compared to last month
*Last updated: July 17, 2026*


## How Does G2 Rank Dynamic Application Security Testing (DAST) Software Products?

**Why You Can Trust G2's Software Rankings:**

- 30 Analysts and Data Experts
- 4,000+ Authentic Reviews
- 94+ Products
- Unbiased Rankings

G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category.


## Which Dynamic Application Security Testing (DAST) Software Is Best for Your Use Case?

- **Leader:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
- **Highest Performer:** [Qodex.ai](https://www.g2.com/products/qodex-ai/reviews)
- **Easiest to Use:** [Qodex.ai](https://www.g2.com/products/qodex-ai/reviews)
- **Top Trending:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
- **Best Free Software:** [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews)


---

**Sponsored**

### Aikido Security

Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido helps teams of any size ship secure software faster, automate protection, and simulate real-world attacks with AI-driven precision. The platform’s proprietary AI cuts noise by 95%, delivers one-click fixes, and saves developers 10+ hours per week. Aikido Intel proactively uncovers vulnerabilities in open source packages before disclosure, helping secure more than 50,000 organizations worldwide, including Revolut, Niantic, Visma, Montblanc, and GoCardless.



[Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&amp;secure%5Bad_slot%5D=category_product_list&amp;secure%5Bcategory_id%5D=1521&amp;secure%5Bchosen_at%5D=2026-07-17T22%3A06%3A13Z&amp;secure%5Bdisplayable_resource_id%5D=1521&amp;secure%5Bdisplayable_resource_type%5D=Category&amp;secure%5Bmedium%5D=sponsored&amp;secure%5Bplacement_reason%5D=page_category&amp;secure%5Bplacement_resource_ids%5D%5B%5D=1521&amp;secure%5Bprioritized%5D=false&amp;secure%5Bproduct_id%5D=1259627&amp;secure%5Bresource_id%5D=1521&amp;secure%5Bresource_type%5D=Category&amp;secure%5Bsource_type%5D=category_page&amp;secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fdynamic-application-security-testing-dast&amp;secure%5Btoken%5D=dcbbd3711c7908a45fb83812eafbf40192ce999e513577570ed99e67f4b0e99b&amp;secure%5Burl%5D=https%3A%2F%2Fwww.aikido.dev%2Fattack%2Fsurface-monitoring-dast%3Futm_source%3Dg2%26utm_campaign%3Dg2-promoted-listing-dast%26utm_medium%3Dcpc&amp;secure%5Burl_type%5D=custom_url)

---

## What Are the Top-Rated Dynamic Application Security Testing (DAST) Software Products in 2026?
### 1. [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido helps teams of any size ship secure software faster, automate protection, and simulate real-world attacks with AI-driven precision. The platform’s proprietary AI cuts noise by 95%, delivers one-click fixes, and saves developers 10+ hours per week. Aikido Intel proactively uncovers vulnerabilities in open source packages before disclosure, helping secure more than 50,000 organizations worldwide, including Revolut, Niantic, Visma, Montblanc, and GoCardless.


**Average Rating:** 4.6/5.0
**Total Reviews:** 210
**How Do G2 Users Rate Aikido Security?**

- **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.3/10 (Category avg: 8.6/10)
- **Detection Rate:** 10.0/10 (Category avg: 8.7/10)
- **Test Automation:** 10.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind Aikido Security?**

- **Seller:** [Aikido Security](https://www.g2.com/sellers/aikido-security)
- **Company Website:** https://aikido.dev
- **Year Founded:** 2022
- **HQ Location:** Ghent, Belgium
- **Twitter:** @AikidoSecurity (11,770 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/aikido-security/ (241 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Founder, CTO
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 78% Small-Business, 14% Mid-Market


#### What Are Aikido Security's Pros and Cons?

**Pros:**

- Ease of Use (78 reviews)
- Security (55 reviews)
- Features (52 reviews)
- Easy Integrations (47 reviews)
- Easy Setup (47 reviews)

**Cons:**

- Missing Features (19 reviews)
- Expensive (17 reviews)
- Limited Features (16 reviews)
- Pricing Issues (15 reviews)
- Lacking Features (14 reviews)


### What Do G2 Reviewers Say About Aikido Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of Aikido Security, benefiting from its clear, actionable insights and seamless integration.
- Users praise Aikido Security for its **fast and user-friendly identification of security issues** in codebases, enhancing development practices.
- Users appreciate the **robust features of Aikido Security** , valuing its usability and effectiveness in enhancing security workflows.
- Users value the **easy integrations** with GitLab, allowing for quick start and effective tracking of security issues.
- Users commend the **easy setup** of Aikido Security, simplifying integration and enhancing their security workflow significantly.

**Cons:**

- Users note the **missing features** in Aikido Security, wishing for more integration and advanced configuration options.
- Users find the **pricing excessive** , particularly for startups, despite acknowledging the product&#39;s value.
- Users find Aikido Security has **limited features** , particularly in advanced customization and reporting for complex environments.
- Users find the **entry-level pricing** of Aikido Security too high for startups, limiting adoption and experimentation.
- Users are frustrated by the **lack of features** , especially with local scanning and branch handling limitations.

#### What Are Recent G2 Reviews of Aikido Security?

**"[Enterprise Security Without an Enterprise Security Team](https://www.g2.com/survey_responses/aikido-security-review-13108704)"**

**Rating:** 4.0/5.0 stars
*— Ian M.*

[Read full review](https://www.g2.com/survey_responses/aikido-security-review-13108704)

---

**"[Seamless GitHub Integration with Solid Security Findings and Smart False-Positive Analysis](https://www.g2.com/survey_responses/aikido-security-review-13109689)"**

**Rating:** 4.5/5.0 stars
*— Jordan B.*

[Read full review](https://www.g2.com/survey_responses/aikido-security-review-13109689)

---



### 2. [Astra Pentest](https://www.g2.com/products/astra-pentest/reviews)
Astra Security is a leading continuous penetration testing platform that combines AI-powered autonomous pentesting with certified expert-led assessments. Powered by Attack AI, trained on 6.8M+ security findings and insights from 5,000+ real-world pentests. Astra deploys intelligent agents that continuously discover, validate, prioritize, and help remediate vulnerabilities at scale. While AI handles speed and scale, Astra’s certified security experts focus on what automation alone cannot: complex business logic flaws, multi-step attack chains, advanced exploit paths, and emerging AI/LLM-specific threats. Built for modern engineering teams, Astra integrates directly into CI/CD workflows, enabling continuous security validation between releases instead of relying on outdated annual pentests. The platform delivers comprehensive Autonomous Pentest powered by AI agents, DAST vulnerability scanner and human-driven pentests across web apps, AI/LLMs, mobile apps, APIs, cloud infrastructure. Astra is CREST-accredited, CERT-IN empaneled, and a PCI ASV-certified vendor. Our team also led the development of the OWASP APTS framework, helping shape the industry standard for continuous security testing. Today, 1,500+ organizations across 70+ countries trust Astra Security, including Ford, Loom, CompTIA, Hitachi, HackerRank, and OLX.


**Average Rating:** 4.6/5.0
**Total Reviews:** 213
**How Do G2 Users Rate Astra Pentest?**

- **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.3/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.9/10 (Category avg: 8.7/10)
- **Test Automation:** 8.8/10 (Category avg: 8.7/10)

**Who Is the Company Behind Astra Pentest?**

- **Seller:** [ASTRA IT, Inc.](https://www.g2.com/sellers/astra-it-inc)
- **Company Website:** https://www.getastra.com/
- **Year Founded:** 2018
- **HQ Location:** New Delhi, IN
- **Twitter:** @getastra (694 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/getastra/ (130 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** CTO, CEO
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 66% Small-Business, 29% Mid-Market


#### What Are Astra Pentest's Pros and Cons?

**Pros:**

- Customer Support (63 reviews)
- Vulnerability Detection (51 reviews)
- Ease of Use (50 reviews)
- Pentesting Efficiency (42 reviews)
- Vulnerability Identification (37 reviews)

**Cons:**

- Poor Customer Support (12 reviews)
- Poor Interface Design (10 reviews)
- Slow Performance (8 reviews)
- UX Improvement (7 reviews)
- Lack of Information (6 reviews)


### What Do G2 Reviewers Say About Astra Pentest?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **responsive customer support** of Astra Pentest, enhancing their experience and ensuring smooth collaboration.
- Users value the **comprehensive vulnerability management features** of Astra Pentest, enhancing their ability to address security issues effectively.
- Users love the **ease of use** of Astra Pentest, appreciating its intuitive design and accessible features.
- Users commend Astra Pentest for its **efficient penetration testing** , enabling swift execution and effective communication throughout the process.
- Users value the **thorough vulnerability identification** of Astra Pentest, enhancing confidence and security in their development processes.

**Cons:**

- Users experience **poor customer support** , citing slow responses and difficulties with account setup and vulnerability inquiries.
- Users find the **poor interface design** of Astra Pentest to be clunky and not user-friendly, affecting usability.
- Users experience **slow performance** with Astra Pentest, affecting testing speed and response times for results.
- Users feel that the **UX could be improved** for a smoother experience, as navigation can sometimes be confusing.
- Users face a **lack of information** with Astra Pentest, as documentation and updates are often insufficient or slow to arrive.

#### What Are Recent G2 Reviews of Astra Pentest?

**"[Smooth Onboarding, Responsive Support, and Strong Pentest Lifecycle Controls](https://www.g2.com/survey_responses/astra-pentest-review-13001206)"**

**Rating:** 5.0/5.0 stars
*— Sivakumar S.*

[Read full review](https://www.g2.com/survey_responses/astra-pentest-review-13001206)

---

**"[Exceptional VAPT Solution with Prompt Support](https://www.g2.com/survey_responses/astra-pentest-review-9603864)"**

**Rating:** 5.0/5.0 stars
*— Nikhil Ajit S.*

[Read full review](https://www.g2.com/survey_responses/astra-pentest-review-9603864)

---


#### What Are G2 Users Discussing About Astra Pentest?

- [What is Astra Pentest used for?](https://www.g2.com/discussions/what-is-astra-pentest-used-for) - 2 comments

### 3. [Burp Suite](https://www.g2.com/products/burp-suite/reviews)
Burp Suite is a complete ecosystem for web application and API security testing, combining two products: Burp Suite DAST - a best-of-breed, precision DAST solution that automates runtime testing, and Burp Suite Professional - the industry-standard toolkit for manual penetration testing. Developed by PortSwigger, more than 85,000 security professionals rely on Burp Suite to find, verify, and understand vulnerabilities across complex modern web applications. Burp Suite DAST is PortSwigger’s enterprise dynamic application security testing (DAST) solution, purpose-built for continuous, automated scanning of web applications and APIs. Unlike many DAST solutions, which are part of a wider AST offering, Burp Suite DAST is not a bolt-on tool - instead it’s precision-built from over 20 years of dynamic testing experience. Burp Suite DAST reveals the runtime issues that static analysis tools miss, such as authentication flaws, configuration drift, and chained vulnerabilities. Built on the same proprietary scanning engine that powers Burp Suite Professional, it delivers precise, low-noise results that security teams trust. Key capabilities of Burp Suite DAST include: Continuous, automated scanning of web applications and APIs, integration with CI/CD pipelines and vulnerability management tools, flexible deployment across cloud, and on-premise environments, shared scanning logic and configurations between automated and manual testing, accurate, low-noise detection informed by PortSwigger Research. Burp Suite Professional complements DAST with deep manual testing capability. It’s the industry-standard toolkit for penetration testers, consultants, and AppSec engineers who need complete insight and flexibility when validating or exploring vulnerabilities. Findings discovered by DAST can be investigated and verified in Burp Suite Professional, ensuring every result is accurate, contextual, and actionable. Together, Burp Suite DAST and Burp Suite Professional create a unified ecosystem that delivers automation at breadth and manual depth where it counts. Burp Suite is built for AppSec teams who need scalable, trustworthy coverage across web and API environments, enabling a seamless handoff between automated and manual testing.


**Average Rating:** 4.8/5.0
**Total Reviews:** 126
**How Do G2 Users Rate Burp Suite?**

- **Has the product been a good partner in doing business?:** 9.7/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.3/10 (Category avg: 8.6/10)
- **Detection Rate:** 7.2/10 (Category avg: 8.7/10)
- **Test Automation:** 7.5/10 (Category avg: 8.7/10)

**Who Is the Company Behind Burp Suite?**

- **Seller:** [PortSwigger](https://www.g2.com/sellers/portswigger)
- **Company Website:** https://www.portswigger.net
- **Year Founded:** 2008
- **HQ Location:** Knutsford, GB
- **Twitter:** @Burp_Suite (138,186 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/portswigger-web-security/ (345 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Cyber Security Analyst
- **Top Industries:** Information Technology and Services, Computer &amp; Network Security
- **Company Size:** 41% Mid-Market, 31% Small-Business


#### What Are Burp Suite's Pros and Cons?

**Pros:**

- Ease of Use (12 reviews)
- User Interface (8 reviews)
- Testing Services (7 reviews)
- Features (5 reviews)
- Clear Interface (4 reviews)

**Cons:**

- Expensive (5 reviews)
- Slow Performance (5 reviews)
- High Learning Curve (2 reviews)
- Learning Curve (2 reviews)
- Limited Customization (2 reviews)


### What Do G2 Reviewers Say About Burp Suite?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of Burp Suite, enabling quick setup for both beginners and advanced professionals.
- Users appreciate the **user-friendly interface** of Burp Suite, making penetration testing straightforward and accessible for all levels.
- Users value the **deep automation and manual testing capabilities** of Burp Suite for effective web and Android security testing.
- Users admire the **user-friendly interface** and seamless integration of Burp Suite, enhancing both navigation and testing efficiency.
- Users love the **clear interface** of Burp Suite, enabling effortless traffic interception and easy navigation.

**Cons:**

- Users find Burp Suite **expensive** , especially students, limiting accessibility to its powerful features and community support.
- Users report **slow performance** with Burp Suite, particularly on low-spec systems and during resource-intensive scans.
- Users find the **steep learning curve** of Burp Suite challenging, especially for beginners navigating its complex features.
- Users struggle with the **steep learning curve** of Burp Suite, finding it challenging, especially for beginners.
- Users find the **limited customization options** in Burp Suite restrict their ability to tailor the tool to their needs.

#### What Are Recent G2 Reviews of Burp Suite?

**"[Complete Control Over Web Requests with Burp Suite](https://www.g2.com/survey_responses/burp-suite-review-12677559)"**

**Rating:** 5.0/5.0 stars
*— Arish B.*

[Read full review](https://www.g2.com/survey_responses/burp-suite-review-12677559)

---

**"[Burp Suite Pro: A Powerful, All-in-One Platform for Web App Pen Testing](https://www.g2.com/survey_responses/burp-suite-review-12818180)"**

**Rating:** 4.5/5.0 stars
*— Aryan S.*

[Read full review](https://www.g2.com/survey_responses/burp-suite-review-12818180)

---


#### What Are G2 Users Discussing About Burp Suite?

- [What are the benefits and challenges of using BurpSuite for web application security?](https://www.g2.com/discussions/what-are-the-benefits-and-challenges-of-using-burpsuite-for-web-application-security)
- [What is BurpSuite used for?](https://www.g2.com/discussions/burpsuite-what-is-burpsuite-used-for)
- [What types of vulnerabilities can Burp Suite detect?](https://www.g2.com/discussions/what-types-of-vulnerabilities-can-burp-suite-detect)
- [What is Burp Suite Professional?](https://www.g2.com/discussions/what-is-burp-suite-professional) - 1 comment
- [Is BurpSuite free?](https://www.g2.com/discussions/is-burpsuite-free) - 2 comments

### 4. [Qodex.ai](https://www.g2.com/products/qodex-ai/reviews)
Qodex is a continuous testing platform that runs your test scenarios against your real app on every pull request and deploy, then shows you exactly what broke with the failing request, response, and screenshot.


**Average Rating:** 4.9/5.0
**Total Reviews:** 60
**How Do G2 Users Rate Qodex.ai?**

- **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.3/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.3/10 (Category avg: 8.7/10)
- **Test Automation:** 10.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind Qodex.ai?**

- **Seller:** [QodexAI](https://www.g2.com/sellers/qodexai)
- **Company Website:** https://www.qodex.ai/
- **Year Founded:** 2023
- **HQ Location:** San Francisco, California
- **LinkedIn® Page:** https://linkedin.com/company/qodexai (13 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 75% Small-Business, 20% Mid-Market


#### What Are Qodex.ai's Pros and Cons?

**Pros:**

- Ease of Use (23 reviews)
- Automation (17 reviews)
- Testing (17 reviews)
- Testing Efficiency (17 reviews)
- Helpful (13 reviews)

**Cons:**

- Slow Loading (6 reviews)
- Poor Documentation (5 reviews)
- Slow Performance (5 reviews)
- Bug Issues (4 reviews)
- Bugs (4 reviews)


### What Do G2 Reviewers Say About Qodex.ai?
*AI-generated summary from verified user reviews*

**Pros:**

- Users highlight the **ease of use** of Qodex.ai, making it accessible for both technical and non-technical teams.
- Users value the **automation capabilities** of Qodex.ai, significantly enhancing efficiency in managing API testing processes.
- Users value the **ease of test case writing** with Qodex.ai, enhancing efficiency for developers and product managers.
- Users value the **high testing efficiency** of Qodex.ai, achieving 90% code coverage with minimal manual effort.
- Users find Qodex.ai **incredibly helpful** for quick integration and effective scenario analysis, boosting efficiency significantly.

**Cons:**

- Users experience **slow loading** times with the chatbot and reports, affecting overall efficiency and responsiveness.
- Users find the **poor documentation** a barrier to fully leverage Qodex.ai’s capabilities in advanced testing scenarios.
- Users experience **slow performance** with delayed chatbot responses and longer load times for reports on larger projects.
- Users report **bug issues** including repeated test cases and suggest improvements for bug reporting and flagging accuracy.
- Users report **bug reporting issues** , suggesting improvements for tagging and accuracy of critical and non-critical bugs.

#### What Are Recent G2 Reviews of Qodex.ai?

**"[Effortless AI Testing Automation That Accelerates Development](https://www.g2.com/survey_responses/qodex-ai-review-12088697)"**

**Rating:** 4.5/5.0 stars
*— Abhilash S.*

[Read full review](https://www.g2.com/survey_responses/qodex-ai-review-12088697)

---

**"[Effortless Automation and Insightful AI Testing with Qodex.ai](https://www.g2.com/survey_responses/qodex-ai-review-12065938)"**

**Rating:** 4.5/5.0 stars
*— Anshuk K.*

[Read full review](https://www.g2.com/survey_responses/qodex-ai-review-12065938)

---



### 5. [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews)
Invicti (formerly known as Netsparker) is an enterprise application and API security testing platform that helps organizations secure thousands of web applications and APIs at scale while dramatically reducing the risk of attack. Combining advanced DAST and IAST capabilities in a single platform, Invicti enables security teams to continuously identify, prioritize, and remediate vulnerabilities across complex modern environments with confidence and automation. With Invicti, security teams can: - Automate application security testing workflows and save hundreds of hours every month - Discover and secure all web applications and APIs, including forgotten, unmanaged, and shadow assets - Deliver actionable, developer-friendly feedback that helps teams remediate vulnerabilities faster and build more secure code over time - Reduce false positives with proof-based scanning technology that validates exploitable vulnerabilities - Scale application security programs across large enterprises without slowing development teams - Integrate security seamlessly into existing DevSecOps and CI/CD workflows Built for organizations with the most demanding security requirements, Invicti empowers teams to confidently secure their entire attack surface with accuracy, scalability, and automation.


**Average Rating:** 4.5/5.0
**Total Reviews:** 68
**How Do G2 Users Rate Invicti (formerly Netsparker)?**

- **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.2/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.6/10 (Category avg: 8.7/10)
- **Test Automation:** 8.5/10 (Category avg: 8.7/10)

**Who Is the Company Behind Invicti (formerly Netsparker)?**

- **Seller:** [Invicti Security](https://www.g2.com/sellers/invicti-security-04cb0d3d-fd96-45b2-83dc-2038fc9dac92)
- **Company Website:** https://www.invicti.com/
- **Year Founded:** 2018
- **HQ Location:** Austin, Texas
- **Twitter:** @InvictiSecurity (2,557 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/invicti-security/people/ (335 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 46% Enterprise, 28% Mid-Market


#### What Are Invicti (formerly Netsparker)'s Pros and Cons?

**Pros:**

- Ease of Use (9 reviews)
- Scanning Technology (7 reviews)
- Features (6 reviews)
- Reporting Quality (6 reviews)
- Vulnerability Detection (6 reviews)

**Cons:**

- Poor Customer Support (3 reviews)
- Slow Performance (3 reviews)
- Slow Scanning (3 reviews)
- API Issues (2 reviews)
- Complex Setup (2 reviews)


### What Do G2 Reviewers Say About Invicti (formerly Netsparker)?
*AI-generated summary from verified user reviews*

**Pros:**

- Users highlight the **ease of use** of Invicti, appreciating its user-friendly setup and quick installation process.
- Users value the **efficient scanning technology** of Invicti, enhancing workflow with hassle-free monthly website tests.
- Users commend Invicti&#39;s **accurate vulnerability detection and excellent integration with DevOps tools** , enhancing their security testing efficiency.
- Users value the **high-quality reporting** of Invicti, making it ideal for certifications and simplifying compliance processes.
- Users value the **effective vulnerability detection** of Invicti, appreciating its ease of use and accurate reporting.

**Cons:**

- Users find the **customer support lacking** , with slow responses and inadequate solutions for technical issues.
- Users experience **slow performance** during scans, setup, and upgrades, impacting the overall efficiency of Invicti.
- Users find that **slow scanning** can hinder efficiency, especially when setup is tricky and API scanning is limited.
- Users face **API issues** with Invicti, making it unsuitable for scanning purposes despite good support.
- Users find the **complex setup** challenging initially, impacting their experience before they can effectively utilize the product.

#### What Are Recent G2 Reviews of Invicti (formerly Netsparker)?

**"[Accurate, Actionable Scans with Minimal Noise](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-13079965)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Retail*

[Read full review](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-13079965)

---

**"[Scalable Enterprise Security: Deep Endpoint Coverage via Invicti](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-12742667)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Information Technology and Services*

[Read full review](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-12742667)

---


#### What Are G2 Users Discussing About Invicti (formerly Netsparker)?

- [What is Invicti (formerly Netsparker) used for?](https://www.g2.com/discussions/what-is-invicti-formerly-netsparker-used-for) - 1 comment
- [What type of vulnerabilities Netsparker can automatically confirm?](https://www.g2.com/discussions/invicti-formerly-netsparker-what-type-of-vulnerabilities-netsparker-can-automatically-confirm)
- [What type of vulnerabilities Netsparker can automatically confirm?](https://www.g2.com/discussions/what-type-of-vulnerabilities-netsparker-can-automatically-confirm)
- [How much does Netsparker cost?](https://www.g2.com/discussions/invicti-formerly-netsparker-how-much-does-netsparker-cost-a1ecffa4-a216-4bcc-affd-40dc140f3e27)
- [How much does Netsparker cost?](https://www.g2.com/discussions/invicti-formerly-netsparker-how-much-does-netsparker-cost)

### 6. [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews)
Built for security practitioners, by security professionals, Nessus products by Tenable are the de-facto industry standard for vulnerability assessment. Nessus performs point-in-time assessments to help security professionals quickly and easily identify and fix vulnerabilities, including software flaws, missing patches, malware, and misconfigurations - across a variety of operating systems, devices, and applications. With features such as pre-built policies and templates, customizable reporting, group “snooze” functionality, and real-time updates, Nessus is designed to make vulnerability assessment simple, easy, and intuitive. The result: less time and effort to assess, prioritize, and remediate issues.


**Average Rating:** 4.5/5.0
**Total Reviews:** 289
**How Do G2 Users Rate Tenable Nessus?**

- **Has the product been a good partner in doing business?:** 8.7/10 (Category avg: 9.2/10)

**Who Is the Company Behind Tenable Nessus?**

- **Seller:** [Tenable](https://www.g2.com/sellers/tenable)
- **Company Website:** https://www.tenable.com/
- **HQ Location:** Columbia, MD
- **Twitter:** @TenableSecurity (87,752 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/25452/ (2,350 employees on LinkedIn®)
- **Ownership:** NASDAQ: TENB

**Who Uses This Product?**
- **Who Uses This:** Security Engineer, Network Engineer
- **Top Industries:** Information Technology and Services, Computer &amp; Network Security
- **Company Size:** 40% Mid-Market, 34% Enterprise


#### What Are Tenable Nessus's Pros and Cons?

**Pros:**

- Vulnerability Identification (20 reviews)
- Vulnerability Detection (18 reviews)
- Ease of Use (16 reviews)
- Automated Scanning (15 reviews)
- Features (13 reviews)

**Cons:**

- Slow Scanning (7 reviews)
- Expensive (6 reviews)
- Limited Features (6 reviews)
- Complexity (5 reviews)
- False Positives (5 reviews)


### What Do G2 Reviewers Say About Tenable Nessus?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **vulnerability identification** capabilities of Tenable Nessus, highlighting its accuracy and comprehensive coverage for security management.
- Users value the **advanced vulnerability detection** capabilities of Tenable Nessus, enhancing their security risk management effectively.
- Users value the **ease of use** of Tenable Nessus, appreciating its simple setup and user-friendly interface.
- Users value the **automated scanning** capabilities of Tenable Nessus, benefiting from its comprehensive and up-to-date vulnerability checks.
- Users commend the **comprehensive scanning capabilities** of Tenable Nessus, alongside its robust reporting and automation features.

**Cons:**

- Users note the **slow scanning** process, especially in large environments, significantly impacting resource usage and production times.
- Users find the **cost of running and maintaining Tenable Nessus** to be extensively high and burdensome.
- Users find **limited features** in Tenable Nessus, including restrictions on hosts, scans, and mobile application testing.
- Users find the **complexity** of Tenable Nessus challenging, especially with advanced features requiring significant technical knowledge.
- Users report that Nessus generates **false positives** , resulting in extra workload and hindering effective security management.

#### What Are Recent G2 Reviews of Tenable Nessus?

**"[Self-Contained Nessus Scanning with Full Control in Offline Environments](https://www.g2.com/survey_responses/tenable-nessus-review-12937668)"**

**Rating:** 4.0/5.0 stars
*— Verified User in Higher Education*

[Read full review](https://www.g2.com/survey_responses/tenable-nessus-review-12937668)

---

**"[Reliable and Efficient Vulnerability Management Tool](https://www.g2.com/survey_responses/tenable-nessus-review-12989192)"**

**Rating:** 5.0/5.0 stars
*— Mohsin H.*

[Read full review](https://www.g2.com/survey_responses/tenable-nessus-review-12989192)

---


#### What Are G2 Users Discussing About Tenable Nessus?

- [What is Nessus used for?](https://www.g2.com/discussions/what-is-nessus-used-for) - 1 comment
- [What types of vulnerabilities are scanned by Nessus?](https://www.g2.com/discussions/what-types-of-vulnerabilities-are-scanned-by-nessus)
- [Is there a free version of Nessus?](https://www.g2.com/discussions/is-there-a-free-version-of-nessus) - 2 comments
- [What is an advantage of using Nessus?](https://www.g2.com/discussions/what-is-an-advantage-of-using-nessus)
- [What does Nessus scan for?](https://www.g2.com/discussions/what-does-nessus-scan-for) - 1 comment

### 7. [GitLab](https://www.g2.com/products/gitlab/reviews)
GitLab is the most comprehensive AI-Powered DevSecOps platform that enables software innovation by empowering development, security, and operations teams to build better software, faster. With GitLab, teams can create, deliver, and manage code quickly and continuously instead of managing disparate tools and scripts. GitLab helps your teams across the complete DevSecOps lifecycle, from developing, securing, and deploying software. What makes us truly different? - Flexibility: Consume as a service or manage your own deployment - Cloud-Agnostic: Deploy anywhere with no vendor lock-in - No rip and replace: Scale to a platform approach at your own pace


**Average Rating:** 4.5/5.0
**Total Reviews:** 881
**How Do G2 Users Rate GitLab?**

- **Has the product been a good partner in doing business?:** 8.8/10 (Category avg: 9.2/10)
- **API / Integrations:** 9.2/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.0/10 (Category avg: 8.7/10)
- **Test Automation:** 9.1/10 (Category avg: 8.7/10)

**Who Is the Company Behind GitLab?**

- **Seller:** [GitLab Inc.](https://www.g2.com/sellers/gitlab-inc)
- **Company Website:** https://about.gitlab.com/
- **Year Founded:** 2014
- **HQ Location:** San Francisco, California
- **Twitter:** @gitlab (171,534 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/5101804/ (3,473 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer, Senior Software Engineer
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 37% Mid-Market, 36% Small-Business


#### What Are GitLab's Pros and Cons?

**Pros:**

- Ease of Use (40 reviews)
- Features (39 reviews)
- CI (33 reviews)
- Integrations (32 reviews)
- CD Integration (31 reviews)

**Cons:**

- Complexity (20 reviews)
- Difficult Learning (18 reviews)
- Confusing Interface (15 reviews)
- Complex User Interface (14 reviews)
- Learning Curve (13 reviews)


### What Do G2 Reviewers Say About GitLab?
*AI-generated summary from verified user reviews*

**Pros:**

- Users enjoy the **ease of use** of GitLab, thanks to its unified interface and streamlined CI/CD integrations.
- Users value the **all-in-one platform** of GitLab, which streamlines development processes and enhances team collaboration.
- Users praise GitLab for its **powerful CI/CD integration** , which simplifies automation and enhances pipeline efficiency.
- Users value GitLab&#39;s **s seamless integrations** allowing streamlined workflows without the need for multiple tools.
- Users value GitLab&#39;s **seamless CI/CD integration** , which simplifies automation and enhances overall development efficiency.

**Cons:**

- Users find the **complexity** of GitLab&#39;s group structure and management challenging, particularly for newcomers and infrastructure.
- Users face a **difficult learning curve** with GitLab, especially for those unfamiliar with its unique structure and features.
- Users find the **confusing interface** of GitLab overwhelming, especially new users navigating its complex functionalities and settings.
- Users find the **complex user interface** of GitLab requires significant effort to master and is not always intuitive.
- Users find the **steep learning curve** of GitLab challenging, especially when adapting to its comprehensive features and UI.

#### What Are Recent G2 Reviews of GitLab?

**"[GitLab’s All-in-One DevOps Platform with CI/CD and Security Scanning](https://www.g2.com/survey_responses/gitlab-review-12864830)"**

**Rating:** 5.0/5.0 stars
*— mani s.*

[Read full review](https://www.g2.com/survey_responses/gitlab-review-12864830)

---

**"[User-Friendly Gitlab with Powerful APIs for Smooth Integrations](https://www.g2.com/survey_responses/gitlab-review-12778582)"**

**Rating:** 4.5/5.0 stars
*— Prasanth N.*

[Read full review](https://www.g2.com/survey_responses/gitlab-review-12778582)

---


#### What Are G2 Users Discussing About GitLab?

- [What is GitLab used for?](https://www.g2.com/discussions/what-is-gitlab-used-for) - 2 comments
- [Why GitLab is better than Jenkins?](https://www.g2.com/discussions/why-gitlab-is-better-than-jenkins) - 1 comment
- [Is GitLab paid?](https://www.g2.com/discussions/is-gitlab-paid) - 5 comments, 2 upvotes
- [Is GitLab free software?](https://www.g2.com/discussions/is-gitlab-free-software) - 4 comments, 1 upvote
- [What can GitLab do?](https://www.g2.com/discussions/what-can-gitlab-do) - 2 comments

### 8. [Harness Platform](https://www.g2.com/products/harness-platform/reviews)
Simplify your developer experience with the world&#39;s first AI-augmented software delivery platform. Upgrade your software delivery with Harness&#39; innovative CI/CD, Feature Flags, Infrastructure as Code Management, and Chaos Engineering tools. We are a software delivery platform that helps developers and infrastructure engineers build and ship code for cloud and on-premise projects. We automate the continuous integration and continuous delivery (CI/CD) process to help teams build faster, ship more frequently, and improve quality, efficiency, and governance. We help companies in four key areas: Number one, we accelerate innovation through DevOps modernization. We provide an approach for software delivery that automates processes, reduces manual interventions, consolidates tools, and accelerates time-to-market for new products, features, and fixes. Number two, we improve developer experience. We give you the ability to attract, retain, and onboard high-caliber engineering talent while fostering a culture of continuous innovation and improvement. Number three, we secure software delivery. We give you the ability to integrate security into every phase of the SDLC. And last but not least is, we optimize cloud costs. We give you the ability to eliminate waste and to ensure that appropriate cloud resources are allocated at the right place at the right time.


**Average Rating:** 4.6/5.0
**Total Reviews:** 300
**How Do G2 Users Rate Harness Platform?**

- **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10)

**Who Is the Company Behind Harness Platform?**

- **Seller:** [Harness](https://www.g2.com/sellers/harness-25016f40-e80f-4417-bea8-39412055d17a)
- **Company Website:** https://harness.io/
- **Year Founded:** 2018
- **HQ Location:** San Francisco
- **Twitter:** @HarnessWealth (1,389 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/harnessinc/ (1,701 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer, DevOps Engineer
- **Top Industries:** Computer Software, Financial Services
- **Company Size:** 43% Enterprise, 38% Mid-Market


#### What Are Harness Platform's Pros and Cons?

**Pros:**

- Ease of Use (114 reviews)
- Features (73 reviews)
- Feature Flags (49 reviews)
- Easy Setup (40 reviews)
- Easy Integrations (31 reviews)

**Cons:**

- Missing Features (23 reviews)
- Limitations (20 reviews)
- Limited Features (20 reviews)
- Learning Curve (17 reviews)
- Poor UI (16 reviews)


### What Do G2 Reviewers Say About Harness Platform?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of Harness Platform, making implementation and configuration seamless and efficient.
- Users value the **ease of use and flexibility** in targeting features within the Harness Platform.
- Users appreciate the **user-friendly interface** of Harness Platform for easily managing and deploying feature flags.
- Users find the **easy setup** of Harness Platform quick and efficient, leading to immediate cost savings and satisfaction.
- Users value the **easy integrations** with SSO and tools that streamline software delivery on the Harness Platform.

**Cons:**

- Users note a **lack of multiple filters** in Harness Platform, limiting flexibility for advanced customization and usability.
- Users face **limitations in configuration management** , including issues with renaming and deleting toggles that complicate usability.
- Users note a **lack of multiple filters** and missing features in the Harness Platform, limiting its overall usability.
- Users find the **steep learning curve** challenging, particularly due to complicated settings and insufficient documentation.
- Users find the **UI complex and clunky** , which can complicate the overall user experience with the platform.

#### What Are Recent G2 Reviews of Harness Platform?

**"[Harness - World of automation](https://www.g2.com/survey_responses/harness-platform-review-11792426)"**

**Rating:** 4.5/5.0 stars
*— Sunil A.*

[Read full review](https://www.g2.com/survey_responses/harness-platform-review-11792426)

---

**"[Best tool for cost optimization and Repository](https://www.g2.com/survey_responses/harness-platform-review-11543262)"**

**Rating:** 5.0/5.0 stars
*— Satendra V.*

[Read full review](https://www.g2.com/survey_responses/harness-platform-review-11543262)

---


#### What Are G2 Users Discussing About Harness Platform?

- [What is Harness Continuous Delivery used for?](https://www.g2.com/discussions/what-is-harness-continuous-delivery-used-for) - 1 comment
- [What is Propelo used for?](https://www.g2.com/discussions/what-is-propelo-used-for)
- [What is Harness Cloud Cost Management used for?](https://www.g2.com/discussions/what-is-harness-cloud-cost-management-used-for)
- [What is the difference between harness and Jenkins?](https://www.g2.com/discussions/what-is-the-difference-between-harness-and-jenkins) - 1 comment
- [What is streaming Split IO?](https://www.g2.com/discussions/what-is-streaming-split-io) - 1 comment

### 9. [Intruder](https://www.g2.com/products/intruder/reviews)
Intruder&#39;s continuous exposure management platform helps security, IT, and engineering teams stop breaches before they start. By unifying AI penetration testing, attack surface monitoring, cloud security, and vulnerability management in one intuitive platform, Intruder gives stretched teams an always-on security source of truth. Our approach focuses on continuous automated scanning using expertise and agentic solutions to ensure that the findings we deliver are accurate, prioritized by real-world risk, and ready to act on. Founded in 2015 by Chris Wallis, a former ethical hacker turned corporate blue teamer, Intruder is now protecting over 3,000 companies worldwide. Intruder has been awarded multiple accolades, was selected for GCHQ’s Cyber Accelerator, included on Deloitte’s Tech Fast 50 2023 list as the fastest-growing cybersecurity company in the UK and was named in G2’s 2026 Best Software Awards.


**Average Rating:** 4.8/5.0
**Total Reviews:** 208
**How Do G2 Users Rate Intruder?**

- **Has the product been a good partner in doing business?:** 9.7/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.9/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.5/10 (Category avg: 8.7/10)
- **Test Automation:** 8.8/10 (Category avg: 8.7/10)

**Who Is the Company Behind Intruder?**

- **Seller:** [Intruder](https://www.g2.com/sellers/intruder)
- **Company Website:** https://www.intruder.io
- **Year Founded:** 2015
- **HQ Location:** London
- **Twitter:** @intruder_io (979 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/6443623/ (83 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** CTO, Director
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 57% Small-Business, 36% Mid-Market


#### What Are Intruder's Pros and Cons?

**Pros:**

- Ease of Use (41 reviews)
- Vulnerability Detection (30 reviews)
- Customer Support (25 reviews)
- User Interface (24 reviews)
- Vulnerability Identification (24 reviews)

**Cons:**

- Expensive (9 reviews)
- Slow Scanning (8 reviews)
- Licensing Issues (7 reviews)
- False Positives (6 reviews)
- Limited Features (6 reviews)


### What Do G2 Reviewers Say About Intruder?
*AI-generated summary from verified user reviews*

**Pros:**

- Users find the **ease of use** of Intruder perfect for configuring and scanning cloud resources efficiently.
- Users appreciate the **easy configuration of vulnerability detection** , making it simple to secure cloud resources efficiently.
- Users value the **exceptional customer support** from Intruder, highlighting quick responses and friendliness during their experience.
- Users value Intruder&#39;s **easy-to-use interface** and seamless integration, enhancing their cybersecurity management experience significantly.
- Users value the **easy configuration** of Intruder, allowing timely identification of vulnerabilities across cloud resources.

**Cons:**

- Users find the service to be **expensive** , suggesting improvements in pricing models for better value.
- Users report **slow scanning** as Intruder misses some vulnerabilities and lacks integration with comprehensive testing tools.
- Users struggle with the **licensing model** of Intruder, finding it complex and not immediately intuitive.
- Users experience **false positives** from Intruder, leading to confusion between critical and lower-risk vulnerabilities.
- Users find the **limited features** of Intruder frustrating, especially regarding reporting flexibility and license understanding.

#### What Are Recent G2 Reviews of Intruder?

**"[Reliable Service with Flexible Plans and Strong Support](https://www.g2.com/survey_responses/intruder-review-13110046)"**

**Rating:** 4.0/5.0 stars
*— Ossama M.*

[Read full review](https://www.g2.com/survey_responses/intruder-review-13110046)

---

**"[Revolutionized Our Vulnerability Management with Real-Time Insights](https://www.g2.com/survey_responses/intruder-review-13100568)"**

**Rating:** 4.5/5.0 stars
*— Verified User*

[Read full review](https://www.g2.com/survey_responses/intruder-review-13100568)

---


#### What Are G2 Users Discussing About Intruder?

- [Who developed intruder?](https://www.g2.com/discussions/who-developed-intruder)
- [What is an intruder in cyber security?](https://www.g2.com/discussions/what-is-an-intruder-in-cyber-security)
- [Is intruder IO safe?](https://www.g2.com/discussions/is-intruder-io-safe) - 1 comment
- [What is intruder software?](https://www.g2.com/discussions/what-is-intruder-software) - 1 comment

### 10. [Pynt - API Security Testing](https://www.g2.com/products/pynt-api-security-testing/reviews)
Pynt is an innovative API Security Testing platform exposing verified API threats through simulated attacks. Hundreds of companies rely on Pynt to continuously monitor, classify and attack poorly secured APIs, before hackers do.


**Average Rating:** 4.8/5.0
**Total Reviews:** 44
**How Do G2 Users Rate Pynt - API Security Testing?**

- **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.2/10)
- **API / Integrations:** 9.5/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.3/10 (Category avg: 8.7/10)
- **Test Automation:** 9.2/10 (Category avg: 8.7/10)

**Who Is the Company Behind Pynt - API Security Testing?**

- **Seller:** [Pynt](https://www.g2.com/sellers/pynt)
- **Year Founded:** 2022
- **HQ Location:** Tel Aviv, IL
- **Twitter:** @pynt_io (361 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/pynt (16 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Computer &amp; Network Security
- **Company Size:** 57% Small-Business, 23% Enterprise


#### What Are Pynt - API Security Testing's Pros and Cons?

**Pros:**

- Vulnerability Detection (20 reviews)
- Security (18 reviews)
- API Management (17 reviews)
- Easy Integrations (16 reviews)
- Automation (15 reviews)

**Cons:**

- Complex Setup (11 reviews)
- Setup Complexity (6 reviews)
- Limited Features (4 reviews)
- Poor Interface Design (4 reviews)
- UX Improvement (4 reviews)


### What Do G2 Reviewers Say About Pynt - API Security Testing?
*AI-generated summary from verified user reviews*

**Pros:**

- Users commend Pynt for its **auto-generation of security tests** , making vulnerability detection accessible for all development teams.
- Users commend Pynt for its **impressive security engine** that effectively identifies critical API vulnerabilities quickly.
- Users value the **seamless integration** of Pynt into CI/CD pipelines for automated API security testing and vulnerability identification.
- Users appreciate the **easy integration** of Pynt with their SDLC, enhancing automated API security without disrupting workflows.
- Users highlight the **automation capabilities** of Pynt, streamlining API security tasks and enhancing efficiency in development workflows.

**Cons:**

- Users find the **complex setup** of Pynt challenging, often requiring support which complicates the initial experience.
- Users find the **setup complexity** challenging, often needing support and seeking a more user-friendly interface.
- Users experience **limited features** in Pynt, particularly in reporting, dashboard options, and onboarding processes for complex APIs.
- Users find the **user interface challenging** , especially beginners who struggle with navigation and setup.
- Users find the **user interface challenging** , suggesting improvements for a more user-friendly experience in Pynt.

#### What Are Recent G2 Reviews of Pynt - API Security Testing?

**"[Comprehensive Review of Pynt Tool](https://www.g2.com/survey_responses/pynt-api-security-testing-review-10046930)"**

**Rating:** 5.0/5.0 stars
*— Vijayaraghavan (Vijay) V.*

[Read full review](https://www.g2.com/survey_responses/pynt-api-security-testing-review-10046930)

---

**"[Performance and Usability Review of pynt G2](https://www.g2.com/survey_responses/pynt-api-security-testing-review-11135423)"**

**Rating:** 5.0/5.0 stars
*— Devanggiri G.*

[Read full review](https://www.g2.com/survey_responses/pynt-api-security-testing-review-11135423)

---



### 11. [BugDazz API Scanner](https://www.g2.com/products/bugdazz-api-scanner/reviews)
BugDazz API Security Scanner by SecureLayer7 is a comprehensive tool designed to automatically detect vulnerabilities, misconfigurations, and security gaps in API endpoints, aiding security teams in protecting digital assets against increasing API-related threats and potential exploits. It offers real-time scanning capabilities, enabling the automatic detection of vulnerabilities as they arise. It supports authentication and access control management, allowing for the management of API controls within a single platform. BugDazz assists in achieving compliance by accelerating the generation of reports for standards such as PCI DSS and HIPAA. It integrates seamlessly with existing CI/CD pipelines, facilitating the acceleration of product rollouts. The scanner goes beyond standard OWASP Top 10 vulnerabilities, providing comprehensive protection against critical API security risks.


**Average Rating:** 4.9/5.0
**Total Reviews:** 11
**How Do G2 Users Rate BugDazz API Scanner?**

- **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.2/10)
- **API / Integrations:** 10.0/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.3/10 (Category avg: 8.7/10)
- **Test Automation:** 10.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind BugDazz API Scanner?**

- **Seller:** [SecureLayer7](https://www.g2.com/sellers/securelayer7)
- **Year Founded:** 2012
- **HQ Location:** Pune, Maharshtra
- **Twitter:** @SecureLayer7 (2,522 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/securelayer7/ (127 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 91% Small-Business, 9% Mid-Market


#### What Are BugDazz API Scanner's Pros and Cons?

**Pros:**

- Accuracy of Results (4 reviews)
- CD Integration (4 reviews)
- CI (4 reviews)
- Ease of Use (4 reviews)
- Scanning Technology (4 reviews)

**Cons:**

- Poor Documentation (2 reviews)
- Difficult Learning Curve (1 reviews)
- Lack of Guidance (1 reviews)
- Lack of Information (1 reviews)
- Learning Curve (1 reviews)


### What Do G2 Reviewers Say About BugDazz API Scanner?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **accuracy of results** from BugDazz, facilitating productive discussions and efficient workflows.
- Users appreciate the **smoother CI/CD integration** of BugDazz API Scanner, enhancing security scans without impacting build speed.
- Users appreciate the **seamless CI/CD integration** of BugDazz API Scanner, ensuring efficiency in security scans without delays.
- Users appreciate the **ease of use** of BugDazz API Scanner, seamlessly integrating into CI/CD pipelines and handling authentication effortlessly.
- Users value the **fast and accurate scanning technology** of BugDazz API Scanner, enhancing efficiency in CI/CD workflows.

**Cons:**

- Users find the **poor documentation** of BugDazz API Scanner lacking in clarity and guidance, hindering effective use.
- Users note a **difficult learning curve** with BugDazz API Scanner, requiring time to optimize scanning for various scenarios.
- Users feel the **lack of guidance** in documentation hinders their ability to utilize the BugDazz API Scanner effectively.
- Users feel that the **lack of information** in documentation hinders effective use of BugDazz API Scanner.
- Users find the **learning curve** in tuning scans somewhat challenging, though it&#39;s manageable with time and experience.

#### What Are Recent G2 Reviews of BugDazz API Scanner?

**"[Effective scanner and fits well into our release workflow](https://www.g2.com/survey_responses/bugdazz-api-scanner-review-12381013)"**

**Rating:** 4.5/5.0 stars
*— Kabilesh kumar K.*

[Read full review](https://www.g2.com/survey_responses/bugdazz-api-scanner-review-12381013)

---

**"[Good tool for security teams](https://www.g2.com/survey_responses/bugdazz-api-scanner-review-12300254)"**

**Rating:** 4.5/5.0 stars
*— Khaja moinuddin F.*

[Read full review](https://www.g2.com/survey_responses/bugdazz-api-scanner-review-12300254)

---



### 12. [Cobalt](https://www.g2.com/products/cobalt-io-cobalt/reviews)
Cobalt is the pioneer in pentesting as a service (PTaaS) and a leader in human-led, AI-powered offensive security services. We are focused on combining talent and technology with speed, scalability, and expertise. Thousands of customers and hundreds of partners rely on the Cobalt Offensive Security Platform, along with 500+ trusted security experts, to find and fix vulnerabilities across their environments. By enabling faster pentest launches, real-time collaboration with pentesters, and seamless integration with remediation workflows, we help organizations identify critical issues and accelerate risk mitigation so they can operate fearlessly and innovate securely.


**Average Rating:** 4.5/5.0
**Total Reviews:** 177
**How Do G2 Users Rate Cobalt?**

- **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.6/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.6/10 (Category avg: 8.7/10)
- **Test Automation:** 8.9/10 (Category avg: 8.7/10)

**Who Is the Company Behind Cobalt?**

- **Seller:** [Cobalt](https://www.g2.com/sellers/cobalt-33275b9c-c870-4949-8fd5-a68eb12f96bb)
- **Company Website:** https://cobalt.io/
- **Year Founded:** 2013
- **HQ Location:** San Francisco, California
- **Twitter:** @cobalt_io (8,462 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/cobalt_io/ (557 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Security Engineer, CTO
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 51% Mid-Market, 23% Small-Business


#### What Are Cobalt's Pros and Cons?

**Pros:**

- Pentesting Efficiency (50 reviews)
- Customer Support (40 reviews)
- Ease of Use (39 reviews)
- Communication (31 reviews)
- Reporting Quality (28 reviews)

**Cons:**

- Expensive (14 reviews)
- Limited Scope (8 reviews)
- Lack of Detail (7 reviews)
- Pricing Issues (6 reviews)
- Inaccuracy (5 reviews)


### What Do G2 Reviewers Say About Cobalt?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **pentesting efficiency** of Cobalt due to its seamless process and prompt report generation.
- Users commend Cobalt for its **exceptional customer support** , providing expertise and assistance throughout the pentesting process.
- Users value the **ease of use** of Cobalt, praising its seamless setup and quick reporting for pentests.
- Users value the **constant communication** during the process, enhancing collaboration and transparency throughout their experience with Cobalt.
- Users value the **immediate and comprehensive reports** from Cobalt, simplifying pentesting and ensuring compliance.

**Cons:**

- Users find Cobalt to be **expensive** , particularly for small organizations and due to costly credit requirements.
- Users find the **limited scope** of Cobalt&#39;s functionality inadequate, lacking depth in testing and real-world application coverage.
- Users find the **lack of detail** in instructions frustrating, as it complicates the setup process for tests.
- Users find Cobalt&#39;s **pricing model confusing** , suggesting revisions for clarity and integration costs.
- Users experience **inaccuracy in audits** with Cobalt, leading to confusion and inefficient resource allocation in security assessments.

#### What Are Recent G2 Reviews of Cobalt?

**"[Flexible Scheduling and Clear, Consistent Pen Test Communication](https://www.g2.com/survey_responses/cobalt-review-12678239)"**

**Rating:** 4.0/5.0 stars
*— Chris A.*

[Read full review](https://www.g2.com/survey_responses/cobalt-review-12678239)

---

**"[Collaborative, Real-World Pentesting with Actionable Findings](https://www.g2.com/survey_responses/cobalt-review-12683090)"**

**Rating:** 5.0/5.0 stars
*— Arpit G.*

[Read full review](https://www.g2.com/survey_responses/cobalt-review-12683090)

---


#### What Are G2 Users Discussing About Cobalt?

- [How do you use Cobalt?](https://www.g2.com/discussions/how-do-you-use-cobalt)
- [What is cobalt database?](https://www.g2.com/discussions/what-is-cobalt-database)
- [What is a cobalt developer?](https://www.g2.com/discussions/what-is-a-cobalt-developer)
- [Is cobalt an operating system?](https://www.g2.com/discussions/is-cobalt-an-operating-system)

### 13. [Edgescan](https://www.g2.com/products/edgescan/reviews)
What Is Edgescan? Edgescan is a cybersecurity company that helps organizations proactively identify, validate, and prioritize vulnerabilities across their applications, API’s and digital landscape. The company specializes in continuous vulnerability assessment, automated penetration testing, Attack Surface Management and Penetration Testing as a Service (PTaaS). Edgescan combines advanced automation with certified security experts, including professionals holding credentials such as CREST and OSCP, to deliver highly accurate and actionable security testing. This hybrid approach allows organizations to move beyond traditional point-in-time penetration tests and operate a continuous proactive cybersecurity program. The Edgescan platform is designed primarily for web application and API security, enabling organizations to continuously assess their attack surface and identify vulnerabilities throughout the development lifecycle but also delivers “full stack” coverage to detect host layer CVE’s. With a client retention rate of over 90%, Edgescan has built long-term partnerships by delivering measurable improvements in security efficiency, risk visibility, and vulnerability management. Key Features and Capabilities of Edgescan Automated Penetration Testing Edgescan uses intelligent automation to continuously assess applications, APIs, hosts, and cloud environments for vulnerabilities. This enables frequent, scalable security testing across modern and distributed architectures. Human‑Validated Testing Findings are reviewed and manually validated by certified security experts to eliminate false positives and provide deeper insight into real‑world exploitability. Each result is accurate, contextual, and actionable. Penetration Testing as a Service (PTaaS) Edgescan’s PTaaS model extends beyond automated testing by allowing expert testers to focus on vulnerabilities that require human analysis, including: • Business logic flaws • Authentication and authorization weaknesses • Context-dependent exposures • Complex attack chains and privilege escalation paths Cyber Analytics and AI‑Assisted Validation AI-driven analysis enhances detection, verifies exploitability, and increases accuracy. This reduces noise and gives security teams a clearer picture of genuine threats. Integrated Threat Intelligence Edgescan correlates vulnerabilities with real-world threat intelligence, including known exploits and ransomware activity to help organizations prioritize the most dangerous exposures first. Risk‑Based Prioritization Findings are prioritized based on exploitability, severity, threat context, and business impact, ensuring teams focus on the issues that matter most. Primary Value: What Edgescan Solves for Clients Edgescan enables organizations to shift from reactive vulnerability management to a continuous, proactive security model. Traditional scanners and periodic penetration tests frequently produce large volumes of unvalidated findings. This creates noise and forces security teams to spend hours determining which issues are real and critical. Edgescan solves this by combining: Automation for continuous testing Human expertise for validation and complex analysis Cyber analytics and AI for accuracy and prioritization Key Benefits Significant efficiency gains: reducing thousands of hours spent on manual validation. Higher accuracy, thanks to expert‑validated findings and reduced false positives. Clear prioritization, using threat intelligence and ransomware insights to highlight the highest‑risk exposures. Continuous security improvement, enabling rapid detection, faster remediation, and scalable vulnerability management. By unifying automation, human expertise, AI, and threat intelligence, Edgescan empowers organizations to maintain a continuous cybersecurity program that strengthens overall security posture while dramatically reducing operational burden.


**Average Rating:** 4.7/5.0
**Total Reviews:** 53
**How Do G2 Users Rate Edgescan?**

- **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.0/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.2/10 (Category avg: 8.7/10)
- **Test Automation:** 9.3/10 (Category avg: 8.7/10)

**Who Is the Company Behind Edgescan?**

- **Seller:** [Edgescan](https://www.g2.com/sellers/edgescan)
- **Company Website:** https://www.edgescan.com
- **Year Founded:** 2017
- **HQ Location:** Dublin, Dublin
- **Twitter:** @edgescan (2,256 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/2928425/ (89 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 31% Enterprise, 31% Mid-Market


#### What Are Edgescan's Pros and Cons?

**Pros:**

- Ease of Use (25 reviews)
- Vulnerability Detection (24 reviews)
- Customer Support (19 reviews)
- Vulnerability Identification (19 reviews)
- Features (18 reviews)

**Cons:**

- Complex UI (5 reviews)
- Limited Customization (5 reviews)
- Poor Interface Design (5 reviews)
- Slow Performance (5 reviews)
- UX Improvement (5 reviews)


### What Do G2 Reviewers Say About Edgescan?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate Edgescan&#39;s **ease of use** , enjoying its intuitive interface and streamlined navigation for effective vulnerability management.
- Users value the **automated vulnerability detection** with intuitive reports, timely alerts, and effective risk management features.
- Users value the **excellent customer support** from Edgescan, praising the team&#39;s responsiveness and proactive assistance.
- Users value the **thorough vulnerability identification** features of Edgescan, enhancing risk management and resolution efficiency.
- Users value the **robust features** of Edgescan, which streamline security assessments and enhance ease of use.

**Cons:**

- Users find the **complex UI** challenging initially, with navigation issues and a need for improved dashboard functionality.
- Users highlight **limited customization** options in Edgescan, particularly regarding filtering and admin functionalities.
- Users find the **poor interface design** of Edgescan challenging, affecting usability and data accessibility.
- Users report experiencing **slow performance** as scans can take longer due to manual review processes.
- Users find the **UI not user friendly** , lacking intuitiveness and advanced features for better navigation and data accessibility.

#### What Are Recent G2 Reviews of Edgescan?

**"[Exceptional Security Scanning with Top-Notch Support](https://www.g2.com/survey_responses/edgescan-review-9636105)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Entertainment*

[Read full review](https://www.g2.com/survey_responses/edgescan-review-9636105)

---

**"[Edgescan: Easy Setup, Clear Insights, and Expert Security Support](https://www.g2.com/survey_responses/edgescan-review-12224347)"**

**Rating:** 5.0/5.0 stars
*— Matt W.*

[Read full review](https://www.g2.com/survey_responses/edgescan-review-12224347)

---


#### What Are G2 Users Discussing About Edgescan?

- [What is edgescan used for?](https://www.g2.com/discussions/what-is-edgescan-used-for) - 1 comment

### 14. [Acunetix by Invicti](https://www.g2.com/products/acunetix-by-invicti/reviews)
Acunetix (by Invicti) is an automated application security testing tool that enables small security teams to tackle huge application security challenges. With fast scanning, comprehensive results, and intelligent automation, Acunetix helps organizations to reduce risk across all types of web applications, websites, and APIs. With Acunetix, security teams can: - Save time and resources by automating manual security processes - Work more seamlessly with developers, or embrace DevSecOps by integrating directly into development tools - Feel confident that every web application has been crawled entirely thanks to DAST + IAST scanning and intelligent crawling technology - Finally, make web application and API security a priority and not just an add-on with a solution that is dedicated to application and API security 100% of the time You can depend on Acunetix to meet your organization’s needs today and face the challenges of modern web technology together tomorrow.


**Average Rating:** 4.1/5.0
**Total Reviews:** 100
**How Do G2 Users Rate Acunetix by Invicti?**

- **Has the product been a good partner in doing business?:** 8.2/10 (Category avg: 9.2/10)
- **API / Integrations:** 7.9/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.7/10 (Category avg: 8.7/10)
- **Test Automation:** 8.1/10 (Category avg: 8.7/10)

**Who Is the Company Behind Acunetix by Invicti?**

- **Seller:** [Invicti Security](https://www.g2.com/sellers/invicti-security-04cb0d3d-fd96-45b2-83dc-2038fc9dac92)
- **Company Website:** https://www.invicti.com/
- **Year Founded:** 2018
- **HQ Location:** Austin, Texas
- **Twitter:** @InvictiSecurity (2,557 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/invicti-security/people/ (335 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 40% Enterprise, 34% Mid-Market


#### What Are Acunetix by Invicti's Pros and Cons?

**Pros:**

- Vulnerability Detection (7 reviews)
- Ease of Use (6 reviews)
- Security (5 reviews)
- Vulnerability Identification (5 reviews)
- Accuracy of Results (4 reviews)

**Cons:**

- Expensive (4 reviews)
- Complexity (3 reviews)
- Complex Setup (3 reviews)
- Slow Scanning (3 reviews)
- Difficult Customization (2 reviews)


### What Do G2 Reviewers Say About Acunetix by Invicti?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **accurate and fast vulnerability detection** of Acunetix, enhancing security with minimal false positives.
- Users value the **ease of use** of Acunetix, making vulnerability scanning and integration into workflows seamless.
- Users value Acunetix for its **robust security capabilities** , effectively enhancing web application safety with automatic vulnerability detection.
- Users commend the **accurate vulnerability identification** of Acunetix, enhancing web application security and ease of use.
- Users commend the **accuracy of results** from Acunetix, enhancing web application security with reliable vulnerability detection.

**Cons:**

- Users find Acunetix to be **expensive** , especially challenging for smaller teams or projects with limited budgets.
- Users find the **complexity in setup and resource consumption** of Acunetix challenging, especially for large applications.
- Users find the **complex setup** of Acunetix challenging, especially for initial configurations and tool integrations.
- Users find the **slow scanning** process frustrating, especially during extensive audits of large web applications.
- Users find **difficult customization** to be a challenge, requiring technical expertise and patience for effective integration and setup.

#### What Are Recent G2 Reviews of Acunetix by Invicti?

**"[Effortless Vulnerability Detection That Fits Seamlessly into DevSecOps](https://www.g2.com/survey_responses/acunetix-by-invicti-review-11909125)"**

**Rating:** 5.0/5.0 stars
*— Ranit D.*

[Read full review](https://www.g2.com/survey_responses/acunetix-by-invicti-review-11909125)

---

**"[Powerful Security Scanning Made Easy with Acunetix](https://www.g2.com/survey_responses/acunetix-by-invicti-review-11964967)"**

**Rating:** 5.0/5.0 stars
*— Deepesh V.*

[Read full review](https://www.g2.com/survey_responses/acunetix-by-invicti-review-11964967)

---


#### What Are G2 Users Discussing About Acunetix by Invicti?

- [How has Acunetix supported your web security efforts, and what features do you rely on most?](https://www.g2.com/discussions/how-has-acunetix-supported-your-web-security-efforts-and-what-features-do-you-rely-on-most)
- [What is Acunetix by Invicti used for?](https://www.g2.com/discussions/what-is-acunetix-by-invicti-used-for)

### 15. [Checkmarx](https://www.g2.com/products/checkmarx/reviews)
Checkmarx is a type of application security solution designed to help organizations safeguard their software development processes while enhancing efficiency and reducing costs. The Checkmarx One platform stands out in the realm of enterprise-grade security, offering comprehensive protection that addresses the complexities of modern software development, including legacy systems and AI-generated code. By scanning trillions of lines of code annually, Checkmarx enables companies to significantly lower their vulnerability density, ensuring a robust defense against potential threats. The platform is particularly beneficial for software development teams, security professionals, and organizations that prioritize secure coding practices. With the increasing reliance on AI technologies and the rapid pace of software development, Checkmarx One provides essential tools to mitigate risks associated with both traditional and emerging programming languages. Its innovative architecture, powered by autonomous security agents and AI-native intelligence, allows organizations to integrate security seamlessly into their development workflows, thereby accelerating development velocity without compromising on safety. Key features of Checkmarx One include Triage Assist, which employs an autonomous AI agent to prioritize vulnerabilities based on real-world exploitability and contextual risk. This feature empowers teams to concentrate their efforts on the most critical issues rather than getting bogged down by static severity scores. Additionally, Remediation Assist generates review-ready fixes for validated vulnerabilities prior to code merges, streamlining the secure delivery process and minimizing the manual overhead typically associated with remediation tasks. Developer Assist is another notable feature, acting as a standalone security agent that identifies risks during the coding process. By providing safe, explainable, and verified fixes directly within the integrated development environment (IDE), it supports developers in maintaining a stable and rapid development pace. Furthermore, the platform includes AI Supply Chain Security, which offers centralized governance and visibility for AI components embedded in applications, ensuring that hidden AI assets are discovered and managed effectively. Lastly, Checkmarx One incorporates advanced analysis engines such as AI SAST and DAST for AI, which enhance security measures across various environments. The AI SAST feature expands detection capabilities to cover emerging and unsupported programming languages, while the DAST for AI strengthens runtime protection in continuous integration and deployment (CI/CD) settings. Together, these features position Checkmarx One as a comprehensive solution for organizations looking to fortify their software development lifecycle against evolving threats.


**Average Rating:** 4.2/5.0
**Total Reviews:** 43
**How Do G2 Users Rate Checkmarx?**

- **Has the product been a good partner in doing business?:** 8.6/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.3/10 (Category avg: 8.6/10)
- **Detection Rate:** 5.0/10 (Category avg: 8.7/10)
- **Test Automation:** 6.7/10 (Category avg: 8.7/10)

**Who Is the Company Behind Checkmarx?**

- **Seller:** [Checkmarx](https://www.g2.com/sellers/checkmarx)
- **Company Website:** https://www.checkmarx.com
- **Year Founded:** 2006
- **HQ Location:** Paramus, NJ
- **Twitter:** @Checkmarx (7,284 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/checkmarx (1,019 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 57% Enterprise, 21% Mid-Market


#### What Are Checkmarx's Pros and Cons?

**Pros:**

- Implementation Ease (2 reviews)
- User Interface (2 reviews)
- Accuracy of Results (1 reviews)
- Automation Testing (1 reviews)
- Customer Support (1 reviews)

**Cons:**

- False Positives (1 reviews)
- Lacking Features (1 reviews)
- Missing Features (1 reviews)
- Poor Navigation (1 reviews)


### What Do G2 Reviewers Say About Checkmarx?
*AI-generated summary from verified user reviews*

**Pros:**

- Users find Checkmarx **easy to implement** , seamlessly integrating into existing repositories with a user-friendly interface.
- Users appreciate the **intuitive user interface** of Checkmarx, making security reviews simple and user-friendly.
- Users value the **accuracy of results** from Checkmarx, as it simplifies security reviews with detailed vulnerability insights.
- Users value the **automation testing capabilities** of Checkmarx, finding it easy to integrate and use effectively.
- Users praise the **exceptional customer support** at Checkmarx, ensuring prompt assistance for any unresolved issues.

**Cons:**

- Users face a high number of **false positives** in Checkmarx when working with Kotlin projects, affecting accuracy and reliability.
- Users report **lacking feature support** for Kotlin, leading to numerous false positives not seen in Java or JavaScript.
- Users experience **missing features** in Checkmarx, specifically regarding poor support for Kotlin that leads to false positives.
- Users find the **poor navigation** in Checkmarx frustrating, as the dashboard layout and display need enhancement.

#### What Are Recent G2 Reviews of Checkmarx?

**"[Centralized Source Code Security with Seamless CI/CD Integration](https://www.g2.com/survey_responses/checkmarx-review-12980590)"**

**Rating:** 5.0/5.0 stars
*— Aman M.*

[Read full review](https://www.g2.com/survey_responses/checkmarx-review-12980590)

---

**"[Checkmarx: Reliable SAST Solution for Strengthening Application Security](https://www.g2.com/survey_responses/checkmarx-review-13085824)"**

**Rating:** 4.0/5.0 stars
*— Naushad T.*

[Read full review](https://www.g2.com/survey_responses/checkmarx-review-13085824)

---


#### What Are G2 Users Discussing About Checkmarx?

- [What is Checkmarx used for?](https://www.g2.com/discussions/checkmarx-what-is-checkmarx-used-for) - 1 comment, 1 upvote
- [How much does Checkmarx cost?](https://www.g2.com/discussions/how-much-does-checkmarx-cost)
- [Which testing method does Checkmarx support?](https://www.g2.com/discussions/which-testing-method-does-checkmarx-support) - 1 comment
- [Does Checkmarx support DAST?](https://www.g2.com/discussions/does-checkmarx-support-dast) - 1 comment
- [What is Checkmarx used for?](https://www.g2.com/discussions/what-is-checkmarx-used-for) - 2 comments

### 16. [Jit](https://www.g2.com/products/jit/reviews)
Jit is redefining application security by introducing the first Agentic AppSec Platform, seamlessly blending human expertise with AI-driven automation. Designed for modern development teams, Jit empowers organizations to proactively manage security risks across the entire software development lifecycle.​ AI-Powered Agents Jit&#39;s AI Agents, such as SERA (Security Evaluation and Remediation Agent) and COTA (Communication, Ops, and Ticketing Agent), collaborate with your teams to automate vulnerability triage, risk assessment, and remediation processes, significantly reducing manual workloads. ​ Comprehensive Security Scanning Achieve full-stack security coverage with integrated scanners for SAST, DAST, SCA, IaC, CSPM, and more. Jit&#39;s platform ensures continuous monitoring and immediate feedback on code changes, facilitating rapid identification and resolution of security issues. ​ Developer-Centric Experience With integrations into popular IDEs and CI/CD pipelines, Jit provides developers with contextual security insights directly within their workflows, promoting a shift-left approach without disrupting productivity. ​ Agentic AI for AppSec Teams Risk-Based Prioritization Utilizing the Model Context Protocol (MCP), Jit evaluates vulnerabilities in the context of runtime environments, business impact, and compliance requirements, enabling teams to focus on the most critical risks. ​ Seamless Integrations Jit integrates with a wide array of tools, including GitHub, GitLab, AWS, Azure, GCP, Jira, Slack, and more, ensuring that security processes are embedded within your existing technology stack. ​


**Average Rating:** 4.5/5.0
**Total Reviews:** 43
**How Do G2 Users Rate Jit?**

- **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.7/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.0/10 (Category avg: 8.7/10)
- **Test Automation:** 8.5/10 (Category avg: 8.7/10)

**Who Is the Company Behind Jit?**

- **Seller:** [jit](https://www.g2.com/sellers/jit)
- **Year Founded:** 2021
- **HQ Location:** Boston, MA
- **Twitter:** @jit_io (522 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/jit/ (150 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Financial Services
- **Company Size:** 44% Mid-Market, 42% Small-Business


#### What Are Jit's Pros and Cons?

**Pros:**

- Security (10 reviews)
- Ease of Use (7 reviews)
- Easy Integrations (7 reviews)
- Efficiency (7 reviews)
- Automation (6 reviews)

**Cons:**

- Integration Issues (4 reviews)
- Limited Features (4 reviews)
- Limited Integration (4 reviews)
- Poor Documentation (4 reviews)
- Complexity (3 reviews)


### What Do G2 Reviewers Say About Jit?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **seamless integration of security into development workflows** , highlighting efficiency and centralized management.
- Users find Jit to be **very easy to use** , streamlining integration of security into development workflows effectively.
- Users love the **easy integrations** of Jit, streamlining security within their development workflows effortlessly.
- Users appreciate the **efficiency** of Jit, which reduces waste and streamlines processes, enhancing overall productivity.
- Users value the **automation of security controls** in Jit, streamlining workflows and enhancing efficiency in development processes.

**Cons:**

- Users face **integration issues** with Jit, particularly in enterprise environments and with certain CI tools requiring extra setup.
- Users find the **limited features** of Jit restrict complex setups and hinder comprehensive analytics and reporting.
- Users feel the **limited integration** with enterprise environments restricts Jit&#39;s full potential and usability.
- Users find the **documentation lacking** , particularly for advanced configurations, impacting their overall experience with Jit.
- Users find the **complexity** of Jit challenging, particularly with advanced integrations and configuration for newcomers.

#### What Are Recent G2 Reviews of Jit?

**"[Exploring jit a personal review](https://www.g2.com/survey_responses/jit-review-11751139)"**

**Rating:** 4.0/5.0 stars
*— Mohamed A.*

[Read full review](https://www.g2.com/survey_responses/jit-review-11751139)

---

**"[Helpful Tool for Integrating Security in Mobile App Development](https://www.g2.com/survey_responses/jit-review-11750234)"**

**Rating:** 4.0/5.0 stars
*— Ali A.*

[Read full review](https://www.g2.com/survey_responses/jit-review-11750234)

---



### 17. [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews)
Veracode helps companies that innovate through software deliver secure code on time. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline,empower developers to fix security defects, and scales your program through best practices to achieve your desired outcomes. Veracode covers your all your AppSec needs in one solution through a combination of five analysis types available for 24 programming languages, 77 frameworks, and application types as varied as microservices, mainframe and mobile apps.


**Average Rating:** 3.8/5.0
**Total Reviews:** 25
**How Do G2 Users Rate Veracode Application Security Platform?**

- **Has the product been a good partner in doing business?:** 7.9/10 (Category avg: 9.2/10)
- **API / Integrations:** 7.9/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.0/10 (Category avg: 8.7/10)
- **Test Automation:** 9.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind Veracode Application Security Platform?**

- **Seller:** [VERACODE](https://www.g2.com/sellers/veracode)
- **Year Founded:** 2006
- **HQ Location:** Burlington, MA
- **Twitter:** @Veracode (21,950 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/27845/ (502 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services
- **Company Size:** 69% Enterprise, 31% Mid-Market


#### What Are Veracode Application Security Platform's Pros and Cons?

**Pros:**

- Security (5 reviews)
- Vulnerability Detection (5 reviews)
- Automated Scanning (3 reviews)
- Detection (3 reviews)
- Ease of Use (3 reviews)

**Cons:**

- Expensive (2 reviews)
- Lack of Information (2 reviews)
- Licensing Issues (2 reviews)
- Poor Customer Support (2 reviews)
- Pricing Issues (2 reviews)


### What Do G2 Reviewers Say About Veracode Application Security Platform?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **comprehensive security analysis** offered by Veracode, effectively addressing vulnerabilities and streamlining development.
- Users value Veracode for its **effective vulnerability detection** , ensuring high-security standards and seamless integration into development processes.
- Users appreciate the **automated scanning** feature of Veracode, which effectively identifies vulnerabilities and enhances security standards.
- Users value the **effective detection capabilities** of Veracode, enabling thorough security checks and vulnerability identification.
- Users value the **ease of use** of Veracode, benefiting from seamless integration and comprehensive security analysis.

**Cons:**

- Users find the platform to be **expensive** , with rising costs and unjustifiable investment in customer success packages.
- Users face a **lack of information** regarding features and services, leading to confusion and unmet expectations.
- Users express concerns about **licensing issues** , citing high costs, complex models, and unmet feature expectations.
- Users report **poor customer support** , experiencing pressure from sales and challenges with feature delivery and documentation.
- Users express concerns over **pricing issues** , citing increased costs, complex licensing, and pressure from sales executives.

#### What Are Recent G2 Reviews of Veracode Application Security Platform?

**"[Streamlined Security, Effortless Integration](https://www.g2.com/survey_responses/veracode-application-security-platform-review-11757799)"**

**Rating:** 5.0/5.0 stars
*— Bhanu Prakash M.*

[Read full review](https://www.g2.com/survey_responses/veracode-application-security-platform-review-11757799)

---

**"[Clear, Unified View of Application Capabilities](https://www.g2.com/survey_responses/veracode-application-security-platform-review-12910910)"**

**Rating:** 4.5/5.0 stars
*— Christopher S.*

[Read full review](https://www.g2.com/survey_responses/veracode-application-security-platform-review-12910910)

---


#### What Are G2 Users Discussing About Veracode Application Security Platform?

- [What is difference between veracode and SonarQube?](https://www.g2.com/discussions/what-is-difference-between-veracode-and-sonarqube)
- [What is veracode software composition analysis?](https://www.g2.com/discussions/what-is-veracode-software-composition-analysis)
- [What is veracode used for?](https://www.g2.com/discussions/what-is-veracode-used-for)
- [What is the veracode application security platform?](https://www.g2.com/discussions/what-is-the-veracode-application-security-platform)

### 18. [Veracode Dynamic Analysis](https://www.g2.com/products/veracode-dynamic-analysis/reviews)
Veracode Dynamic Analysis helps companies scan their web applications for exploitable vulnerabilities at scale. With an ability to test thousands of applications simultaneously and a less than 1% false positive rate coupled with comprehensive remediation guidance, customers are able to rapidly reduce their risk of a breach across their web applications.The solution integrates with Veracode Discovery, which maps your web attack surface, to scan inventoried sites


**Average Rating:** 4.3/5.0
**Total Reviews:** 14
**How Do G2 Users Rate Veracode Dynamic Analysis?**

- **Has the product been a good partner in doing business?:** 7.3/10 (Category avg: 9.2/10)
- **API / Integrations:** 9.4/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.2/10 (Category avg: 8.7/10)
- **Test Automation:** 9.4/10 (Category avg: 8.7/10)

**Who Is the Company Behind Veracode Dynamic Analysis?**

- **Seller:** [VERACODE](https://www.g2.com/sellers/veracode)
- **Year Founded:** 2006
- **HQ Location:** Burlington, MA
- **Twitter:** @Veracode (21,950 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/27845/ (502 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 75% Enterprise, 19% Mid-Market



#### What Are Recent G2 Reviews of Veracode Dynamic Analysis?

**"[Dynamic Analysis Security Testing (DAST)](https://www.g2.com/survey_responses/veracode-dynamic-analysis-review-5100493)"**

**Rating:** 4.0/5.0 stars
*— Syed Ubaid A.*

[Read full review](https://www.g2.com/survey_responses/veracode-dynamic-analysis-review-5100493)

---

**"[Very Low False Positives and Actionable Results](https://www.g2.com/survey_responses/veracode-dynamic-analysis-review-12516427)"**

**Rating:** 4.5/5.0 stars
*— Tarun K.*

[Read full review](https://www.g2.com/survey_responses/veracode-dynamic-analysis-review-12516427)

---



### 19. [Pentest-Tools.com](https://www.g2.com/products/pentest-tools-com/reviews)
Discover what&#39;s possible. Prove what&#39;s real. With proprietary tech and key experts in offensive security. Pentest-Tools.com is built for actual security testing, not just detection. We provide the coverage, consolidation, and automation cybersecurity teams need to optimize vulnerability assessment workflows. And we ensure the depth, control, and customization on which professional pentesters count to increase engagement quality and profitability. ✔️ Comprehensive toolkit with real-world coverage ✔️ Validated findings rich with evidence ✔️ Automation options with granular control ✔️ Flexible, high-quality reporting ✔️ Workflow-friendly by design Optimize and scale penetration testing and vulnerability assessment workflows - without sacrificing accuracy, control, or manual testing depth. 🎯 Attack surface mapping and recon 🎯 Comprehensive vulnerability scanning 🎯 Vulnerability exploitation 🎯 Customizable pentest reporting and data exports 🎯 Continuous vulnerability monitoring In our company, we build what we use We launched Pentest-Tools.com in 2017 as a team of professional penetration testers - and we&#39;ve kept that mindset ever since. Our experts still drive product development today, focusing relentlessly on accuracy, speed, and control. Every new feature, detection, and workflow comes from real-world experience. We constantly improve the product with updated attack techniques, smarter automation, and validation that reflects how malicious hackers actually operate - so your team can deliver security work that&#39;s faster, more visible, and built on proof.


**Average Rating:** 4.8/5.0
**Total Reviews:** 105
**How Do G2 Users Rate Pentest-Tools.com?**

- **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10)
- **API / Integrations:** 7.3/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.2/10 (Category avg: 8.7/10)
- **Test Automation:** 8.3/10 (Category avg: 8.7/10)

**Who Is the Company Behind Pentest-Tools.com?**

- **Seller:** [Pentest-Tools.com](https://www.g2.com/sellers/pentest-tools-com)
- **Year Founded:** 2017
- **HQ Location:** Sectorul 1, Bucharest
- **Twitter:** @pentesttoolscom (4,062 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/33242531/ (64 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** CEO
- **Top Industries:** Computer &amp; Network Security, Information Technology and Services
- **Company Size:** 66% Small-Business, 19% Mid-Market


#### What Are Pentest-Tools.com's Pros and Cons?

**Pros:**

- Ease of Use (6 reviews)
- Automation (4 reviews)
- Customer Support (4 reviews)
- Pentesting Efficiency (4 reviews)
- Scheduling (4 reviews)

**Cons:**

- Difficult Customization (2 reviews)
- Limited Features (2 reviews)
- Slow Scanning (2 reviews)
- Bugs (1 reviews)
- Confusing Interface (1 reviews)


### What Do G2 Reviewers Say About Pentest-Tools.com?
*AI-generated summary from verified user reviews*

**Pros:**

- Users highly value the **ease of use** of Pentest-Tools.com, appreciating its intuitive interface and straightforward functionality.
- Users find the **automation** features of Pentest-Tools.com invaluable for efficient scanning and simplified vulnerability management.
- Users appreciate the **quick and helpful customer support** of Pentest-Tools.com, enhancing their overall experience significantly.
- Users value the **efficiency and ease of use** of Pentest-Tools.com for effective vulnerability assessments and reporting.
- Users highlight the **efficient scheduling features** of Pentest-Tools.com, significantly saving time in vulnerability management tasks.

**Cons:**

- Users find **difficult customization** in Pentest-Tools.com limits personalization options and impacts report flexibility.
- Users find the **limited report customization** and unexpected changes frustrating, impacting their efficiency with Pentest-Tools.com.
- Users find the **slow scanning** of Pentest-Tools.com a hassle, impacting efficiency during testing processes.
- Users find the **bugs in findings** require extra manual work, which can be annoying, especially for small teams.
- Users find the **interface confusing** , making navigation between tools and scans less intuitive and frustrating.

#### What Are Recent G2 Reviews of Pentest-Tools.com?

**"[Easy Website Setup and Internal Pen Testing with Plug-ins](https://www.g2.com/survey_responses/pentest-tools-com-review-13119956)"**

**Rating:** 4.5/5.0 stars
*— Brad L.*

[Read full review](https://www.g2.com/survey_responses/pentest-tools-com-review-13119956)

---

**"[Easy to Use, Fast Scans, and Responsive Support](https://www.g2.com/survey_responses/pentest-tools-com-review-13119086)"**

**Rating:** 4.5/5.0 stars
*— Remko S.*

[Read full review](https://www.g2.com/survey_responses/pentest-tools-com-review-13119086)

---


#### What Are G2 Users Discussing About Pentest-Tools.com?

- [What is Pentest-Tools.com used for?](https://www.g2.com/discussions/what-is-pentest-tools-com-used-for)
- [How do you perform a VAPT?](https://www.g2.com/discussions/how-do-you-perform-a-vapt) - 1 comment
- [What are the security testing tools?](https://www.g2.com/discussions/what-are-the-security-testing-tools) - 1 comment
- [What are VAPT tools?](https://www.g2.com/discussions/what-are-vapt-tools) - 1 comment
- [What is Pentest tool?](https://www.g2.com/discussions/what-is-pentest-tool) - 1 comment

### 20. [Bright Security](https://www.g2.com/products/bright-security/reviews)
Bright Security’s dev-centric DAST platform empowers both developers and AppSec professionals with enterprise-grade security testing capabilities for web applications, APIs, and GenAI and LLM applications. Bright knows how to deliver the right tests, at the right time in the SDLC, in developers and AppSec tools and stacks of choice with minimal false positives and alert fatigue.


**Average Rating:** 4.7/5.0
**Total Reviews:** 29
**How Do G2 Users Rate Bright Security?**

- **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.3/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.2/10 (Category avg: 8.7/10)
- **Test Automation:** 8.9/10 (Category avg: 8.7/10)

**Who Is the Company Behind Bright Security?**

- **Seller:** [Bright Security ](https://www.g2.com/sellers/bright-security)
- **Year Founded:** 2018
- **HQ Location:** San Rafael
- **Twitter:** @BrightAppSec (1,511 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/brightappsec (111 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer &amp; Network Security, Information Technology and Services
- **Company Size:** 52% Enterprise, 34% Mid-Market


#### What Are Bright Security's Pros and Cons?

**Pros:**

- Accuracy of Results (4 reviews)
- Automated Scanning (4 reviews)
- Ease of Use (4 reviews)
- Detection (3 reviews)
- Easy Integrations (3 reviews)

**Cons:**

- Learning Curve (3 reviews)
- Complex Setup (2 reviews)
- Setup Complexity (2 reviews)
- Complexity (1 reviews)
- Confusing Interface (1 reviews)


### What Do G2 Reviewers Say About Bright Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **accuracy of results** from Bright Security, allowing focus on genuine vulnerabilities in development.
- Users value the **modern and efficient automated scanning** of Bright Security, enhancing the development workflow with relevant actionable insights.
- Users praise the **ease of use** of Bright Security, highlighting its seamless integration into modern development workflows.
- Users value the **effective detection of relevant vulnerabilities** by Bright Security, enhancing workflow and simplifying remediation.
- Users value the **easy integrations** of Bright Security, enhancing their CI/CD workflows without hindering deployment speed.

**Cons:**

- Users experience a **steep learning curve** with Bright Security, especially during the initial setup and configuration process.
- Users find the **complex setup** challenging, especially with a steep learning curve for configurations and customization.
- Users find the **setup complexity** challenging, particularly due to the learning curve for scan configurations.
- Users find the **complexity of initial setup** challenging and suggest improved onboarding for better understanding.
- Users find the **confusing interface** of Bright Security challenging, struggling to navigate the dense dashboard and settings.

#### What Are Recent G2 Reviews of Bright Security?

**"[Modern, Insightful, and Seamlessly Fits Our Workflow](https://www.g2.com/survey_responses/bright-security-review-12164035)"**

**Rating:** 4.5/5.0 stars
*— Gauri K.*

[Read full review](https://www.g2.com/survey_responses/bright-security-review-12164035)

---

**"[Reliable and Developer-Friendly Security Solution](https://www.g2.com/survey_responses/bright-security-review-12157897)"**

**Rating:** 4.5/5.0 stars
*— John S.*

[Read full review](https://www.g2.com/survey_responses/bright-security-review-12157897)

---



### 21. [HCL AppScan](https://www.g2.com/products/hcl-appscan/reviews)
HCL AppScan is a comprehensive suite of market-leading application security testing solutions (SAST, DAST, IAST, SCA, API), available on-premises and on-cloud. These powerful DevSecOps tools pinpoint application vulnerabilities, allowing for quick remediation in every phase of the software development lifecycle. Fast and Accurate Scanning for Secure DevOps Developers and DevOps teams can quickly and accurately scan code, applications, and APIs for security vulnerabilities while applications are being developed. This allows companies to fix issues at the earliest stages of the software development lifecycle, when it is least costly to the business. Focus on the Fix Continuous monitoring with IAST, along with auto issue correlation with DAST and SAST scan results allows DevOps teams to group and prioritize findings for faster, more streamlined remediation. Enterprise Management for Security Teams Centralized, easy-to-use dashboards provide visibility and oversight of all security scanning and remediation, and allow users to set scan parameters and compliance policies.


**Average Rating:** 4.1/5.0
**Total Reviews:** 74
**How Do G2 Users Rate HCL AppScan?**

- **Has the product been a good partner in doing business?:** 8.8/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.1/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.2/10 (Category avg: 8.7/10)
- **Test Automation:** 7.9/10 (Category avg: 8.7/10)

**Who Is the Company Behind HCL AppScan?**

- **Seller:** [HCL Technologies](https://www.g2.com/sellers/hcl-technologies)
- **Company Website:** https://hcl-software.com/
- **Year Founded:** 1999
- **HQ Location:** Noida, Uttar Pradesh
- **Twitter:** @hcltech (425,043 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/1756/ (246,058 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer &amp; Network Security
- **Company Size:** 54% Enterprise, 28% Small-Business



#### What Are Recent G2 Reviews of HCL AppScan?

**"[Easy to setup and powerful application security](https://www.g2.com/survey_responses/hcl-appscan-review-9387983)"**

**Rating:** 4.0/5.0 stars
*— chandramohan K.*

[Read full review](https://www.g2.com/survey_responses/hcl-appscan-review-9387983)

---

**"[A Testing Suite that packs quite a punch!](https://www.g2.com/survey_responses/hcl-appscan-review-9215302)"**

**Rating:** 5.0/5.0 stars
*— Pranav U.*

[Read full review](https://www.g2.com/survey_responses/hcl-appscan-review-9215302)

---


#### What Are G2 Users Discussing About HCL AppScan?

- [What is HCL AppScan used for?](https://www.g2.com/discussions/what-is-hcl-appscan-used-for)
- [What does HCL AppScan do?](https://www.g2.com/discussions/what-does-hcl-appscan-do)
- [Who owns AppScan?](https://www.g2.com/discussions/who-owns-appscan) - 1 comment
- [Is AppScan free?](https://www.g2.com/discussions/is-appscan-free) - 1 comment

### 22. [Indusface WAS](https://www.g2.com/products/indusface-was/reviews)
Indusface WAS (Web Application Scanner) provides comprehensive managed dynamic application security testing (DAST) solution. It is a zero-touch, non-intrusive cloud-based solution that provides daily monitoring for web applications, checking for systems and application vulnerabilities, and malware. Indusface WAS with its automated scans &amp; manual pentesting done by certified security experts ensures none of the OWASP Top10, business logic vulnerabilities, and malware go unnoticed. With zero false-positive guarantee and comprehensive reporting with remediation guidance, Indusface web app scanning ensures developers to quickly fix vulnerabilities seamlessly.


**Average Rating:** 4.6/5.0
**Total Reviews:** 63
**How Do G2 Users Rate Indusface WAS?**

- **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10)
- **API / Integrations:** 9.7/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.4/10 (Category avg: 8.7/10)
- **Test Automation:** 9.4/10 (Category avg: 8.7/10)

**Who Is the Company Behind Indusface WAS?**

- **Seller:** [Indusface](https://www.g2.com/sellers/indusface)
- **Year Founded:** 2012
- **HQ Location:** Vadodara
- **Twitter:** @Indusface (3,472 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/indusface/ (180 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 52% Small-Business, 37% Mid-Market


#### What Are Indusface WAS's Pros and Cons?

**Pros:**

- Vulnerability Detection (19 reviews)
- Vulnerability Identification (16 reviews)
- Customer Support (6 reviews)
- Scanning Efficiency (6 reviews)
- Security (6 reviews)

**Cons:**

- Expensive (2 reviews)
- Confusing Interface (1 reviews)
- Lacking Features (1 reviews)
- Limited Scope (1 reviews)
- Poor Interface Design (1 reviews)


### What Do G2 Reviewers Say About Indusface WAS?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **effective vulnerability detection** of Indusface WAS, ensuring rapid prioritization and reliable remediation support.
- Users value the **consistent and reliable vulnerability detection** of Indusface WAS, ensuring secure deployments with ease.
- Users commend the **excellent customer support** of Indusface WAS, ensuring timely responses and effective issue resolution.
- Users value the **scanning efficiency** of Indusface WAS for detailed vulnerability reports and timely updates after deployments.
- Users value the **thorough security scans** from Indusface WAS, enhancing their vulnerability identification and accreditation processes.

**Cons:**

- Users feel that the pricing for Indusface WAS is **expensive** , especially regarding staging and development environment scans.
- Users find the **confusing interface** of Indusface WAS somewhat dated and in need of improvements for better usability.
- Users find the **lack of features** for staging and development environments limits their testing in Indusface WAS.
- Users find the **limited scope of pricing for staging environments** restricts functionality and increases testing challenges.
- Users find the **interface design outdated and unintuitive** , often wishing for a more user-friendly experience.

#### What Are Recent G2 Reviews of Indusface WAS?

**"[Vulnerability and malware scanner in one](https://www.g2.com/survey_responses/indusface-was-review-11323529)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Insurance*

[Read full review](https://www.g2.com/survey_responses/indusface-was-review-11323529)

---

**"[Great support Given by shivani](https://www.g2.com/survey_responses/indusface-was-review-11074325)"**

**Rating:** 5.0/5.0 stars
*— Sai N.*

[Read full review](https://www.g2.com/survey_responses/indusface-was-review-11074325)

---


#### What Are G2 Users Discussing About Indusface WAS?

- [What is Indusface WAS used for?](https://www.g2.com/discussions/what-is-indusface-was-used-for)

### 23. [Akto API Security Platform](https://www.g2.com/products/akto-api-security-platform/reviews)
Akto is a trusted platform for application security and product security teams to build an enterprise-grade API security program throughout their DevSecOps pipeline. Our industry-leading suite of — API discovery, API security posture management, sensitive data exposure, and API security testing solutions enables organizations to gain visibility in their API security posture. 1,000+ Application Security teams globally trust Akto for their API security needs. Akto use cases: 1. API Discovery 2. API Security Testing in CI/CD 3. API Security Posture Management 4. Authentication and Authorization Testing 5. Sensitive data Exposure 6. Shift left in DevSecOps


**Average Rating:** 4.5/5.0
**Total Reviews:** 54
**How Do G2 Users Rate Akto API Security Platform?**

- **Has the product been a good partner in doing business?:** 9.1/10 (Category avg: 9.2/10)
- **API / Integrations:** 9.0/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.1/10 (Category avg: 8.7/10)
- **Test Automation:** 8.8/10 (Category avg: 8.7/10)

**Who Is the Company Behind Akto API Security Platform?**

- **Seller:** [Akto.io](https://www.g2.com/sellers/akto-io)
- **Company Website:** https://www.akto.io
- **Year Founded:** 2022
- **HQ Location:** San Francisco, California
- **Twitter:** @Aktodotio (1,357 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/akto-io/ (29 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Financial Services, Information Technology and Services
- **Company Size:** 44% Mid-Market, 40% Small-Business


#### What Are Akto API Security Platform's Pros and Cons?

**Pros:**

- Security (11 reviews)
- Cybersecurity (8 reviews)
- Ease of Use (8 reviews)
- API Management (7 reviews)
- Automation Testing (7 reviews)

**Cons:**

- Complex Setup (7 reviews)
- Setup Complexity (6 reviews)
- API Management (4 reviews)
- Complexity (4 reviews)
- Difficult Configuration (4 reviews)


### What Do G2 Reviewers Say About Akto API Security Platform?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate Akto&#39;s **automated security testing** for APIs, enhancing their security practices seamlessly within their CI/CD pipeline.
- Users admire the **efficient autonomous AI agents** of Akto, enhancing API security with seamless integration and scalability.
- Users appreciate the **ease of use** of Akto API Security Platform, highlighting its intuitive dashboard and seamless integration.
- Users value the **seamless integration and efficiency** of Akto API Security, enhancing their CI/CD security processes effortlessly.
- Users appreciate the **seamless integration of automation testing** within Akto, enhancing their CI/CD workflows effortlessly.

**Cons:**

- Users face a **complex initial setup** with Akto API Security Platform, requiring significant understanding and improved documentation.
- Users face **complex initial setup** challenges with Akto, often struggling with poor documentation and steep learning curves.
- Users face a steep **learning curve** with Akto API Security Platform, making initial setup and understanding challenging.
- Users find the **learning curve steep** for Akto API Security Platform, affecting new users&#39; onboarding and configuration experience.
- Users find the **difficult configuration** of Akto API Security Platform challenging, especially for newcomers navigating its complexities.

#### What Are Recent G2 Reviews of Akto API Security Platform?

**"[Easy to Implement, Clear API Security Visibility, and Responsive Support](https://www.g2.com/survey_responses/akto-api-security-platform-review-12272742)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Information Technology and Services*

[Read full review](https://www.g2.com/survey_responses/akto-api-security-platform-review-12272742)

---

**"[Easy to Use API Security Tool That Helps Save Time](https://www.g2.com/survey_responses/akto-api-security-platform-review-11240428)"**

**Rating:** 4.5/5.0 stars
*— ashish d.*

[Read full review](https://www.g2.com/survey_responses/akto-api-security-platform-review-11240428)

---



### 24. [Contrast Security](https://www.g2.com/products/contrast-security-contrast-security/reviews)
Contrast Security is the global leader in Application Detection and Response (ADR), empowering organizations to see and stop attacks on applications and APIs in real time. Contrast embeds patented threat sensors directly into the software, delivering unmatched visibility and protection. With continuous, real-time defense, Contrast uncovers hidden application layer risks that traditional solutions miss. Contrast’s powerful Runtime Security technology equips developers, AppSec teams and SecOps with one platform that proactively protects and defends applications and APIs against evolving threats.


**Average Rating:** 4.5/5.0
**Total Reviews:** 49
**How Do G2 Users Rate Contrast Security?**

- **Has the product been a good partner in doing business?:** 9.0/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.7/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.2/10 (Category avg: 8.7/10)
- **Test Automation:** 8.3/10 (Category avg: 8.7/10)

**Who Is the Company Behind Contrast Security?**

- **Seller:** [Contrast Security](https://www.g2.com/sellers/contrast-security)
- **Company Website:** https://contrastsecurity.com
- **Year Founded:** 2014
- **HQ Location:** Pleasanton, CA
- **Twitter:** @contrastsec (5,468 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/contrast-security/ (196 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Insurance, Information Technology and Services
- **Company Size:** 67% Enterprise, 20% Mid-Market


#### What Are Contrast Security's Pros and Cons?

**Pros:**

- Accuracy of Findings (2 reviews)
- Accuracy of Results (2 reviews)
- Vulnerability Detection (2 reviews)
- Automated Scanning (1 reviews)
- Automation (1 reviews)

**Cons:**

- Complex Setup (1 reviews)
- Difficult Setup (1 reviews)
- Performance Issues (1 reviews)
- Problematic Updates (1 reviews)
- Setup Complexity (1 reviews)


### What Do G2 Reviewers Say About Contrast Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **accuracy of findings** from Contrast Security, ensuring greater precision in identifying vulnerabilities.
- Users value the **accuracy of results** from Contrast Security, benefiting from precise vulnerability monitoring and analysis.
- Users commend the **real-time vulnerability detection** of Contrast Security, appreciating its quick feedback and agile support.
- Users commend the **real-time vulnerability detection** of Contrast Security, appreciating its quick turnaround and excellent support.
- Users value the **real-time security testing** and excellent support from Contrast Security, enhancing their overall security posture.

**Cons:**

- Users experienced **performance issues** with Contrast Security, particularly with Java applications, but found support helpful in resolving them.

#### What Are Recent G2 Reviews of Contrast Security?

**"[Shift-Smart with Contrast](https://www.g2.com/survey_responses/contrast-security-review-8492224)"**

**Rating:** 5.0/5.0 stars
*— Kiran S.*

[Read full review](https://www.g2.com/survey_responses/contrast-security-review-8492224)

---

**"[Contrast Security makes application security simple](https://www.g2.com/survey_responses/contrast-security-review-8516563)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Higher Education*

[Read full review](https://www.g2.com/survey_responses/contrast-security-review-8516563)

---


#### What Are G2 Users Discussing About Contrast Security?

- [What is contrast protect?](https://www.g2.com/discussions/what-is-contrast-protect)
- [Is Contrast security SaaS?](https://www.g2.com/discussions/is-contrast-security-saas)
- [What is Contrast security tool?](https://www.g2.com/discussions/what-is-contrast-security-tool)
- [What does contrast security do?](https://www.g2.com/discussions/what-does-contrast-security-do)

### 25. [Beagle Security](https://www.g2.com/products/beagle-security/reviews)
Beagle Security helps you identify vulnerabilities in your web applications, APIs, GraphQL and remediate them with actionable insights before hackers harm you in any manner. With Beagle Security, you can integrate automated penetration testing into your CI/CD pipeline to identify security issues earlier in your development lifecycle and ship safer web applications. Major features: - Checks your web apps &amp; APIs for 3000+ test cases to find security loopholes - OWASP &amp; SANS standards - Recommendations to address security issues - Security test complex web apps with login - Compliance reports (GDPR, HIPAA &amp; PCI DSS) - Test scheduling - DevSecOps integrations - API integration - Team access - Integrations with popular tools like Slack, Jira, Asana, Trello &amp; 100+ other tools


**Average Rating:** 4.7/5.0
**Total Reviews:** 85
**How Do G2 Users Rate Beagle Security?**

- **Has the product been a good partner in doing business?:** 9.5/10 (Category avg: 9.2/10)
- **API / Integrations:** 7.9/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.2/10 (Category avg: 8.7/10)
- **Test Automation:** 9.7/10 (Category avg: 8.7/10)

**Who Is the Company Behind Beagle Security?**

- **Seller:** [Beagle Security](https://www.g2.com/sellers/beagle-security)
- **Year Founded:** 2020
- **HQ Location:** San Francisco, US
- **Twitter:** @beaglesecure (206 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/beaglesecurity/ (50 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** CEO, Director
- **Top Industries:** Marketing and Advertising, Information Technology and Services
- **Company Size:** 91% Small-Business, 7% Mid-Market


#### What Are Beagle Security's Pros and Cons?

**Pros:**

- Reporting Quality (1 reviews)
- Setup Ease (1 reviews)



### What Do G2 Reviewers Say About Beagle Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users praise the **attractive reporting** of Beagle Security, finding it easy to configure and comprehensive.
- Users value the **setup ease** of Beagle Security, finding it straightforward and efficient to configure.


#### What Are Recent G2 Reviews of Beagle Security?

**"[Comprehensive Security Testing with Actionable Insights](https://www.g2.com/survey_responses/beagle-security-review-12619693)"**

**Rating:** 5.0/5.0 stars
*— Nkosinathi T.*

[Read full review](https://www.g2.com/survey_responses/beagle-security-review-12619693)

---

**"[Very thorough service that gives us good Ci/CD assurance between Pen Tests](https://www.g2.com/survey_responses/beagle-security-review-11354043)"**

**Rating:** 5.0/5.0 stars
*— Matt B.*

[Read full review](https://www.g2.com/survey_responses/beagle-security-review-11354043)

---


#### What Are G2 Users Discussing About Beagle Security?

- [How has Beagle Security enhanced your web security, and what features would you like to see added?](https://www.g2.com/discussions/how-has-beagle-security-enhanced-your-web-security-and-what-features-would-you-like-to-see-added)
- [What is Beagle Security used for?](https://www.g2.com/discussions/what-is-beagle-security-used-for) - 1 comment


## What Is Dynamic Application Security Testing (DAST) Software?

[DevSecOps Software](https://www.g2.com/categories/devsecops)

## What Software Categories Are Similar to Dynamic Application Security Testing (DAST) Software?

- [Vulnerability Scanner Software](https://www.g2.com/categories/vulnerability-scanner)
- [Penetration Testing Tools](https://www.g2.com/categories/penetration-testing-tools)
- [API Security Tools](https://www.g2.com/categories/api-security)


---

## How Do You Choose the Right Dynamic Application Security Testing (DAST) Software?

### What You Should Know About Dynamic Application Security Testing (DAST)﻿ Software

### What is Dynamic Application Security Testing (DAST) Software?

Dynamic application security testing (DAST) is one of the many technology groupings of security testing solutions. DAST is a form of black-box security testing, meaning it simulates realistic threats and attacks. This differs from other forms of testing such as static application security testing (SAST), a white-box testing methodology used to examine the source code of an application.

DAST includes a number of testing components that operate while an application is running. Security professionals simulate real-world functionality through testing the application for vulnerabilities and then evaluate the effects on application performance. The methodology is often used to find issues near the end of the software development lifecycle. These issues may be tougher to fix than early flaws and bugs are, but those flaws pose a larger threat to critical components of an application.

DAST can also be thought of as a methodology. It’s a different approach than traditional security testing because once a test is completed, there are still tests to be done. It involves periodic inspections as updates are pushed live or changes are made before release. While a penetration test or code scan might serve as a one-off test for specific vulnerabilities or bugs, dynamic testing can be performed continually throughout the lifecycle of an application.

Key Benefits of Dynamic Application Security Testing (DAST) Software

- Simulate realistic attacks and threats
- Discover vulnerabilities not found in source code
- Flexible and customizable testing options
- Comprehensive assessment and scalable testing

### Why Use Dynamic Application Security Testing (DAST) Software?

There are a number of testing solutions necessary for an all-encompassing approach to security testing and vulnerability discovery. Most start in the early stages of software development and help programmers discover bugs in the code and issues with the underlying framework or design. These tests require access to source code and are often used during development and quality assurance (QA) processes.

While early testing solutions approach testing from the standpoint of the developer, DAST approaches testing from the standpoint of a hacker. These tools simulate real threats to a functional, running application. Security professionals can simulate common attacks such as SQL injection and cross-site scripting or customize tests to threats specific to their product. These tools offer a highly customizable solution for testing during the later stages of development and while applications are deployed.

**Flexibility —** Users can schedule tests as they please or perform them continuously throughout an application’s or website’s lifecycle. Security professionals can modify environments to simulate their resources and infrastructure to ensure a realistic test and evaluation. They’re often scalable, as well, to see if increased traffic or usage would affect vulnerabilities and protection.

Industries with more specific threats may require more specific testing. Security professionals may identify a threat specific to the health care industry or financial sector and alter tests to simulate the threats most common to them. If performed correctly, these tools offer some of the most realistic and customizable solutions to the threats present in real-world situations.

**Comprehensiveness —** Threats are continuously evolving and expanding, making the ability to simulate multiple tests more necessary. DAST offers a versatile approach to testing, wherein security professionals can simulate and analyze each threat or attack type individually. These tests deliver comprehensive feedback and actionable insights that security and development teams use to remediate any issues, flaws, and vulnerabilities.

These tools will first perform an initial crawl, or examination, of applications and websites from a third-party perspective. They interact with applications using HTTP, allowing the tools to examine applications built with any programming language or on any framework. The tool will then test for misconfigurations, which expose a greater attack surface than internal vulnerabilities. Additional tests can be run, depending on the solution, but all the results and discoveries can be stored for actionable remediation.

**Continuous assessment —** Agile teams and other companies relying on frequent updates to applications should use DAST products with continuous assessment capabilities. SAST tools will provide more direct solutions for issues related to continuous integration processes, but DAST tools will provide a better view of how updates and changes will be seen from an outside perspective. Each new update may pose a new threat or unveil a new vulnerability; it is therefore crucial to continue testing even after applications have been completed and deployed.

Unlike SAST, DAST also requires less access to potentially sensitive source code within the application. DAST approaches the situation from an outside perspective as simulated threats attempt to gain access to vulnerable systems or sensitive information. This can make it easier to perform tests continuously without requiring individuals to access source code or other internal systems.

### What are the Common Features of Dynamic Application Security Testing (DAST) Software?

Standard functionality is included in most dynamic application security testing (DAST) solutions:

**Compliance testing —** Compliance testing gives users the ability to test for various requirements from regulatory bodies. This can help ensure information is stored securely and protected from hackers.

**Test automation —** Test automation is the feature powering continuous testing processes. This functionality operates by running prescripted tests as frequently as required without the need for hands-on or manual testing.

**Manual testing —** Manual testing gives the user complete control over individual tests. These features allow users to perform hands-on live simulations and penetration tests.

**Command-line tools —** The command-line interface (CLI) is the language interpreter of a computer. CLI capabilities will allow security testers to simulate threats directly from the terminal host system and input command sequences.

**Static code analysis —** Static code analysis and static security testing is used to test from the inside out. These tools help security professionals examine application source code for security flaws without executing it.

**Issue tracking —** Issue tracking helps security professionals and developers document flaws or vulnerabilities as they are discovered. Proper documentation will make it easier to organize the actionable insights provided by the DAST tool.

**Reporting and analytics —** Reporting capabilities are important to DAST tools because they provide the information necessary to remediate any recently discovered vulnerabilities. Reporting and analytics features can also give teams a better idea of how attacks may affect application availability and performance.

**Extensibility —** Many applications offer the ability to expand functionality through the use of integrations, APIs, and plugins. These extensible components provide the ability to extend the platform beyond its native feature set to include additional features and functionalities.

### Potential Issues with Dynamic Application Security Testing (DAST) Software

**Testing coverage —** While DAST technologies have come a long way, DAST tools alone are unable to discover the majority of vulnerabilities. This is why most experts suggest pairing them with SAST solutions. Combining the two can decrease the rate at which false positives occur. They can also be used to simplify the continuous testing process for agile teams. While no tool will detect every vulnerability, DAST may be less efficient than other testing tools if used alone.

**Late-stage issues —** DAST tools will require code to be compiled for each individual test because they rely on simulated functionality to test responses. This can be a roadblock for agile teams constantly integrating new code into an application. Reports are usually static and result from single tests. For agile teams, those reports can become outdated and lose value very quickly. This is just one more reason DAST tools should be used as a component of an all-encompassing security testing stack rather than a standalone solution.

**Testing capabilities —** Because DAST tools do not access an application&#39;s underlying source code, there are a number of flaws DAST tools will be unable to detect. For example, DAST tools are most effective at simulating reflection, or call-and-response, attacks where they can simulate an input and receive a response. They are not, however, highly effective in discovering smaller vulnerabilities or flaws in areas of the application that are rarely touched by users. These issues, as well as vulnerabilities in the original source code, will need to be addressed by additional security testing technologies.

### Software and Services Related to Dynamic Application Security Testing (DAST) Software

Most security software focuses on the vulnerabilities of networks and devices. Not all, but some, are used specifically for testing. But there are many different ways to tackle the topic, and using a combination of tools and testing methods is always more effective than relying on one tool alone. These are a few security tools used for various testing purposes.

[**Static application security testing (SAST) software**](https://www.g2.com/categories/static-application-security-testing-sast) **—** SAST tools are used to inspect the underlying source code of an application, making them the perfect complement to DAST tools. Using the tools in tandem is often referred to as interactive application security testing (IAST). This can help combine the black-box nature of DAST and the white-box nature of SAST to both find errors in source code as well as errors in functionality and third-party components of an application.

[**Vulnerability scanners**](https://www.g2.com/categories/vulnerability-scanner) **—** Some people use the term vulnerability scanner to describe DAST tools, but in reality DAST is just one component of most vulnerability scanners. DAST tools are application-specific, while vulnerability scanners typically provide a larger set of features for vulnerability management, risk assessment, and continuous testing.

[**Static code analysis software**](https://www.g2.com/categories/static-code-analysis) **—** Static code analysis tools are more similar to SAST than DAST, in that they’re used to evaluate an application’s source code. These tools are less directed towards security but may provide SAST capabilities. They’re typically used to scan code for a number of flaws that include bugs, security vulnerabilities, performance issues, and any other issue that may present itself if source code is not tested and optimized.



