# Best Dynamic Application Security Testing (DAST) Software *By [Lauren Worth](https://research.g2.com/insights/author/lauren-worth)* Dynamic application security testing (DAST) tools automate security tests for a variety of real-world threats. These tools typically test HTTP and HTML interfaces of web applications. DAST is a black-box testing method, meaning it is performed from the outside. Companies use these tools to identify vulnerabilities in their applications from an external perspective to better simulate threats most easily accessed by hackers outside their organization. There are similarities between DAST tools and other application security and vulnerability management solutions, but most other technologies perform internal tests and code analysis instead of focusing on black-box testing. [SAST vs DAST](https://research.g2.com/blog/sast-vs-dast) — Learn the difference To qualify for inclusion in the Dynamic Application Security Testing (DAST) category, a product must: - Test applications in their operational state - Perform external black-box security tests - Trace penetrations and exploits to their sources ## Top Dynamic Application Security Testing (DAST) Software at a Glance | # | Product | Rating | Best For | What Users Say | |---|---------|--------|----------|----------------| | 1 | [Aikido Security](https://www.g2.com/products/aikido-security/reviews) | 4.6/5.0 (144 reviews) | Low-noise DAST with unified AppSec scanning | "[Effortless Security Testing with Comprehensive Coverage](https://www.g2.com/survey_responses/aikido-security-review-12747129)" | | 2 | [Burp Suite](https://www.g2.com/products/burp-suite/reviews) | 4.8/5.0 (126 reviews) | Proxy-intercept DAST with manual exploit depth | "[Complete Control Over Web Requests with Burp Suite](https://www.g2.com/survey_responses/burp-suite-review-12677559)" | | 3 | [Astra Pentest](https://www.g2.com/products/astra-pentest/reviews) | 4.6/5.0 (195 reviews) | Validated DAST with human-verified remediation workflows | "[Smooth Onboarding, Responsive Support, and Strong Pentest Lifecycle Controls](https://www.g2.com/survey_responses/astra-pentest-review-13001206)" | | 4 | [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews) | 4.5/5.0 (289 reviews) | Credentialed network vulnerability scanning with remediation guidance | "[Self-Contained Nessus Scanning with Full Control in Offline Environments](https://www.g2.com/survey_responses/tenable-nessus-review-12937668)" | | 5 | [Qodex.ai](https://www.g2.com/products/qodex-ai/reviews) | 4.9/5.0 (60 reviews) | AI-automated API security testing with self-healing | "[Effortless AI Testing Automation That Accelerates Development](https://www.g2.com/survey_responses/qodex-ai-review-12088697)" | | 6 | [GitLab](https://www.g2.com/products/gitlab/reviews) | 4.5/5.0 (880 reviews) | Pipeline-embedded DAST with unified DevSecOps | "[GitLab’s All-in-One DevOps Platform with CI/CD and Security Scanning](https://www.g2.com/survey_responses/gitlab-review-12864830)" | | 7 | [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) | 4.6/5.0 (66 reviews) | Proof-based DAST with CI/CD integration | "[Scalable Enterprise Security: Deep Endpoint Coverage via Invicti](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-12742667)" | | 8 | [Intruder](https://www.g2.com/products/intruder/reviews) | 4.8/5.0 (206 reviews) | Continuous external attack surface scanning with auto-remediation | "[Intruder: Insightful Vulnerability Management Platform That Strengthens Security Operation](https://www.g2.com/survey_responses/intruder-review-12395645)" | | 9 | [Pynt - API Security Testing](https://www.g2.com/products/pynt-api-security-testing/reviews) | 4.8/5.0 (44 reviews) | API-first DAST with CI/CD-native discovery | "[Comprehensive Review of Pynt Tool](https://www.g2.com/survey_responses/pynt-api-security-testing-review-10046930)" | | 10 | [BugDazz API Scanner](https://www.g2.com/products/bugdazz-api-scanner/reviews) | 4.9/5.0 (11 reviews) | CI/CD-integrated API security scanning | "[Good tool for security teams](https://www.g2.com/survey_responses/bugdazz-api-scanner-review-12300254)" | --- ## What Are the Most Common Questions About Dynamic Application Security Testing (DAST) Software? *AI-generated · Last updated: May 26, 2026* ### Which DAST tool offers the most comprehensive testing coverage? Based on G2 reviews, Aikido Security stands out in this category because reviewers consistently describe broad coverage across application and related security testing workflows. According to verified users, it combines DAST with capabilities such as SAST, SCA, container scanning, cloud and infrastructure visibility, and vulnerability management in one place. G2 reviewers mention that this wider coverage helps teams reduce tool sprawl, centralize findings, and speed remediation. Reviewers also repeatedly call out straightforward setup, repository integrations, and developer-friendly workflows. While some users note that certain advanced enterprise controls are still maturing, recent feedback most often highlights Aikido Security for comprehensive, all-in-one testing breadth. ### What best DAST solutions for continuous security integration? Based on G2 reviews, buyers looking for continuous security integration often prioritize products that fit naturally into development pipelines, automate recurring scans, and reduce operational overhead. G2 reviewers mention that Aikido Security is commonly used inside DevSecOps workflows with repository integrations and automatic scanning, while Invicti is frequently praised for CI/CD integrations and proof-based testing in ongoing web application programs. According to verified users, GitLab is also valued when teams want security checks embedded directly into broader development and deployment workflows. Across recent reviews, the common buying themes are automation, clear reporting, faster remediation, and easier adoption by both security and engineering teams. **Here are some of the top-rated products on G2:** - [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – used for automated security scanning inside developer and repository workflows with minimal setup - [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) – chosen for ongoing web app scanning with CI/CD integrations and proof-based validation - [GitLab](https://www.g2.com/products/gitlab/reviews) – fits teams that want security checks embedded into pipelines, merge requests, and delivery workflows ### What best tools for combining DAST with SAST? Based on G2 reviews, teams that want DAST and SAST together often favor platforms that reduce tool switching and present findings in one workflow. According to verified users, Aikido Security is repeatedly described as an all-in-one platform that brings together DAST, SAST, SCA, and other security checks, which helps smaller teams and fast-moving engineering groups centralize remediation. G2 reviewers mention that Invicti is also used for combining DAST with SAST and SCA in a more unified process, especially for organizations managing larger portfolios. GitLab reviews similarly point to built-in security scanning within pipelines, making it useful for teams that want code and application testing closer to delivery processes. **Here are some of the top-rated products on G2:** - [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – suited for teams wanting DAST, SAST, and related scanning in one developer-friendly platform - [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) – useful for organizations seeking DAST plus SAST and SCA within a centralized workflow - [GitLab](https://www.g2.com/products/gitlab/reviews) – helps embed multiple application security checks into CI/CD and merge request processes ### Which DAST software integrates with CI/CD pipelines? Based on G2 reviews, Invicti is the strongest fit for this question because reviewers frequently highlight its integrations with CI/CD tools and automated testing workflows. According to verified users, it connects with tools such as Jenkins, GitLab, and Jira, and helps teams move security checks earlier into delivery cycles. G2 reviewers mention that its automation, proof-based validation, and reporting make it easier for development and security teams to focus on real issues instead of manually sorting through excessive noise. Recent feedback also notes that setup can require tuning for more complex environments, but the integration story appears consistently in the review data and is a key reason teams adopt it. ### Which is the best DAST tool for web application security? Based on G2 reviews, Burp Suite is the clearest answer for web application security use cases. According to verified users, it is widely valued for intercepting, modifying, and replaying web requests, which helps security teams uncover issues in application logic, authentication flows, and input handling. G2 reviewers mention Repeater, Proxy, Intruder, and the broader extension ecosystem as major strengths for deep hands-on testing. Recent reviews also describe Burp Suite as especially effective for web, API, and mobile dynamic testing, with strong support for both manual and automated workflows. Some users note pricing and resource usage concerns, but reviewers consistently position it as a leading tool for web application testing depth. ### What top DAST solutions for cloud-native applications? Based on G2 reviews, cloud-native buyers tend to favor products that can scan applications while also fitting modern DevSecOps and infrastructure-heavy workflows. G2 reviewers mention that Aikido Security is used across repositories, cloud environments, and container-related security checks, which makes it appealing for teams trying to consolidate tooling. According to verified users, Intruder is also used to monitor vulnerabilities across both cloud resources and applications from a single view. GitLab reviews similarly point to integrated pipelines, automation, and built-in security checks that support cloud-native development practices. Across the recent review set, buyers emphasize ease of setup, workflow integration, and the ability to reduce noise while keeping developers moving quickly. **Here are some of the top-rated products on G2:** - [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – works well for teams combining application scans with repository, container, and cloud-focused workflows - [Intruder](https://www.g2.com/products/intruder/reviews) – fits organizations that want vulnerability visibility across cloud infrastructure and applications in one place - [GitLab](https://www.g2.com/products/gitlab/reviews) – supports cloud-native delivery with integrated pipelines, automation, and embedded security checks ### What best tools for detecting runtime security issues? Based on G2 reviews, buyers discussing runtime or live-application risk tend to value products that validate findings in running environments and reduce noisy results. According to verified users, Aikido Security is noted for helping teams connect code and external application risk, and one reviewer specifically highlighted its in-app protection capability for mitigating issues in legacy applications. G2 reviewers also describe Veracode Dynamic Analysis as useful for finding runtime vulnerabilities that static tools can miss, while Burp Suite is frequently used to inspect and manipulate live traffic during testing. The strongest common themes in recent feedback are actionable findings, clearer prioritization, and support for testing realistic application behavior. **Here are some of the top-rated products on G2:** - [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – useful for teams wanting live application visibility alongside broader application security workflows - [Veracode Dynamic Analysis](https://www.g2.com/products/veracode-dynamic-analysis/reviews) – highlighted for identifying runtime vulnerabilities that static tools may miss - [Burp Suite](https://www.g2.com/products/burp-suite/reviews) – strong for analyzing live web traffic and validating exploitable issues during active testing ### What top platforms for automated application vulnerability testing? Based on G2 reviews, automated application vulnerability testing buyers often look for products that are easy to deploy, fast to scan, and clear in how they present findings. G2 reviewers mention that Intruder is valued for automated scanning, continuous updates, and low operational overhead, while Aikido Security is praised for automatic scans, developer-friendly workflows, and centralized issue management. According to verified users, Invicti also stands out for proof-based scanning and automation that supports earlier detection in development processes. Across the recent review data, the products most often associated with automation success are the ones that balance broad visibility, manageable noise levels, and integrations that help teams remediate quickly. **Here are some of the top-rated products on G2:** - [Intruder](https://www.g2.com/products/intruder/reviews) – designed for automated scanning, continuous monitoring, and straightforward remediation tracking - [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – automates security scanning and helps developers prioritize and resolve issues faster - [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) – supports automated web application scanning with validated findings and detailed reporting ### What top-rated DAST platforms for enterprise applications? Based on G2 reviews, enterprise buyers generally look for scalable scanning, centralized reporting, and support for more complex environments. According to verified users, Invicti is often chosen for larger application portfolios because of endpoint discovery, CI/CD integrations, proof-based validation, and reporting suited to both technical and executive audiences. G2 reviewers also point to Burp Suite for deep testing depth in professional security teams and to GitLab when enterprises want security controls embedded into a broader DevSecOps platform. Recent reviews suggest the best enterprise fit depends on whether the priority is scalable automated scanning, practitioner-led testing depth, or consolidating security within software delivery operations. **Here are some of the top-rated products on G2:** - [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) – well suited for enterprise portfolios needing scalable scanning and centralized reporting - [Burp Suite](https://www.g2.com/products/burp-suite/reviews) – fits enterprise security teams that need deep manual and automated web testing capability - [GitLab](https://www.g2.com/products/gitlab/reviews) – useful for enterprises embedding security and compliance checks into a unified DevSecOps workflow ### Which DAST tool offers AI-driven vulnerability detection? Based on G2 reviews, Aikido Security is the strongest grounded answer because multiple reviewers reference AI-related capabilities alongside its broader application security workflow. According to verified users, the platform offers AI-generated pull request fixes and GitHub-related AI features that help teams move from detection to remediation faster. G2 reviewers mention that its developer-friendly design, automated scanning, and prioritization reduce noise and help smaller teams stay productive. Reviewers also note some AI limitations, including cases where GitHub AI suggestions were not always accurate, but the recent review data still shows more direct AI-driven workflow mentions for Aikido Security than for most other products in this category. ## How Many Dynamic Application Security Testing (DAST) Software Products Does G2 Track? **Total Products under this Category:** 93 ### Category Stats (Jun 2026) - **Average Rating**: 4.56/5 The average rating of products in this category, based on all submitted ratings - **Top Trending Product**: Veracode Application Security Platform (+0.74%) - Among all products in this category, Veracode Application Security Platform recorded the largest rating increase compared to last month *Last updated: June 26, 2026* ## How Does G2 Rank Dynamic Application Security Testing (DAST) Software Products? **Why You Can Trust G2's Software Rankings:** - 30 Analysts and Data Experts - 3,600+ Authentic Reviews - 93+ Products - Unbiased Rankings G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category. ## Which Dynamic Application Security Testing (DAST) Software Is Best for Your Use Case? - **Leader:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews) - **Highest Performer:** [Astra Pentest](https://www.g2.com/products/astra-pentest/reviews) - **Easiest to Use:** [Qodex.ai](https://www.g2.com/products/qodex-ai/reviews) - **Top Trending:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews) - **Best Free Software:** [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews) ## What Are the Top-Rated Dynamic Application Security Testing (DAST) Software Products in 2026? ### 1. [Aikido Security](https://www.g2.com/products/aikido-security/reviews) Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido helps teams of any size ship secure software faster, automate protection, and simulate real-world attacks with AI-driven precision. The platform’s proprietary AI cuts noise by 95%, delivers one-click fixes, and saves developers 10+ hours per week. Aikido Intel proactively uncovers vulnerabilities in open source packages before disclosure, helping secure more than 50,000 organizations worldwide, including Revolut, Niantic, Visma, Montblanc, and GoCardless. **Average Rating:** 4.6/5.0 **Total Reviews:** 144 **How Do G2 Users Rate Aikido Security?** - **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10) - **API / Integrations:** 8.3/10 (Category avg: 8.6/10) - **Detection Rate:** 10.0/10 (Category avg: 8.7/10) - **Test Automation:** 10.0/10 (Category avg: 8.7/10) **Who Is the Company Behind Aikido Security?** - **Seller:** [Aikido Security](https://www.g2.com/sellers/aikido-security) - **Company Website:** https://aikido.dev - **Year Founded:** 2022 - **HQ Location:** Ghent, Belgium - **Twitter:** @AikidoSecurity (11,770 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/aikido-security/ (241 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** CTO, Founder - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 69% Small-Business, 18% Mid-Market #### What Are Aikido Security's Pros and Cons? **Pros:** - Ease of Use (78 reviews) - Security (55 reviews) - Features (52 reviews) - Easy Integrations (47 reviews) - Easy Setup (47 reviews) **Cons:** - Missing Features (19 reviews) - Expensive (17 reviews) - Limited Features (16 reviews) - Pricing Issues (15 reviews) - Lacking Features (14 reviews) ### What Do G2 Reviewers Say About Aikido Security? *AI-generated summary from verified user reviews* **Pros:** - Users find Aikido Security's **ease of use** impressive, benefiting from seamless integration and clear actionable insights. - Users appreciate the **comprehensive security capabilities** of Aikido Security, seamlessly integrating multiple security features into workflows. - Users appreciate the **intuitive dashboard and comprehensive security features** of Aikido Security, enhancing codebase vulnerability management. - Users value the **easy integrations** with GitHub and other platforms, enhancing team collaboration and management. - Users find the **easy setup** of Aikido Security impressive, enabling quick implementation and efficient updates. **Cons:** - Users are disappointed by the **missing features** of Aikido Security, particularly in advanced reporting and analysis tools. - Users find the **pricing structure expensive** for small businesses, making upgrades hard to justify. - Users note the **limited features** in the free plan and desire more advanced options for customization and reporting. - Users find the **pricing structure problematic** , as it's not suitable for micro businesses and startups. - Users feel Aikido Security is **lacking features** , particularly in areas like advanced reporting and in-depth analysis. #### What Are Recent G2 Reviews of Aikido Security? **"[Effortless Security Testing with Comprehensive Coverage](https://www.g2.com/survey_responses/aikido-security-review-12747129)"** **Rating:** 4.0/5.0 stars *— Dylan E.* [Read full review](https://www.g2.com/survey_responses/aikido-security-review-12747129) --- **"[AI Code Reviews That Catch Vulnerabilities and Logic Bugs Across Multiple Repos](https://www.g2.com/survey_responses/aikido-security-review-13024655)"** **Rating:** 5.0/5.0 stars *— Jonathon K.* [Read full review](https://www.g2.com/survey_responses/aikido-security-review-13024655) --- ### 2. [Burp Suite](https://www.g2.com/products/burp-suite/reviews) Burp Suite is a complete ecosystem for web application and API security testing, combining two products: Burp Suite DAST - a best-of-breed, precision DAST solution that automates runtime testing, and Burp Suite Professional - the industry-standard toolkit for manual penetration testing. Developed by PortSwigger, more than 85,000 security professionals rely on Burp Suite to find, verify, and understand vulnerabilities across complex modern web applications. Burp Suite DAST is PortSwigger’s enterprise dynamic application security testing (DAST) solution, purpose-built for continuous, automated scanning of web applications and APIs. Unlike many DAST solutions, which are part of a wider AST offering, Burp Suite DAST is not a bolt-on tool - instead it’s precision-built from over 20 years of dynamic testing experience. Burp Suite DAST reveals the runtime issues that static analysis tools miss, such as authentication flaws, configuration drift, and chained vulnerabilities. Built on the same proprietary scanning engine that powers Burp Suite Professional, it delivers precise, low-noise results that security teams trust. Key capabilities of Burp Suite DAST include: Continuous, automated scanning of web applications and APIs, integration with CI/CD pipelines and vulnerability management tools, flexible deployment across cloud, and on-premise environments, shared scanning logic and configurations between automated and manual testing, accurate, low-noise detection informed by PortSwigger Research. Burp Suite Professional complements DAST with deep manual testing capability. It’s the industry-standard toolkit for penetration testers, consultants, and AppSec engineers who need complete insight and flexibility when validating or exploring vulnerabilities. Findings discovered by DAST can be investigated and verified in Burp Suite Professional, ensuring every result is accurate, contextual, and actionable. Together, Burp Suite DAST and Burp Suite Professional create a unified ecosystem that delivers automation at breadth and manual depth where it counts. Burp Suite is built for AppSec teams who need scalable, trustworthy coverage across web and API environments, enabling a seamless handoff between automated and manual testing. **Average Rating:** 4.8/5.0 **Total Reviews:** 126 **How Do G2 Users Rate Burp Suite?** - **Has the product been a good partner in doing business?:** 9.7/10 (Category avg: 9.2/10) - **API / Integrations:** 8.3/10 (Category avg: 8.6/10) - **Detection Rate:** 7.2/10 (Category avg: 8.7/10) - **Test Automation:** 7.5/10 (Category avg: 8.7/10) **Who Is the Company Behind Burp Suite?** - **Seller:** [PortSwigger](https://www.g2.com/sellers/portswigger) - **Company Website:** https://www.portswigger.net - **Year Founded:** 2008 - **HQ Location:** Knutsford, GB - **Twitter:** @Burp_Suite (138,186 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/portswigger-web-security/ (321 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** Cyber Security Analyst - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 41% Mid-Market, 31% Small-Business #### What Are Burp Suite's Pros and Cons? **Pros:** - Ease of Use (12 reviews) - User Interface (8 reviews) - Testing Services (7 reviews) - Features (5 reviews) - Clear Interface (4 reviews) **Cons:** - Expensive (5 reviews) - Slow Performance (5 reviews) - High Learning Curve (2 reviews) - Learning Curve (2 reviews) - Limited Customization (2 reviews) ### What Do G2 Reviewers Say About Burp Suite? *AI-generated summary from verified user reviews* **Pros:** - Users find Burp Suite's **ease of use** and intuitive interface enhances their efficiency in web application security testing. - Users commend Burp Suite's **user-friendly interface** , making it accessible and efficient for both beginners and experts. - Users value the **deep automation and manual capabilities** of Burp Suite, making it essential for penetration testing. - Users rave about Burp Suite's **user-friendly interface and extensive features** , making it essential for effective web application security testing. - Users appreciate Burp Suite's **clear interface** , making it easy to navigate and effective for analyzing web traffic. **Cons:** - Users often mention the **expensive pricing** of Burp Suite, which limits access for beginners and learners. - Users experience **slow performance** due to high resource demands, especially on lower-spec computers with many plugins installed. - Users find the **steep learning curve** of Burp Suite challenging, particularly when starting with the proxy setup and workflow. - Users find the **steep learning curve** of Burp Suite challenging, especially for beginners navigating its workflow and proxy setup. - Users find the **limited customization** in Burp Suite restricts their ability to fully explore its features. #### What Are Recent G2 Reviews of Burp Suite? **"[Complete Control Over Web Requests with Burp Suite](https://www.g2.com/survey_responses/burp-suite-review-12677559)"** **Rating:** 5.0/5.0 stars *— Arish B.* [Read full review](https://www.g2.com/survey_responses/burp-suite-review-12677559) --- **"[Burp Suite Pro: A Powerful, All-in-One Platform for Web App Pen Testing](https://www.g2.com/survey_responses/burp-suite-review-12818180)"** **Rating:** 4.5/5.0 stars *— Aryan S.* [Read full review](https://www.g2.com/survey_responses/burp-suite-review-12818180) --- #### What Are G2 Users Discussing About Burp Suite? - [What are the benefits and challenges of using BurpSuite for web application security?](https://www.g2.com/discussions/what-are-the-benefits-and-challenges-of-using-burpsuite-for-web-application-security) - [What is BurpSuite used for?](https://www.g2.com/discussions/burpsuite-what-is-burpsuite-used-for) - [What types of vulnerabilities can Burp Suite detect?](https://www.g2.com/discussions/what-types-of-vulnerabilities-can-burp-suite-detect) - [What is Burp Suite Professional?](https://www.g2.com/discussions/what-is-burp-suite-professional) - 1 comment - [Is BurpSuite free?](https://www.g2.com/discussions/is-burpsuite-free) - 2 comments ### 3. [Astra Pentest](https://www.g2.com/products/astra-pentest/reviews) Astra Security is a leading continuous penetration testing platform that combines AI-powered autonomous pentesting with certified expert-led assessments. Powered by Attack AI, trained on 6.8M+ security findings and insights from 5,000+ real-world pentests. Astra deploys intelligent agents that continuously discover, validate, prioritize, and help remediate vulnerabilities at scale. While AI handles speed and scale, Astra’s certified security experts focus on what automation alone cannot: complex business logic flaws, multi-step attack chains, advanced exploit paths, and emerging AI/LLM-specific threats. Built for modern engineering teams, Astra integrates directly into CI/CD workflows, enabling continuous security validation between releases instead of relying on outdated annual pentests. The platform delivers comprehensive Autonomous Pentest powered by AI agents, DAST vulnerability scanner and human-driven pentests across web apps, AI/LLMs, mobile apps, APIs, cloud infrastructure. Astra is CREST-accredited, CERT-IN empaneled, and a PCI ASV-certified vendor. Our team also led the development of the OWASP APTS framework, helping shape the industry standard for continuous security testing. Today, 1,500+ organizations across 70+ countries trust Astra Security, including Ford, Loom, CompTIA, Hitachi, HackerRank, and OLX. **Average Rating:** 4.6/5.0 **Total Reviews:** 195 **How Do G2 Users Rate Astra Pentest?** - **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.2/10) - **API / Integrations:** 8.3/10 (Category avg: 8.6/10) - **Detection Rate:** 8.9/10 (Category avg: 8.7/10) - **Test Automation:** 8.8/10 (Category avg: 8.7/10) **Who Is the Company Behind Astra Pentest?** - **Seller:** [ASTRA IT, Inc.](https://www.g2.com/sellers/astra-it-inc) - **Company Website:** https://www.getastra.com/ - **Year Founded:** 2018 - **HQ Location:** New Delhi, IN - **Twitter:** @getastra (694 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/getastra/ (130 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** CTO, CEO - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 65% Small-Business, 30% Mid-Market #### What Are Astra Pentest's Pros and Cons? **Pros:** - Customer Support (63 reviews) - Vulnerability Detection (51 reviews) - Ease of Use (50 reviews) - Pentesting Efficiency (42 reviews) - Vulnerability Identification (37 reviews) **Cons:** - Poor Customer Support (12 reviews) - Poor Interface Design (10 reviews) - Slow Performance (8 reviews) - UX Improvement (7 reviews) - Lack of Information (6 reviews) ### What Do G2 Reviewers Say About Astra Pentest? *AI-generated summary from verified user reviews* **Pros:** - Users commend the **responsive and supportive customer support** of Astra Pentest, significantly enhancing their security experience. - Users value Astra Pentest for its **user-friendly vulnerability detection** , simplifying the tracking and prioritization of security issues. - Users highlight the **ease of use** of Astra Pentest, appreciating its intuitive design and accessible features. - Users value the **pentesting efficiency** of Astra Pentest, thanks to quick feedback and effective coordination throughout the process. - Users value the **effective vulnerability identification** by Astra Pentest, enhancing confidence in security and business growth. **Cons:** - Users find the **poor customer support** of Astra Pentest frustrating, leading to delays in issue resolution and assistance. - Users find the **poor interface design** of Astra Pentest makes the overall experience less intuitive and smooth. - Users report that the **slow performance** of Astra Pentest affects efficiency, prolonging testing and response times. - Users find that the **UX could be improved** , noting confusion and difficulties with the interface during scans. - Users point out a **lack of information** , as documentation and status updates are often incomplete or slow to respond. #### What Are Recent G2 Reviews of Astra Pentest? **"[Smooth Onboarding, Responsive Support, and Strong Pentest Lifecycle Controls](https://www.g2.com/survey_responses/astra-pentest-review-13001206)"** **Rating:** 5.0/5.0 stars *— Sivakumar S.* [Read full review](https://www.g2.com/survey_responses/astra-pentest-review-13001206) --- **"[Thorough Pentesting with Clear, Actionable Reporting and Responsive Support](https://www.g2.com/survey_responses/astra-pentest-review-12963285)"** **Rating:** 5.0/5.0 stars *— Sevesh A.* [Read full review](https://www.g2.com/survey_responses/astra-pentest-review-12963285) --- #### What Are G2 Users Discussing About Astra Pentest? - [What is Astra Pentest used for?](https://www.g2.com/discussions/what-is-astra-pentest-used-for) - 2 comments ### 4. [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews) Built for security practitioners, by security professionals, Nessus products by Tenable are the de-facto industry standard for vulnerability assessment. Nessus performs point-in-time assessments to help security professionals quickly and easily identify and fix vulnerabilities, including software flaws, missing patches, malware, and misconfigurations - across a variety of operating systems, devices, and applications. With features such as pre-built policies and templates, customizable reporting, group “snooze” functionality, and real-time updates, Nessus is designed to make vulnerability assessment simple, easy, and intuitive. The result: less time and effort to assess, prioritize, and remediate issues. **Average Rating:** 4.5/5.0 **Total Reviews:** 289 **How Do G2 Users Rate Tenable Nessus?** - **Has the product been a good partner in doing business?:** 8.7/10 (Category avg: 9.2/10) **Who Is the Company Behind Tenable Nessus?** - **Seller:** [Tenable](https://www.g2.com/sellers/tenable) - **Company Website:** https://www.tenable.com/ - **HQ Location:** Columbia, MD - **Twitter:** @TenableSecurity (87,752 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/25452/ (2,350 employees on LinkedIn®) - **Ownership:** NASDAQ: TENB **Who Uses This Product?** - **Who Uses This:** Security Engineer, Network Engineer - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 40% Mid-Market, 34% Enterprise #### What Are Tenable Nessus's Pros and Cons? **Pros:** - Vulnerability Identification (20 reviews) - Vulnerability Detection (18 reviews) - Ease of Use (16 reviews) - Automated Scanning (15 reviews) - Features (13 reviews) **Cons:** - Slow Scanning (7 reviews) - Expensive (6 reviews) - Limited Features (6 reviews) - Complexity (5 reviews) - False Positives (5 reviews) ### What Do G2 Reviewers Say About Tenable Nessus? *AI-generated summary from verified user reviews* **Pros:** - Users commend Tenable Nessus for its **effective vulnerability identification** , enhancing their ability to manage security risks efficiently. - Users value the **advanced vulnerability detection** capabilities of Nessus, enabling quick responses to security risks. - Users find Tenable Nessus **easy to use** , appreciating its straightforward setup and clean, user-friendly interface. - Users value the **automated scanning capabilities** of Tenable Nessus, appreciating its thoroughness and comprehensive reports. - Users appreciate the **better and more complete scanning** of assets, enjoying powerful reporting and automation features. **Cons:** - Users experience **slow scanning** times, particularly in large environments, impacting productivity and requiring downtime. - Users find Tenable Nessus **expensive to maintain** , which can be a significant drawback for many organizations. - Users find the **limited features** of Tenable Nessus restrict operational capabilities, particularly in user access and scanning. - Users find the **complexity** of Tenable Nessus challenging, requiring significant technical knowledge and advanced licensing for effective use. - Users experience **false positives** with Tenable Nessus, leading to unnecessary workloads for security teams during scans. #### What Are Recent G2 Reviews of Tenable Nessus? **"[Reliable and Efficient Vulnerability Management Tool](https://www.g2.com/survey_responses/tenable-nessus-review-12989192)"** **Rating:** 5.0/5.0 stars *— Mohsin H.* [Read full review](https://www.g2.com/survey_responses/tenable-nessus-review-12989192) --- **"[Self-Contained Nessus Scanning with Full Control in Offline Environments](https://www.g2.com/survey_responses/tenable-nessus-review-12937668)"** **Rating:** 4.0/5.0 stars *— Verified User in Higher Education* [Read full review](https://www.g2.com/survey_responses/tenable-nessus-review-12937668) --- #### What Are G2 Users Discussing About Tenable Nessus? - [What is Nessus used for?](https://www.g2.com/discussions/what-is-nessus-used-for) - 1 comment - [What types of vulnerabilities are scanned by Nessus?](https://www.g2.com/discussions/what-types-of-vulnerabilities-are-scanned-by-nessus) - [Is there a free version of Nessus?](https://www.g2.com/discussions/is-there-a-free-version-of-nessus) - 2 comments - [What is an advantage of using Nessus?](https://www.g2.com/discussions/what-is-an-advantage-of-using-nessus) - [What does Nessus scan for?](https://www.g2.com/discussions/what-does-nessus-scan-for) - 1 comment ### 5. [Qodex.ai](https://www.g2.com/products/qodex-ai/reviews) Qodex is a continuous testing platform that runs your test scenarios against your real app on every pull request and deploy, then shows you exactly what broke with the failing request, response, and screenshot. **Average Rating:** 4.9/5.0 **Total Reviews:** 60 **How Do G2 Users Rate Qodex.ai?** - **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10) - **API / Integrations:** 8.3/10 (Category avg: 8.6/10) - **Detection Rate:** 8.3/10 (Category avg: 8.7/10) - **Test Automation:** 10.0/10 (Category avg: 8.7/10) **Who Is the Company Behind Qodex.ai?** - **Seller:** [QodexAI](https://www.g2.com/sellers/qodexai) - **Company Website:** https://www.qodex.ai/ - **Year Founded:** 2023 - **HQ Location:** San Francisco, California - **LinkedIn® Page:** https://linkedin.com/company/qodexai (13 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 75% Small-Business, 20% Mid-Market #### What Are Qodex.ai's Pros and Cons? **Pros:** - Ease of Use (23 reviews) - Automation (17 reviews) - Testing (17 reviews) - Testing Efficiency (17 reviews) - Helpful (13 reviews) **Cons:** - Slow Loading (6 reviews) - Poor Documentation (5 reviews) - Slow Performance (5 reviews) - Bug Issues (4 reviews) - Bugs (4 reviews) ### What Do G2 Reviewers Say About Qodex.ai? *AI-generated summary from verified user reviews* **Pros:** - Users praise the **ease of use** of Qodex.ai, enabling seamless test case creation for both technical and non-technical users. - Users value the **automation in test case generation** with Qodex.ai, enhancing efficiency and freeing up resources. - Users value the **easy interface for writing test cases** , simplifying the process for developers and non-technical users alike. - Users benefit from the **testing efficiency** of Qodex.ai, achieving high code coverage with minimal manual effort. - Users value the **helpful customer support** of Qodex.ai, enhancing their experience and facilitating smooth operations. **Cons:** - Users experience **slow loading** times with Qodex.ai, particularly during initial setup and when handling large reports. - Users note the need for **poor documentation** , requiring clearer insights and guidance for complex features and use cases. - Users experience **slow performance** with delayed chatbot responses and longer loading times for large projects. - Users experience **bug issues** with repeated test cases, reporting processes, and flagging accuracy that need improvement. - Users report **bug reporting issues** with Qodex.ai, highlighting the need for improved tagging and flagging processes. #### What Are Recent G2 Reviews of Qodex.ai? **"[Effortless AI Testing Automation That Accelerates Development](https://www.g2.com/survey_responses/qodex-ai-review-12088697)"** **Rating:** 4.5/5.0 stars *— Abhilash S.* [Read full review](https://www.g2.com/survey_responses/qodex-ai-review-12088697) --- **"[Effortless Automation and Insightful AI Testing with Qodex.ai](https://www.g2.com/survey_responses/qodex-ai-review-12065938)"** **Rating:** 4.5/5.0 stars *— Anshuk K.* [Read full review](https://www.g2.com/survey_responses/qodex-ai-review-12065938) --- ### 6. [GitLab](https://www.g2.com/products/gitlab/reviews) GitLab is the most comprehensive AI-Powered DevSecOps platform that enables software innovation by empowering development, security, and operations teams to build better software, faster. With GitLab, teams can create, deliver, and manage code quickly and continuously instead of managing disparate tools and scripts. GitLab helps your teams across the complete DevSecOps lifecycle, from developing, securing, and deploying software. What makes us truly different? - Flexibility: Consume as a service or manage your own deployment - Cloud-Agnostic: Deploy anywhere with no vendor lock-in - No rip and replace: Scale to a platform approach at your own pace **Average Rating:** 4.5/5.0 **Total Reviews:** 880 **How Do G2 Users Rate GitLab?** - **Has the product been a good partner in doing business?:** 8.8/10 (Category avg: 9.2/10) - **API / Integrations:** 9.2/10 (Category avg: 8.6/10) - **Detection Rate:** 9.0/10 (Category avg: 8.7/10) - **Test Automation:** 9.1/10 (Category avg: 8.7/10) **Who Is the Company Behind GitLab?** - **Seller:** [GitLab Inc.](https://www.g2.com/sellers/gitlab-inc) - **Company Website:** https://about.gitlab.com/ - **Year Founded:** 2014 - **HQ Location:** San Francisco, California - **Twitter:** @gitlab (171,534 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/5101804/ (3,473 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** Software Engineer, Senior Software Engineer - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 37% Mid-Market, 36% Small-Business #### What Are GitLab's Pros and Cons? **Pros:** - Ease of Use (40 reviews) - Features (39 reviews) - CI (33 reviews) - Integrations (32 reviews) - CD Integration (31 reviews) **Cons:** - Complexity (20 reviews) - Difficult Learning (18 reviews) - Confusing Interface (15 reviews) - Complex User Interface (14 reviews) - Learning Curve (13 reviews) ### What Do G2 Reviewers Say About GitLab? *AI-generated summary from verified user reviews* **Pros:** - Users appreciate the **ease of use** in GitLab, seamlessly integrating multiple DevOps processes into one platform. - Users appreciate the **unified DevOps platform** of GitLab, streamlining development with integrated tools and features. - Users appreciate the **powerful and easy-to-configure CI/CD integration** of GitLab, enhancing automation from code to deployment. - Users value the **seamless integrations** in GitLab, streamlining workflows across development and project management tools. - Users appreciate the **seamless CI/CD integration** in GitLab, enabling efficient automation from code to deployment. **Cons:** - Users find the **complexity** of GitLab's structure and management challenging, especially for newcomers and autoscaling setups. - Users experience a **difficult learning curve** with GitLab, especially when adapting to its unique structure and features. - Users find GitLab's interface **confusing and complex** , making it challenging for new users to navigate effectively. - Users find the **complex user interface** challenging, requiring significant effort to navigate and understand functionalities. - Users find the **steep learning curve** of GitLab challenging, especially for newcomers adjusting to its features and UI. #### What Are Recent G2 Reviews of GitLab? **"[GitLab’s All-in-One DevOps Platform with CI/CD and Security Scanning](https://www.g2.com/survey_responses/gitlab-review-12864830)"** **Rating:** 5.0/5.0 stars *— mani s.* [Read full review](https://www.g2.com/survey_responses/gitlab-review-12864830) --- **"[User-Friendly Gitlab with Powerful APIs for Smooth Integrations](https://www.g2.com/survey_responses/gitlab-review-12778582)"** **Rating:** 4.5/5.0 stars *— Prasanth N.* [Read full review](https://www.g2.com/survey_responses/gitlab-review-12778582) --- #### What Are G2 Users Discussing About GitLab? - [What is GitLab used for?](https://www.g2.com/discussions/what-is-gitlab-used-for) - 2 comments - [Why GitLab is better than Jenkins?](https://www.g2.com/discussions/why-gitlab-is-better-than-jenkins) - 1 comment - [Is GitLab paid?](https://www.g2.com/discussions/is-gitlab-paid) - 5 comments, 2 upvotes - [Is GitLab free software?](https://www.g2.com/discussions/is-gitlab-free-software) - 4 comments, 1 upvote - [What can GitLab do?](https://www.g2.com/discussions/what-can-gitlab-do) - 2 comments ### 7. [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) Invicti (formerly known as Netsparker) is an enterprise application and API security testing platform that helps organizations secure thousands of web applications and APIs at scale while dramatically reducing the risk of attack. Combining advanced DAST and IAST capabilities in a single platform, Invicti enables security teams to continuously identify, prioritize, and remediate vulnerabilities across complex modern environments with confidence and automation. With Invicti, security teams can: - Automate application security testing workflows and save hundreds of hours every month - Discover and secure all web applications and APIs, including forgotten, unmanaged, and shadow assets - Deliver actionable, developer-friendly feedback that helps teams remediate vulnerabilities faster and build more secure code over time - Reduce false positives with proof-based scanning technology that validates exploitable vulnerabilities - Scale application security programs across large enterprises without slowing development teams - Integrate security seamlessly into existing DevSecOps and CI/CD workflows Built for organizations with the most demanding security requirements, Invicti empowers teams to confidently secure their entire attack surface with accuracy, scalability, and automation. **Average Rating:** 4.6/5.0 **Total Reviews:** 66 **How Do G2 Users Rate Invicti (formerly Netsparker)?** - **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.2/10) - **API / Integrations:** 8.2/10 (Category avg: 8.6/10) - **Detection Rate:** 8.6/10 (Category avg: 8.7/10) - **Test Automation:** 8.5/10 (Category avg: 8.7/10) **Who Is the Company Behind Invicti (formerly Netsparker)?** - **Seller:** [Invicti Security](https://www.g2.com/sellers/invicti-security-04cb0d3d-fd96-45b2-83dc-2038fc9dac92) - **Company Website:** https://www.invicti.com/ - **Year Founded:** 2018 - **HQ Location:** Austin, Texas - **Twitter:** @InvictiSecurity (2,557 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/invicti-security/people/ (335 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 46% Enterprise, 28% Mid-Market #### What Are Invicti (formerly Netsparker)'s Pros and Cons? **Pros:** - Ease of Use (9 reviews) - Scanning Technology (7 reviews) - Features (6 reviews) - Reporting Quality (6 reviews) - Vulnerability Detection (6 reviews) **Cons:** - Poor Customer Support (3 reviews) - Slow Performance (3 reviews) - Slow Scanning (3 reviews) - API Issues (2 reviews) - Complex Setup (2 reviews) ### What Do G2 Reviewers Say About Invicti (formerly Netsparker)? *AI-generated summary from verified user reviews* **Pros:** - Users value the **ease of use** of Invicti, making setup and report generation efficient and straightforward for security testing. - Users value the **efficient scanning technology** of Invicti, enabling easy monthly tests and quick API integration. - Users value Invicti's **accurate and comprehensive reporting** , making it ideal for security testing and certification needs. - Users value the **well-formatted reports** from Invicti, which simplify obtaining ISO certifications and enhance operational efficiency. - Users value the **effective vulnerability detection** features, enabling efficient scans and clear reports on crucial issues. **Cons:** - Users feel that the **customer support is inadequate** , often lacking timely responses and effective solutions to issues. - Users experience **slow performance** during scans and setup, impacting overall efficiency and user satisfaction. - Users find the **slow scanning** process frustrating, especially when attempting to scan API endpoints effectively. - Users experience **API scanning issues** that hinder functionality, limiting the app's effectiveness for certain use cases. - Users find the **complex setup** challenging initially, affecting ease of use and configuration during scans. #### What Are Recent G2 Reviews of Invicti (formerly Netsparker)? **"[Effortless Website Testing with Outstanding Support](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-11850923)"** **Rating:** 4.5/5.0 stars *— Chris M.* [Read full review](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-11850923) --- **"[Scalable Enterprise Security: Deep Endpoint Coverage via Invicti](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-12742667)"** **Rating:** 4.5/5.0 stars *— Verified User in Information Technology and Services* [Read full review](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-12742667) --- #### What Are G2 Users Discussing About Invicti (formerly Netsparker)? - [What is Invicti (formerly Netsparker) used for?](https://www.g2.com/discussions/what-is-invicti-formerly-netsparker-used-for) - 1 comment - [What type of vulnerabilities Netsparker can automatically confirm?](https://www.g2.com/discussions/invicti-formerly-netsparker-what-type-of-vulnerabilities-netsparker-can-automatically-confirm) - [What type of vulnerabilities Netsparker can automatically confirm?](https://www.g2.com/discussions/what-type-of-vulnerabilities-netsparker-can-automatically-confirm) - [How much does Netsparker cost?](https://www.g2.com/discussions/invicti-formerly-netsparker-how-much-does-netsparker-cost-a1ecffa4-a216-4bcc-affd-40dc140f3e27) - [How much does Netsparker cost?](https://www.g2.com/discussions/invicti-formerly-netsparker-how-much-does-netsparker-cost) ### 8. [Intruder](https://www.g2.com/products/intruder/reviews) Intruder is an exposure management platform for scaling to mid-market businesses. Over 3000 companies - across all industries - use Intruder to find critical exposures, respond faster and prevent breaches. Unifying Attack Surface Management, Vulnerability Management and Cloud security into one powerful, easy to use platform, Intruder simplifies the complex task of securing an ever-expanding attack surface. Recognizing no two business are alike, Intruder provides real-time, accurate scanning combined with intelligent risk prioritization, ensuring businesses focus on the exposures that are most relevant to them. And our proactive approach limits the window of risk, continuously monitoring for new threats while eliminating the noise that slows teams down. Whether you're an IT Manager, in DevOps or a CISO, Intruder's easy setup and context-driven approach will free you up to focus on exposures that cause real breaches, not just technical vulnerabilities. Keeping you one step ahead of attackers. **Average Rating:** 4.8/5.0 **Total Reviews:** 206 **How Do G2 Users Rate Intruder?** - **Has the product been a good partner in doing business?:** 9.7/10 (Category avg: 9.2/10) - **API / Integrations:** 8.9/10 (Category avg: 8.6/10) - **Detection Rate:** 9.5/10 (Category avg: 8.7/10) - **Test Automation:** 8.8/10 (Category avg: 8.7/10) **Who Is the Company Behind Intruder?** - **Seller:** [Intruder](https://www.g2.com/sellers/intruder) - **Company Website:** https://www.intruder.io - **Year Founded:** 2015 - **HQ Location:** London - **Twitter:** @intruder_io (979 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/6443623/ (84 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** CTO, Director - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 57% Small-Business, 36% Mid-Market #### What Are Intruder's Pros and Cons? **Pros:** - Ease of Use (41 reviews) - Vulnerability Detection (30 reviews) - Customer Support (25 reviews) - User Interface (24 reviews) - Vulnerability Identification (24 reviews) **Cons:** - Expensive (9 reviews) - Slow Scanning (8 reviews) - Licensing Issues (7 reviews) - False Positives (6 reviews) - Limited Features (6 reviews) ### What Do G2 Reviewers Say About Intruder? *AI-generated summary from verified user reviews* **Pros:** - Users find **Intruder very easy to use** , enabling quick setup and efficient management of security vulnerabilities. - Users value the **effortless vulnerability detection** of Intruder, streamlining cybersecurity management for diverse teams and environments. - Users value Intruder's **exceptional customer support** , noting its quick responses and helpfulness throughout their cybersecurity efforts. - Users value Intruder's **intuitive interface** and seamless integration, making cybersecurity management straightforward and efficient. - Users praise Intruder for its **easy configuration and efficient vulnerability identification** , making security management hassle-free. **Cons:** - Users find the product **expensive** and suggest improvements in pricing models for better value. - Users report **slow scanning** issues with Intruder, leading to missed vulnerabilities and frustration during tests. - Users find the **licensing model confusing** , requiring time and support to fully grasp its implications for scan targets. - Users experience **false positives** with Intruder, where lower-risk issues are flagged with critical urgency, causing concern. - Users find the **limited features** frustrating, particularly regarding licensing and export flexibility in reporting. #### What Are Recent G2 Reviews of Intruder? **"[Intruder: Insightful Vulnerability Management Platform That Strengthens Security Operation](https://www.g2.com/survey_responses/intruder-review-12395645)"** **Rating:** 4.5/5.0 stars *— HALADU A.* [Read full review](https://www.g2.com/survey_responses/intruder-review-12395645) --- **"[Outstanding Experience with No Drawbacks](https://www.g2.com/survey_responses/intruder-review-12097237)"** **Rating:** 5.0/5.0 stars *— Nic H.* [Read full review](https://www.g2.com/survey_responses/intruder-review-12097237) --- #### What Are G2 Users Discussing About Intruder? - [Who developed intruder?](https://www.g2.com/discussions/who-developed-intruder) - [What is an intruder in cyber security?](https://www.g2.com/discussions/what-is-an-intruder-in-cyber-security) - [Is intruder IO safe?](https://www.g2.com/discussions/is-intruder-io-safe) - 1 comment - [What is intruder software?](https://www.g2.com/discussions/what-is-intruder-software) - 1 comment ### 9. [Pynt - API Security Testing](https://www.g2.com/products/pynt-api-security-testing/reviews) Pynt is an innovative API Security Testing platform exposing verified API threats through simulated attacks. Hundreds of companies rely on Pynt to continuously monitor, classify and attack poorly secured APIs, before hackers do. **Average Rating:** 4.8/5.0 **Total Reviews:** 44 **How Do G2 Users Rate Pynt - API Security Testing?** - **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.2/10) - **API / Integrations:** 9.5/10 (Category avg: 8.6/10) - **Detection Rate:** 9.3/10 (Category avg: 8.7/10) - **Test Automation:** 9.2/10 (Category avg: 8.7/10) **Who Is the Company Behind Pynt - API Security Testing?** - **Seller:** [Pynt](https://www.g2.com/sellers/pynt) - **Year Founded:** 2022 - **HQ Location:** Tel Aviv, IL - **Twitter:** @pynt_io (361 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/pynt (16 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software, Computer & Network Security - **Company Size:** 57% Small-Business, 23% Enterprise #### What Are Pynt - API Security Testing's Pros and Cons? **Pros:** - Vulnerability Detection (20 reviews) - Security (18 reviews) - API Management (17 reviews) - Easy Integrations (16 reviews) - Automation (15 reviews) **Cons:** - Complex Setup (11 reviews) - Setup Complexity (6 reviews) - Limited Features (4 reviews) - Poor Interface Design (4 reviews) - UX Improvement (4 reviews) ### What Do G2 Reviewers Say About Pynt - API Security Testing? *AI-generated summary from verified user reviews* **Pros:** - Users appreciate the **auto-generation of security tests** , making vulnerability detection accessible for all development teams. - Users praise Pynt for its **effective security engine** that quickly identifies critical vulnerabilities, enhancing overall API security. - Users appreciate the **seamless integration** of Pynt into CI/CD pipelines, enhancing automated security testing for APIs. - Users appreciate the **easy integrations** of Pynt, facilitating smooth automated API security testing within their development processes. - Users appreciate the **automation** in Pynt that streamlines API security testing, enhancing efficiency and developer experience. **Cons:** - Users find the **complex setup** process challenging, often needing support and desiring a more user-friendly interface. - Users find the **setup complexity** of Pynt challenging, often needing assistance and suggesting a more user-friendly interface. - Users note the **limited features** of Pynt, especially in reporting and dashboard capabilities for complex API management. - Users find the **poor interface design** challenging, indicating a need for improvements to enhance usability and experience. - Users find the **user interface challenging** , recommending improvements for a more user-friendly experience. #### What Are Recent G2 Reviews of Pynt - API Security Testing? **"[Comprehensive Review of Pynt Tool](https://www.g2.com/survey_responses/pynt-api-security-testing-review-10046930)"** **Rating:** 5.0/5.0 stars *— Vijayaraghavan (Vijay) V.* [Read full review](https://www.g2.com/survey_responses/pynt-api-security-testing-review-10046930) --- **"[Performance and Usability Review of pynt G2](https://www.g2.com/survey_responses/pynt-api-security-testing-review-11135423)"** **Rating:** 5.0/5.0 stars *— Devanggiri G.* [Read full review](https://www.g2.com/survey_responses/pynt-api-security-testing-review-11135423) --- ### 10. [BugDazz API Scanner](https://www.g2.com/products/bugdazz-api-scanner/reviews) BugDazz API Security Scanner by SecureLayer7 is a comprehensive tool designed to automatically detect vulnerabilities, misconfigurations, and security gaps in API endpoints, aiding security teams in protecting digital assets against increasing API-related threats and potential exploits. It offers real-time scanning capabilities, enabling the automatic detection of vulnerabilities as they arise. It supports authentication and access control management, allowing for the management of API controls within a single platform. BugDazz assists in achieving compliance by accelerating the generation of reports for standards such as PCI DSS and HIPAA. It integrates seamlessly with existing CI/CD pipelines, facilitating the acceleration of product rollouts. The scanner goes beyond standard OWASP Top 10 vulnerabilities, providing comprehensive protection against critical API security risks. **Average Rating:** 4.9/5.0 **Total Reviews:** 11 **How Do G2 Users Rate BugDazz API Scanner?** - **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.2/10) - **API / Integrations:** 10.0/10 (Category avg: 8.6/10) - **Detection Rate:** 9.3/10 (Category avg: 8.7/10) - **Test Automation:** 10.0/10 (Category avg: 8.7/10) **Who Is the Company Behind BugDazz API Scanner?** - **Seller:** [SecureLayer7](https://www.g2.com/sellers/securelayer7) - **Year Founded:** 2012 - **HQ Location:** Pune, Maharshtra - **Twitter:** @SecureLayer7 (2,522 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/securelayer7/ (127 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 91% Small-Business, 9% Mid-Market #### What Are BugDazz API Scanner's Pros and Cons? **Pros:** - Accuracy of Results (4 reviews) - CD Integration (4 reviews) - CI (4 reviews) - Ease of Use (4 reviews) - Scanning Technology (4 reviews) **Cons:** - Poor Documentation (2 reviews) - Difficult Learning Curve (1 reviews) - Lack of Guidance (1 reviews) - Lack of Information (1 reviews) - Learning Curve (1 reviews) ### What Do G2 Reviewers Say About BugDazz API Scanner? *AI-generated summary from verified user reviews* **Pros:** - Users praise the **accuracy of results** from BugDazz API Scanner, enhancing productivity and collaboration between teams. - Users value the **seamless CD integration** of BugDazz API Scanner, enhancing efficiency in security scanning processes. - Users appreciate the **seamless integration into CI/CD pipelines** , enabling efficient and reliable security scans without delays. - Users find BugDazz API Scanner remarkably **easy to use** , integrating smoothly into CI/CD pipelines without delays. - Users appreciate the **fast and accurate scanning technology** of BugDazz API Scanner, streamlining CI/CD workflows effectively. **Cons:** - Users feel the **documentation is poor** , lacking clarity for infrastructure-specific guidance and Jenkins integration. - Users note a **difficult learning curve** in tuning BugDazz API Scanner for various testing scenarios, though it's deemed manageable. - Users note a need for **expanded guidance** in the documentation for better infrastructure-specific support. - Users feel the **lack of information** in documentation limits effective use of the BugDazz API Scanner. - Users note a **learning curve** in optimizing scan settings, though it's considered manageable for most scenarios. #### What Are Recent G2 Reviews of BugDazz API Scanner? **"[Effective scanner and fits well into our release workflow](https://www.g2.com/survey_responses/bugdazz-api-scanner-review-12381013)"** **Rating:** 4.5/5.0 stars *— Kabilesh kumar K.* [Read full review](https://www.g2.com/survey_responses/bugdazz-api-scanner-review-12381013) --- **"[Good tool for security teams](https://www.g2.com/survey_responses/bugdazz-api-scanner-review-12300254)"** **Rating:** 4.5/5.0 stars *— Khaja moinuddin F.* [Read full review](https://www.g2.com/survey_responses/bugdazz-api-scanner-review-12300254) --- ### 11. [Cobalt](https://www.g2.com/products/cobalt-io-cobalt/reviews) Cobalt is the pioneer in pentesting as a service (PTaaS) and a leader in human-led, AI-powered offensive security services. We are focused on combining talent and technology with speed, scalability, and expertise. Thousands of customers and hundreds of partners rely on the Cobalt Offensive Security Platform, along with 500+ trusted security experts, to find and fix vulnerabilities across their environments. By enabling faster pentest launches, real-time collaboration with pentesters, and seamless integration with remediation workflows, we help organizations identify critical issues and accelerate risk mitigation so they can operate fearlessly and innovate securely. **Average Rating:** 4.5/5.0 **Total Reviews:** 176 **How Do G2 Users Rate Cobalt?** - **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10) - **API / Integrations:** 8.6/10 (Category avg: 8.6/10) - **Detection Rate:** 8.6/10 (Category avg: 8.7/10) - **Test Automation:** 8.9/10 (Category avg: 8.7/10) **Who Is the Company Behind Cobalt?** - **Seller:** [Cobalt](https://www.g2.com/sellers/cobalt-33275b9c-c870-4949-8fd5-a68eb12f96bb) - **Company Website:** https://cobalt.io/ - **Year Founded:** 2013 - **HQ Location:** San Francisco, California - **Twitter:** @cobalt_io (8,462 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/cobalt_io/ (557 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** Security Engineer, CTO - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 51% Mid-Market, 23% Small-Business #### What Are Cobalt's Pros and Cons? **Pros:** - Pentesting Efficiency (50 reviews) - Customer Support (40 reviews) - Ease of Use (39 reviews) - Communication (31 reviews) - Reporting Quality (28 reviews) **Cons:** - Expensive (14 reviews) - Limited Scope (8 reviews) - Lack of Detail (7 reviews) - Pricing Issues (6 reviews) - Inaccuracy (5 reviews) ### What Do G2 Reviewers Say About Cobalt? *AI-generated summary from verified user reviews* **Pros:** - Users appreciate the **immediate reporting and seamless process** of Cobalt, enhancing their pentesting experience significantly. - Users value Cobalt's **exceptional customer support** , which simplifies processes and enhances their overall experience. - Users find Cobalt's platform remarkably **easy to use** , ensuring a smooth pentesting experience with immediate reporting. - Users appreciate the **constant communication and collaboration** throughout the pentesting process with Cobalt. - Users appreciate the **immediate and excellent reporting** of Cobalt, enhancing their external pentesting experience seamlessly. **Cons:** - Users find Cobalt to be **expensive** , particularly burdensome for small organizations and limited application scopes. - Users find Cobalt's **limited scope** offers shallow testing, failing to adequately address crucial security elements and overall effectiveness. - Users note a **lack of detail** in Cobalt's instructions, making setup tedious and requiring additional support from sales personnel. - Users find Cobalt's **pricing issues** confusing and suggest revising the credit model for better clarity. - Users experience **inaccuracy in audits** with Cobalt, leading to inefficiencies and repetitive reporting of resolved issues. #### What Are Recent G2 Reviews of Cobalt? **"[Flexible Scheduling and Clear, Consistent Pen Test Communication](https://www.g2.com/survey_responses/cobalt-review-12678239)"** **Rating:** 4.0/5.0 stars *— Chris A.* [Read full review](https://www.g2.com/survey_responses/cobalt-review-12678239) --- **"[Collaborative, Real-World Pentesting with Actionable Findings](https://www.g2.com/survey_responses/cobalt-review-12683090)"** **Rating:** 5.0/5.0 stars *— Arpit G.* [Read full review](https://www.g2.com/survey_responses/cobalt-review-12683090) --- #### What Are G2 Users Discussing About Cobalt? - [How do you use Cobalt?](https://www.g2.com/discussions/how-do-you-use-cobalt) - [What is cobalt database?](https://www.g2.com/discussions/what-is-cobalt-database) - [What is a cobalt developer?](https://www.g2.com/discussions/what-is-a-cobalt-developer) - [Is cobalt an operating system?](https://www.g2.com/discussions/is-cobalt-an-operating-system) ### 12. [Acunetix by Invicti](https://www.g2.com/products/acunetix-by-invicti/reviews) Acunetix (by Invicti) is an automated application security testing tool that enables small security teams to tackle huge application security challenges. With fast scanning, comprehensive results, and intelligent automation, Acunetix helps organizations to reduce risk across all types of web applications, websites, and APIs. With Acunetix, security teams can: - Save time and resources by automating manual security processes - Work more seamlessly with developers, or embrace DevSecOps by integrating directly into development tools - Feel confident that every web application has been crawled entirely thanks to DAST + IAST scanning and intelligent crawling technology - Finally, make web application and API security a priority and not just an add-on with a solution that is dedicated to application and API security 100% of the time You can depend on Acunetix to meet your organization’s needs today and face the challenges of modern web technology together tomorrow. **Average Rating:** 4.1/5.0 **Total Reviews:** 100 **How Do G2 Users Rate Acunetix by Invicti?** - **Has the product been a good partner in doing business?:** 8.2/10 (Category avg: 9.2/10) - **API / Integrations:** 7.9/10 (Category avg: 8.6/10) - **Detection Rate:** 8.7/10 (Category avg: 8.7/10) - **Test Automation:** 8.1/10 (Category avg: 8.7/10) **Who Is the Company Behind Acunetix by Invicti?** - **Seller:** [Invicti Security](https://www.g2.com/sellers/invicti-security-04cb0d3d-fd96-45b2-83dc-2038fc9dac92) - **Company Website:** https://www.invicti.com/ - **Year Founded:** 2018 - **HQ Location:** Austin, Texas - **Twitter:** @InvictiSecurity (2,557 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/invicti-security/people/ (335 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 40% Enterprise, 34% Mid-Market #### What Are Acunetix by Invicti's Pros and Cons? **Pros:** - Vulnerability Detection (7 reviews) - Ease of Use (6 reviews) - Security (5 reviews) - Vulnerability Identification (5 reviews) - Accuracy of Results (4 reviews) **Cons:** - Expensive (4 reviews) - Complexity (3 reviews) - Complex Setup (3 reviews) - Slow Scanning (3 reviews) - Difficult Customization (2 reviews) ### What Do G2 Reviewers Say About Acunetix by Invicti? *AI-generated summary from verified user reviews* **Pros:** - Users value the **accurate and fast vulnerability detection** of Acunetix, enhancing their security scanning processes effectively. - Users highlight the **ease of use and integration** of Acunetix, simplifying vulnerability scanning and security processes. - Users praise the **robust security capabilities** of Acunetix, significantly enhancing web application security and vulnerability detection. - Users value the **impressive accuracy** of Acunetix in identifying vulnerabilities, enhancing web application security seamlessly. - Users value the **accuracy of results** from Acunetix, enhancing web application security effectively and reliably. **Cons:** - Users find Acunetix's **high pricing** and resource-intensive scans limiting, especially for smaller teams and projects. - Users find the **complexity of initial setup and configurations** of Acunetix can hinder its usability for newcomers. - Users find the **setup process complex** and resource-intensive, particularly for large applications and first-time configurations. - Users often experience **slow scanning** , which can disrupt workflows and make vulnerability detection frustratingly inconsistent. - Users find **difficult customization** a challenge with Acunetix, as it requires technical expertise and patience for integrations. #### What Are Recent G2 Reviews of Acunetix by Invicti? **"[Effortless Vulnerability Detection That Fits Seamlessly into DevSecOps](https://www.g2.com/survey_responses/acunetix-by-invicti-review-11909125)"** **Rating:** 5.0/5.0 stars *— Ranit D.* [Read full review](https://www.g2.com/survey_responses/acunetix-by-invicti-review-11909125) --- **"[Powerful Security Scanning Made Easy with Acunetix](https://www.g2.com/survey_responses/acunetix-by-invicti-review-11964967)"** **Rating:** 5.0/5.0 stars *— Deepesh V.* [Read full review](https://www.g2.com/survey_responses/acunetix-by-invicti-review-11964967) --- #### What Are G2 Users Discussing About Acunetix by Invicti? - [How has Acunetix supported your web security efforts, and what features do you rely on most?](https://www.g2.com/discussions/how-has-acunetix-supported-your-web-security-efforts-and-what-features-do-you-rely-on-most) - [What is Acunetix by Invicti used for?](https://www.g2.com/discussions/what-is-acunetix-by-invicti-used-for) ### 13. [Edgescan](https://www.g2.com/products/edgescan/reviews) What Is Edgescan? Edgescan is a cybersecurity company that helps organizations proactively identify, validate, and prioritize vulnerabilities across their applications, API’s and digital landscape. The company specializes in continuous vulnerability assessment, automated penetration testing, Attack Surface Management and Penetration Testing as a Service (PTaaS). Edgescan combines advanced automation with certified security experts, including professionals holding credentials such as CREST and OSCP, to deliver highly accurate and actionable security testing. This hybrid approach allows organizations to move beyond traditional point-in-time penetration tests and operate a continuous proactive cybersecurity program. The Edgescan platform is designed primarily for web application and API security, enabling organizations to continuously assess their attack surface and identify vulnerabilities throughout the development lifecycle but also delivers “full stack” coverage to detect host layer CVE’s. With a client retention rate of over 90%, Edgescan has built long-term partnerships by delivering measurable improvements in security efficiency, risk visibility, and vulnerability management. Key Features and Capabilities of Edgescan Automated Penetration Testing Edgescan uses intelligent automation to continuously assess applications, APIs, hosts, and cloud environments for vulnerabilities. This enables frequent, scalable security testing across modern and distributed architectures. Human‑Validated Testing Findings are reviewed and manually validated by certified security experts to eliminate false positives and provide deeper insight into real‑world exploitability. Each result is accurate, contextual, and actionable. Penetration Testing as a Service (PTaaS) Edgescan’s PTaaS model extends beyond automated testing by allowing expert testers to focus on vulnerabilities that require human analysis, including: • Business logic flaws • Authentication and authorization weaknesses • Context-dependent exposures • Complex attack chains and privilege escalation paths Cyber Analytics and AI‑Assisted Validation AI-driven analysis enhances detection, verifies exploitability, and increases accuracy. This reduces noise and gives security teams a clearer picture of genuine threats. Integrated Threat Intelligence Edgescan correlates vulnerabilities with real-world threat intelligence, including known exploits and ransomware activity to help organizations prioritize the most dangerous exposures first. Risk‑Based Prioritization Findings are prioritized based on exploitability, severity, threat context, and business impact, ensuring teams focus on the issues that matter most. Primary Value: What Edgescan Solves for Clients Edgescan enables organizations to shift from reactive vulnerability management to a continuous, proactive security model. Traditional scanners and periodic penetration tests frequently produce large volumes of unvalidated findings. This creates noise and forces security teams to spend hours determining which issues are real and critical. Edgescan solves this by combining: Automation for continuous testing Human expertise for validation and complex analysis Cyber analytics and AI for accuracy and prioritization Key Benefits Significant efficiency gains: reducing thousands of hours spent on manual validation. Higher accuracy, thanks to expert‑validated findings and reduced false positives. Clear prioritization, using threat intelligence and ransomware insights to highlight the highest‑risk exposures. Continuous security improvement, enabling rapid detection, faster remediation, and scalable vulnerability management. By unifying automation, human expertise, AI, and threat intelligence, Edgescan empowers organizations to maintain a continuous cybersecurity program that strengthens overall security posture while dramatically reducing operational burden. **Average Rating:** 4.7/5.0 **Total Reviews:** 51 **How Do G2 Users Rate Edgescan?** - **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10) - **API / Integrations:** 8.0/10 (Category avg: 8.6/10) - **Detection Rate:** 9.2/10 (Category avg: 8.7/10) - **Test Automation:** 9.3/10 (Category avg: 8.7/10) **Who Is the Company Behind Edgescan?** - **Seller:** [Edgescan](https://www.g2.com/sellers/edgescan) - **Company Website:** https://www.edgescan.com - **Year Founded:** 2017 - **HQ Location:** Dublin, Dublin - **Twitter:** @edgescan (2,256 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/2928425/ (88 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 32% Enterprise, 32% Mid-Market #### What Are Edgescan's Pros and Cons? **Pros:** - Ease of Use (25 reviews) - Vulnerability Detection (24 reviews) - Customer Support (19 reviews) - Vulnerability Identification (19 reviews) - Features (18 reviews) **Cons:** - Complex UI (5 reviews) - Limited Customization (5 reviews) - Poor Interface Design (5 reviews) - Slow Performance (5 reviews) - UX Improvement (5 reviews) ### What Do G2 Reviewers Say About Edgescan? *AI-generated summary from verified user reviews* **Pros:** - Users appreciate Edgescan's **ease of use** , facilitating quick navigation and straightforward vulnerability management for all stakeholders. - Users value the **automated vulnerability detection** features of Edgescan, enhancing security assessments and remediation efficiency. - Users commend Edgescan's **excellent customer support** , highlighting its proactivity and responsiveness whenever needed. - Users value the **automated vulnerability identification** features of Edgescan, enhancing security assessments and facilitating efficient risk management. - Users value the **intuitive interface and comprehensive features** of Edgescan, enhancing security assessment efficiency and clarity. **Cons:** - Users find the **complex UI** challenging initially, with navigation and settings difficult to locate. - Users find **limited customization options** in Edgescan, affecting how they can tailor the platform to their needs. - Users find the **poor interface design** limits usability, making navigation and data access challenging. - Users experience **slow performance** with Edgescan due to manual validation, causing longer scan completion times. - Users find the **UI not user friendly** , noting its antiquated design and lack of intuitive navigation. #### What Are Recent G2 Reviews of Edgescan? **"[Edgescan: Easy Setup, Clear Insights, and Expert Security Support](https://www.g2.com/survey_responses/edgescan-review-12224347)"** **Rating:** 5.0/5.0 stars *— Matt W.* [Read full review](https://www.g2.com/survey_responses/edgescan-review-12224347) --- **"[Edgescan Is Amazing!](https://www.g2.com/survey_responses/edgescan-review-11014532)"** **Rating:** 5.0/5.0 stars *— Greg S.* [Read full review](https://www.g2.com/survey_responses/edgescan-review-11014532) --- #### What Are G2 Users Discussing About Edgescan? - [What is edgescan used for?](https://www.g2.com/discussions/what-is-edgescan-used-for) - 1 comment ### 14. [Jit](https://www.g2.com/products/jit/reviews) Jit is redefining application security by introducing the first Agentic AppSec Platform, seamlessly blending human expertise with AI-driven automation. Designed for modern development teams, Jit empowers organizations to proactively manage security risks across the entire software development lifecycle.​ AI-Powered Agents Jit's AI Agents, such as SERA (Security Evaluation and Remediation Agent) and COTA (Communication, Ops, and Ticketing Agent), collaborate with your teams to automate vulnerability triage, risk assessment, and remediation processes, significantly reducing manual workloads. ​ Comprehensive Security Scanning Achieve full-stack security coverage with integrated scanners for SAST, DAST, SCA, IaC, CSPM, and more. Jit's platform ensures continuous monitoring and immediate feedback on code changes, facilitating rapid identification and resolution of security issues. ​ Developer-Centric Experience With integrations into popular IDEs and CI/CD pipelines, Jit provides developers with contextual security insights directly within their workflows, promoting a shift-left approach without disrupting productivity. ​ Agentic AI for AppSec Teams Risk-Based Prioritization Utilizing the Model Context Protocol (MCP), Jit evaluates vulnerabilities in the context of runtime environments, business impact, and compliance requirements, enabling teams to focus on the most critical risks. ​ Seamless Integrations Jit integrates with a wide array of tools, including GitHub, GitLab, AWS, Azure, GCP, Jira, Slack, and more, ensuring that security processes are embedded within your existing technology stack. ​ **Average Rating:** 4.5/5.0 **Total Reviews:** 43 **How Do G2 Users Rate Jit?** - **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.2/10) - **API / Integrations:** 8.7/10 (Category avg: 8.6/10) - **Detection Rate:** 9.0/10 (Category avg: 8.7/10) - **Test Automation:** 8.5/10 (Category avg: 8.7/10) **Who Is the Company Behind Jit?** - **Seller:** [jit](https://www.g2.com/sellers/jit) - **Year Founded:** 2021 - **HQ Location:** Boston, MA - **Twitter:** @jit_io (522 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/jit/ (150 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software, Financial Services - **Company Size:** 44% Mid-Market, 42% Small-Business #### What Are Jit's Pros and Cons? **Pros:** - Security (10 reviews) - Easy Integrations (8 reviews) - Ease of Use (7 reviews) - Efficiency (7 reviews) - Integration Support (7 reviews) **Cons:** - Integration Issues (4 reviews) - Limited Features (4 reviews) - Limited Integration (4 reviews) - Poor Documentation (4 reviews) - Complexity (3 reviews) ### What Do G2 Reviewers Say About Jit? *AI-generated summary from verified user reviews* **Pros:** - Users value the **robust security features** of Jit, seamlessly integrating security and development for improved collaboration. - Users value the **easy integrations** of Jit, seamlessly incorporating security into their development practices and workflows. - Users appreciate the **ease of use** of Jit, finding it lightweight and simple to integrate into workflows. - Users value the **efficient integration** of security in development workflows, significantly saving time and reducing complexity. - Users appreciate the **easy integration support** of Jit, seamlessly embedding security into their development workflows. **Cons:** - Users encounter **integration issues** with Jit, particularly with third-party tools and CI setups requiring additional manual configuration. - Users find the **limited features** of Jit lacking for complex needs, desiring more customization and better analytics. - Users encounter **limited integration** with third-party tools, affecting advanced configurations and overall functionality. - Users feel the **documentation is lacking** , especially for advanced configurations, complicating the overall user experience. - Users find that the **complexity in configuration** and onboarding can hinder their overall experience with Jit. #### What Are Recent G2 Reviews of Jit? **"[Exploring jit a personal review](https://www.g2.com/survey_responses/jit-review-11751139)"** **Rating:** 4.0/5.0 stars *— Mohamed A.* [Read full review](https://www.g2.com/survey_responses/jit-review-11751139) --- **"[Helpful Tool for Integrating Security in Mobile App Development](https://www.g2.com/survey_responses/jit-review-11750234)"** **Rating:** 4.0/5.0 stars *— Ali A.* [Read full review](https://www.g2.com/survey_responses/jit-review-11750234) --- ### 15. [Akto API Security Platform](https://www.g2.com/products/akto-api-security-platform/reviews) Akto is a trusted platform for application security and product security teams to build an enterprise-grade API security program throughout their DevSecOps pipeline. Our industry-leading suite of — API discovery, API security posture management, sensitive data exposure, and API security testing solutions enables organizations to gain visibility in their API security posture. 1,000+ Application Security teams globally trust Akto for their API security needs. Akto use cases: 1. API Discovery 2. API Security Testing in CI/CD 3. API Security Posture Management 4. Authentication and Authorization Testing 5. Sensitive data Exposure 6. Shift left in DevSecOps **Average Rating:** 4.5/5.0 **Total Reviews:** 54 **How Do G2 Users Rate Akto API Security Platform?** - **Has the product been a good partner in doing business?:** 9.1/10 (Category avg: 9.2/10) - **API / Integrations:** 9.0/10 (Category avg: 8.6/10) - **Detection Rate:** 8.1/10 (Category avg: 8.7/10) - **Test Automation:** 8.8/10 (Category avg: 8.7/10) **Who Is the Company Behind Akto API Security Platform?** - **Seller:** [Akto.io](https://www.g2.com/sellers/akto-io) - **Company Website:** https://www.akto.io - **Year Founded:** 2022 - **HQ Location:** San Francisco, California - **Twitter:** @Aktodotio (1,357 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/akto-io/ (29 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Financial Services, Information Technology and Services - **Company Size:** 44% Mid-Market, 40% Small-Business #### What Are Akto API Security Platform's Pros and Cons? **Pros:** - Ease of Use (22 reviews) - API Testing (20 reviews) - Automation Testing (19 reviews) - API Management (17 reviews) - Security (17 reviews) **Cons:** - Complex Setup (9 reviews) - Poor Documentation (8 reviews) - API Issues (7 reviews) - Complexity (7 reviews) - Setup Complexity (7 reviews) ### What Do G2 Reviewers Say About Akto API Security Platform? *AI-generated summary from verified user reviews* **Pros:** - Users appreciate the **ease of use** of Akto API Security Platform, enabling quick setup and effective security assessments. - Users praise Akto for its **easy API security testing integration** , seamlessly fitting into CI/CD pipelines and enhancing efficiency. - Users appreciate the **automation testing** capabilities of Akto, which streamline API security and save valuable time. - Users appreciate the **seamless API integration** of Akto, enabling effortless security testing and quick detection of vulnerabilities. - Users appreciate the **robust security features** of Akto, which efficiently identify and resolve API vulnerabilities. **Cons:** - Users find the **complex setup** challenging, requiring detailed documentation and YAML expertise, which can hinder usability. - Users find the **documentation poor** , making it challenging to configure advanced features effectively. - Users find that **API issues** hinder their experience, particularly due to a steep learning curve and complex configurations. - Users note the **complexity of understanding API security concepts** , which can make the initial experience challenging for newcomers. - Users find the **setup complexity** challenging, particularly with advanced configurations and limited documentation, despite helpful support. #### What Are Recent G2 Reviews of Akto API Security Platform? **"[Easy to Implement, Clear API Security Visibility, and Responsive Support](https://www.g2.com/survey_responses/akto-api-security-platform-review-12272742)"** **Rating:** 4.5/5.0 stars *— Verified User in Information Technology and Services* [Read full review](https://www.g2.com/survey_responses/akto-api-security-platform-review-12272742) --- **"[Easy to Use API Security Tool That Helps Save Time](https://www.g2.com/survey_responses/akto-api-security-platform-review-11240428)"** **Rating:** 4.5/5.0 stars *— ashish d.* [Read full review](https://www.g2.com/survey_responses/akto-api-security-platform-review-11240428) --- ### 16. [Bright Security](https://www.g2.com/products/bright-security/reviews) Bright Security’s dev-centric DAST platform empowers both developers and AppSec professionals with enterprise-grade security testing capabilities for web applications, APIs, and GenAI and LLM applications. Bright knows how to deliver the right tests, at the right time in the SDLC, in developers and AppSec tools and stacks of choice with minimal false positives and alert fatigue. **Average Rating:** 4.7/5.0 **Total Reviews:** 29 **How Do G2 Users Rate Bright Security?** - **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.2/10) - **API / Integrations:** 8.3/10 (Category avg: 8.6/10) - **Detection Rate:** 8.2/10 (Category avg: 8.7/10) - **Test Automation:** 8.9/10 (Category avg: 8.7/10) **Who Is the Company Behind Bright Security?** - **Seller:** [Bright Security ](https://www.g2.com/sellers/bright-security) - **Year Founded:** 2018 - **HQ Location:** San Rafael - **Twitter:** @BrightAppSec (1,511 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/brightappsec (111 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer & Network Security, Information Technology and Services - **Company Size:** 52% Enterprise, 34% Mid-Market #### What Are Bright Security's Pros and Cons? **Pros:** - Accuracy of Results (4 reviews) - Automated Scanning (4 reviews) - Ease of Use (4 reviews) - Detection (3 reviews) - Easy Integrations (3 reviews) **Cons:** - Learning Curve (3 reviews) - Complex Setup (2 reviews) - Setup Complexity (2 reviews) - Complexity (1 reviews) - Confusing Interface (1 reviews) ### What Do G2 Reviewers Say About Bright Security? *AI-generated summary from verified user reviews* **Pros:** - Users commend the **accuracy of results** from Bright Security, focusing only on significant vulnerabilities for effective remediation. - Users value the **fast and thorough automated scanning** of Bright Security, seamlessly integrating into their development workflow. - Users value the **ease of use** of Bright Security, seamlessly integrating security testing into their development workflow. - Users praise the **effective detection** capabilities of Bright Security, minimizing noise and focusing on true vulnerabilities. - Users value the **easy integrations** of Bright Security, enhancing their CI/CD workflows without hindering deployment speed. **Cons:** - Users note a challenging **learning curve** with Bright Security, particularly in setup and navigating the dashboard effectively. - Users find the **complex setup** challenging due to the learning curve and need for better onboarding resources. - Users find the **setup complexity** challenging, requiring time to understand configurations and navigate advanced features. - Users find the **complexity of setup and learning curve** challenging, especially for those new to security tools. - Users find the **interface confusing** , as it can be dense and challenging to navigate settings on the dashboard. #### What Are Recent G2 Reviews of Bright Security? **"[Modern, Insightful, and Seamlessly Fits Our Workflow](https://www.g2.com/survey_responses/bright-security-review-12164035)"** **Rating:** 4.5/5.0 stars *— Gauri K.* [Read full review](https://www.g2.com/survey_responses/bright-security-review-12164035) --- **"[Reliable and Developer-Friendly Security Solution](https://www.g2.com/survey_responses/bright-security-review-12157897)"** **Rating:** 4.5/5.0 stars *— John S.* [Read full review](https://www.g2.com/survey_responses/bright-security-review-12157897) --- ### 17. [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews) Veracode helps companies that innovate through software deliver secure code on time. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline,empower developers to fix security defects, and scales your program through best practices to achieve your desired outcomes. Veracode covers your all your AppSec needs in one solution through a combination of five analysis types available for 24 programming languages, 77 frameworks, and application types as varied as microservices, mainframe and mobile apps. **Average Rating:** 3.8/5.0 **Total Reviews:** 25 **How Do G2 Users Rate Veracode Application Security Platform?** - **Has the product been a good partner in doing business?:** 7.9/10 (Category avg: 9.2/10) - **API / Integrations:** 7.9/10 (Category avg: 8.6/10) - **Detection Rate:** 8.0/10 (Category avg: 8.7/10) - **Test Automation:** 9.0/10 (Category avg: 8.7/10) **Who Is the Company Behind Veracode Application Security Platform?** - **Seller:** [VERACODE](https://www.g2.com/sellers/veracode) - **Year Founded:** 2006 - **HQ Location:** Burlington, MA - **Twitter:** @Veracode (21,950 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/27845/ (505 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services - **Company Size:** 69% Enterprise, 31% Mid-Market #### What Are Veracode Application Security Platform's Pros and Cons? **Pros:** - Security (5 reviews) - Vulnerability Detection (5 reviews) - Automated Scanning (3 reviews) - Detection (3 reviews) - Ease of Use (3 reviews) **Cons:** - Expensive (2 reviews) - Lack of Information (2 reviews) - Licensing Issues (2 reviews) - Poor Customer Support (2 reviews) - Pricing Issues (2 reviews) ### What Do G2 Reviewers Say About Veracode Application Security Platform? *AI-generated summary from verified user reviews* **Pros:** - Users value the **robust security features** of Veracode, effectively identifying vulnerabilities and maintaining high code standards. - Users value the **effective vulnerability detection** of Veracode, enhancing security and streamlining the development process seamlessly. - Users value the **automated scanning** efficiency of Veracode, enhancing security and streamlining the development process seamlessly. - Users highlight the **effective detection of security vulnerabilities** , enhancing application security and streamlining development processes. - Users appreciate the **ease of use** of Veracode Application Security Platform, simplifying security integration with development processes. **Cons:** - Users find the **costs increasingly high** , with complex licensing and questionable value for the investment made. - Users experience **lack of information** about feature discrepancies and uncommunicated issues during the upload process. - Users criticize the **overly complex licensing model** and inconsistent feature delivery, leading to dissatisfaction and pressure. - Users experience **poor customer support** with unfulfilled promises and dependency on the team, complicating their workflow. - Users express concerns over **pricing issues** , noting increased costs, complex licensing, and pressure from sales teams. #### What Are Recent G2 Reviews of Veracode Application Security Platform? **"[Streamlined Security, Effortless Integration](https://www.g2.com/survey_responses/veracode-application-security-platform-review-11757799)"** **Rating:** 5.0/5.0 stars *— Bhanu Prakash M.* [Read full review](https://www.g2.com/survey_responses/veracode-application-security-platform-review-11757799) --- **"[Clear, Unified View of Application Capabilities](https://www.g2.com/survey_responses/veracode-application-security-platform-review-12910910)"** **Rating:** 4.5/5.0 stars *— Christopher S.* [Read full review](https://www.g2.com/survey_responses/veracode-application-security-platform-review-12910910) --- #### What Are G2 Users Discussing About Veracode Application Security Platform? - [What is difference between veracode and SonarQube?](https://www.g2.com/discussions/what-is-difference-between-veracode-and-sonarqube) - [What is veracode software composition analysis?](https://www.g2.com/discussions/what-is-veracode-software-composition-analysis) - [What is veracode used for?](https://www.g2.com/discussions/what-is-veracode-used-for) - [What is the veracode application security platform?](https://www.g2.com/discussions/what-is-the-veracode-application-security-platform) ### 18. [Veracode Dynamic Analysis](https://www.g2.com/products/veracode-dynamic-analysis/reviews) Veracode Dynamic Analysis helps companies scan their web applications for exploitable vulnerabilities at scale. With an ability to test thousands of applications simultaneously and a less than 1% false positive rate coupled with comprehensive remediation guidance, customers are able to rapidly reduce their risk of a breach across their web applications.The solution integrates with Veracode Discovery, which maps your web attack surface, to scan inventoried sites **Average Rating:** 4.3/5.0 **Total Reviews:** 14 **How Do G2 Users Rate Veracode Dynamic Analysis?** - **Has the product been a good partner in doing business?:** 7.3/10 (Category avg: 9.2/10) - **API / Integrations:** 9.4/10 (Category avg: 8.6/10) - **Detection Rate:** 9.2/10 (Category avg: 8.7/10) - **Test Automation:** 9.4/10 (Category avg: 8.7/10) **Who Is the Company Behind Veracode Dynamic Analysis?** - **Seller:** [VERACODE](https://www.g2.com/sellers/veracode) - **Year Founded:** 2006 - **HQ Location:** Burlington, MA - **Twitter:** @Veracode (21,950 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/27845/ (505 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 75% Enterprise, 19% Mid-Market #### What Are Recent G2 Reviews of Veracode Dynamic Analysis? **"[Dynamic Analysis Security Testing (DAST)](https://www.g2.com/survey_responses/veracode-dynamic-analysis-review-5100493)"** **Rating:** 4.0/5.0 stars *— Syed Ubaid A.* [Read full review](https://www.g2.com/survey_responses/veracode-dynamic-analysis-review-5100493) --- **"[Very Low False Positives and Actionable Results](https://www.g2.com/survey_responses/veracode-dynamic-analysis-review-12516427)"** **Rating:** 4.5/5.0 stars *— Tarun K.* [Read full review](https://www.g2.com/survey_responses/veracode-dynamic-analysis-review-12516427) --- ### 19. [Indusface WAS](https://www.g2.com/products/indusface-was/reviews) Indusface WAS (Web Application Scanner) provides comprehensive managed dynamic application security testing (DAST) solution. It is a zero-touch, non-intrusive cloud-based solution that provides daily monitoring for web applications, checking for systems and application vulnerabilities, and malware. Indusface WAS with its automated scans & manual pentesting done by certified security experts ensures none of the OWASP Top10, business logic vulnerabilities, and malware go unnoticed. With zero false-positive guarantee and comprehensive reporting with remediation guidance, Indusface web app scanning ensures developers to quickly fix vulnerabilities seamlessly. **Average Rating:** 4.6/5.0 **Total Reviews:** 63 **How Do G2 Users Rate Indusface WAS?** - **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10) - **API / Integrations:** 9.7/10 (Category avg: 8.6/10) - **Detection Rate:** 9.4/10 (Category avg: 8.7/10) - **Test Automation:** 9.4/10 (Category avg: 8.7/10) **Who Is the Company Behind Indusface WAS?** - **Seller:** [Indusface](https://www.g2.com/sellers/indusface) - **Year Founded:** 2012 - **HQ Location:** Vadodara - **Twitter:** @Indusface (3,472 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/indusface/ (180 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 52% Small-Business, 37% Mid-Market #### What Are Indusface WAS's Pros and Cons? **Pros:** - Vulnerability Detection (19 reviews) - Vulnerability Identification (16 reviews) - Customer Support (6 reviews) - Scanning Efficiency (6 reviews) - Security (6 reviews) **Cons:** - Expensive (2 reviews) - Confusing Interface (1 reviews) - Lacking Features (1 reviews) - Limited Scope (1 reviews) - Poor Interface Design (1 reviews) ### What Do G2 Reviewers Say About Indusface WAS? *AI-generated summary from verified user reviews* **Pros:** - Users value the **effective vulnerability detection** by Indusface WAS, benefiting from prioritized fixes and comprehensive remediation guidance. - Users value the **consistent vulnerability identification** of Indusface WAS, ensuring reliable protection during deployments. - Users commend the **excellent customer support** from Indusface, ensuring timely assistance and effective issue resolution. - Users value the **scanning efficiency** of Indusface WAS, ensuring thorough security assessments and timely vulnerability updates. - Users value the **high-quality security scans** of Indusface WAS, enhancing their accreditation and vulnerability management processes. **Cons:** - Users feel the solution is **expensive** , particularly for staging environments and higher SSL certificate costs compared to competitors. - Users find the **interface confusing** and suggest improvements for better intuitiveness and modern design. - Users express concern over the **lack of special pricing for development environment scans** , affecting testing capabilities. - Users feel the **limited scope** of Indusface WAS hinders testing in staging or development environments. - Users find the **interface outdated and unintuitive** , but improvements are on the way from the development team. #### What Are Recent G2 Reviews of Indusface WAS? **"[Vulnerability and malware scanner in one](https://www.g2.com/survey_responses/indusface-was-review-11323529)"** **Rating:** 5.0/5.0 stars *— Verified User in Insurance* [Read full review](https://www.g2.com/survey_responses/indusface-was-review-11323529) --- **"[Great support Given by shivani](https://www.g2.com/survey_responses/indusface-was-review-11074325)"** **Rating:** 5.0/5.0 stars *— Sai N.* [Read full review](https://www.g2.com/survey_responses/indusface-was-review-11074325) --- #### What Are G2 Users Discussing About Indusface WAS? - [What is Indusface WAS used for?](https://www.g2.com/discussions/what-is-indusface-was-used-for) ### 20. [HCL AppScan](https://www.g2.com/products/hcl-appscan/reviews) HCL AppScan is a comprehensive suite of market-leading application security testing solutions (SAST, DAST, IAST, SCA, API), available on-premises and on-cloud. These powerful DevSecOps tools pinpoint application vulnerabilities, allowing for quick remediation in every phase of the software development lifecycle. Fast and Accurate Scanning for Secure DevOps Developers and DevOps teams can quickly and accurately scan code, applications, and APIs for security vulnerabilities while applications are being developed. This allows companies to fix issues at the earliest stages of the software development lifecycle, when it is least costly to the business. Focus on the Fix Continuous monitoring with IAST, along with auto issue correlation with DAST and SAST scan results allows DevOps teams to group and prioritize findings for faster, more streamlined remediation. Enterprise Management for Security Teams Centralized, easy-to-use dashboards provide visibility and oversight of all security scanning and remediation, and allow users to set scan parameters and compliance policies. **Average Rating:** 4.1/5.0 **Total Reviews:** 74 **How Do G2 Users Rate HCL AppScan?** - **Has the product been a good partner in doing business?:** 8.8/10 (Category avg: 9.2/10) - **API / Integrations:** 8.1/10 (Category avg: 8.6/10) - **Detection Rate:** 8.2/10 (Category avg: 8.7/10) - **Test Automation:** 7.9/10 (Category avg: 8.7/10) **Who Is the Company Behind HCL AppScan?** - **Seller:** [HCL Technologies](https://www.g2.com/sellers/hcl-technologies) - **Year Founded:** 1999 - **HQ Location:** Noida, Uttar Pradesh - **Twitter:** @hcltech (425,043 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/1756/ (246,058 employees on LinkedIn®) - **Ownership:** NSE - National Stock Exchange of India **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 54% Enterprise, 28% Small-Business #### What Are Recent G2 Reviews of HCL AppScan? **"[Easy to setup and powerful application security](https://www.g2.com/survey_responses/hcl-appscan-review-9387983)"** **Rating:** 4.0/5.0 stars *— chandramohan K.* [Read full review](https://www.g2.com/survey_responses/hcl-appscan-review-9387983) --- **"[A Testing Suite that packs quite a punch!](https://www.g2.com/survey_responses/hcl-appscan-review-9215302)"** **Rating:** 5.0/5.0 stars *— Pranav U.* [Read full review](https://www.g2.com/survey_responses/hcl-appscan-review-9215302) --- #### What Are G2 Users Discussing About HCL AppScan? - [What is HCL AppScan used for?](https://www.g2.com/discussions/what-is-hcl-appscan-used-for) - [What does HCL AppScan do?](https://www.g2.com/discussions/what-does-hcl-appscan-do) - [Who owns AppScan?](https://www.g2.com/discussions/who-owns-appscan) - 1 comment - [Is AppScan free?](https://www.g2.com/discussions/is-appscan-free) - 1 comment ### 21. [Beagle Security](https://www.g2.com/products/beagle-security/reviews) Beagle Security helps you identify vulnerabilities in your web applications, APIs, GraphQL and remediate them with actionable insights before hackers harm you in any manner. With Beagle Security, you can integrate automated penetration testing into your CI/CD pipeline to identify security issues earlier in your development lifecycle and ship safer web applications. Major features: - Checks your web apps & APIs for 3000+ test cases to find security loopholes - OWASP & SANS standards - Recommendations to address security issues - Security test complex web apps with login - Compliance reports (GDPR, HIPAA & PCI DSS) - Test scheduling - DevSecOps integrations - API integration - Team access - Integrations with popular tools like Slack, Jira, Asana, Trello & 100+ other tools **Average Rating:** 4.7/5.0 **Total Reviews:** 85 **How Do G2 Users Rate Beagle Security?** - **Has the product been a good partner in doing business?:** 9.5/10 (Category avg: 9.2/10) - **API / Integrations:** 7.9/10 (Category avg: 8.6/10) - **Detection Rate:** 9.2/10 (Category avg: 8.7/10) - **Test Automation:** 9.7/10 (Category avg: 8.7/10) **Who Is the Company Behind Beagle Security?** - **Seller:** [Beagle Security](https://www.g2.com/sellers/beagle-security) - **Year Founded:** 2020 - **HQ Location:** San Francisco, US - **Twitter:** @beaglesecure (206 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/beaglesecurity/ (50 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** Director, CEO - **Top Industries:** Marketing and Advertising, Information Technology and Services - **Company Size:** 91% Small-Business, 7% Mid-Market #### What Are Beagle Security's Pros and Cons? **Pros:** - Reporting Quality (1 reviews) - Setup Ease (1 reviews) ### What Do G2 Reviewers Say About Beagle Security? *AI-generated summary from verified user reviews* **Pros:** - Users appreciate the **attractive and comprehensive reporting** of Beagle Security, making configuration easy and effective. - Users love the **setup ease** of Beagle Security, finding it simple and efficient to configure. #### What Are Recent G2 Reviews of Beagle Security? **"[Comprehensive Security Testing with Actionable Insights](https://www.g2.com/survey_responses/beagle-security-review-12619693)"** **Rating:** 5.0/5.0 stars *— Nkosinathi T.* [Read full review](https://www.g2.com/survey_responses/beagle-security-review-12619693) --- **"[Very thorough service that gives us good Ci/CD assurance between Pen Tests](https://www.g2.com/survey_responses/beagle-security-review-11354043)"** **Rating:** 5.0/5.0 stars *— Matt B.* [Read full review](https://www.g2.com/survey_responses/beagle-security-review-11354043) --- #### What Are G2 Users Discussing About Beagle Security? - [How has Beagle Security enhanced your web security, and what features would you like to see added?](https://www.g2.com/discussions/how-has-beagle-security-enhanced-your-web-security-and-what-features-would-you-like-to-see-added) - [What is Beagle Security used for?](https://www.g2.com/discussions/what-is-beagle-security-used-for) - 1 comment ### 22. [Contrast Security](https://www.g2.com/products/contrast-security-contrast-security/reviews) Contrast Security is the global leader in Application Detection and Response (ADR), empowering organizations to see and stop attacks on applications and APIs in real time. Contrast embeds patented threat sensors directly into the software, delivering unmatched visibility and protection. With continuous, real-time defense, Contrast uncovers hidden application layer risks that traditional solutions miss. Contrast’s powerful Runtime Security technology equips developers, AppSec teams and SecOps with one platform that proactively protects and defends applications and APIs against evolving threats. **Average Rating:** 4.5/5.0 **Total Reviews:** 49 **How Do G2 Users Rate Contrast Security?** - **Has the product been a good partner in doing business?:** 9.0/10 (Category avg: 9.2/10) - **API / Integrations:** 8.7/10 (Category avg: 8.6/10) - **Detection Rate:** 8.2/10 (Category avg: 8.7/10) - **Test Automation:** 8.3/10 (Category avg: 8.7/10) **Who Is the Company Behind Contrast Security?** - **Seller:** [Contrast Security](https://www.g2.com/sellers/contrast-security) - **Company Website:** https://contrastsecurity.com - **Year Founded:** 2014 - **HQ Location:** Pleasanton, CA - **Twitter:** @contrastsec (5,468 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/contrast-security/ (196 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Insurance, Information Technology and Services - **Company Size:** 67% Enterprise, 20% Mid-Market #### What Are Contrast Security's Pros and Cons? **Pros:** - Accuracy of Findings (2 reviews) - Accuracy of Results (2 reviews) - Vulnerability Detection (2 reviews) - Automated Scanning (1 reviews) - Automation (1 reviews) **Cons:** - Complex Setup (1 reviews) - Difficult Setup (1 reviews) - Performance Issues (1 reviews) - Problematic Updates (1 reviews) - Setup Complexity (1 reviews) ### What Do G2 Reviewers Say About Contrast Security? *AI-generated summary from verified user reviews* **Pros:** - Users value the **accuracy of findings** from Contrast Security, ensuring greater precision in identifying vulnerabilities. - Users value the **accuracy of results** from Contrast Security, benefiting from precise vulnerability monitoring and analysis. - Users commend the **real-time vulnerability detection** of Contrast Security, appreciating its quick feedback and agile support. - Users commend the **real-time vulnerability detection** of Contrast Security, appreciating its quick turnaround and excellent support. - Users value the **real-time security testing** and excellent support from Contrast Security, enhancing their overall security posture. **Cons:** - Users experienced **performance issues** with Contrast Security, particularly with Java applications, but found support helpful in resolving them. #### What Are Recent G2 Reviews of Contrast Security? **"[Shift-Smart with Contrast](https://www.g2.com/survey_responses/contrast-security-review-8492224)"** **Rating:** 5.0/5.0 stars *— Kiran S.* [Read full review](https://www.g2.com/survey_responses/contrast-security-review-8492224) --- **"[Contrast Security makes application security simple](https://www.g2.com/survey_responses/contrast-security-review-8516563)"** **Rating:** 5.0/5.0 stars *— Verified User in Higher Education* [Read full review](https://www.g2.com/survey_responses/contrast-security-review-8516563) --- #### What Are G2 Users Discussing About Contrast Security? - [What is contrast protect?](https://www.g2.com/discussions/what-is-contrast-protect) - [Is Contrast security SaaS?](https://www.g2.com/discussions/is-contrast-security-saas) - [What is Contrast security tool?](https://www.g2.com/discussions/what-is-contrast-security-tool) - [What does contrast security do?](https://www.g2.com/discussions/what-does-contrast-security-do) ### 23. [StackHawk](https://www.g2.com/products/stackhawk/reviews) StackHawk is reimagining AppSec for AI-driven development, where applications are built faster than traditional AppSec tools can keep up. Our AppSec Intelligence Platform combines scalable runtime testing with complete attack surface discovery from source code. We integrate directly into development workflows and provide context-aware remediations to developers, enabling teams to find and fix exploitable vulnerabilities before they reach production. With real-time visibility and centralized program intelligence, AppSec teams can prioritize testing and fixing what matters. Companies like British Airways, ITV, and Norstella trust StackHawk to evaluate application risk, prove program value, and scale testing coverage to match development velocity. **Average Rating:** 4.6/5.0 **Total Reviews:** 67 **How Do G2 Users Rate StackHawk?** - **Has the product been a good partner in doing business?:** 9.1/10 (Category avg: 9.2/10) - **API / Integrations:** 8.8/10 (Category avg: 8.6/10) - **Detection Rate:** 8.1/10 (Category avg: 8.7/10) - **Test Automation:** 8.8/10 (Category avg: 8.7/10) **Who Is the Company Behind StackHawk?** - **Seller:** [StackHawk](https://www.g2.com/sellers/stackhawk) - **Company Website:** https://stackhawk.com - **Year Founded:** 2019 - **HQ Location:** Denver, CO - **Twitter:** @StackHawk (1,137 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/40780406/ (34 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 46% Small-Business, 35% Mid-Market #### What Are StackHawk's Pros and Cons? **Pros:** - Easy Integrations (4 reviews) - Customer Support (3 reviews) - Customizability (3 reviews) - Efficiency Improvement (3 reviews) - Scanning Efficiency (3 reviews) **Cons:** - Complex Setup (3 reviews) - High Learning Curve (3 reviews) - Lacking Features (3 reviews) - Limited Scope (3 reviews) - Setup Complexity (3 reviews) ### What Do G2 Reviewers Say About StackHawk? *AI-generated summary from verified user reviews* **Pros:** - Users appreciate the **easy integrations** of StackHawk, enhancing their CI/CD pipelines with seamless configuration. - Users commend StackHawk's **exceptional customer support** , highlighting their expertise and thorough onboarding process for seamless integration. - Users value the **customizability** of StackHawk, enabling tailored workflows and seamless integration within diverse environments. - Users value the **efficiency improvements** from StackHawk, seamlessly integrating into workflows and enhancing productivity without delays. - Users commend StackHawk for its **scanning efficiency** , noting impressive speed and seamless integration into development processes. **Cons:** - Users find the **complex setup** of StackHawk frustrating due to inadequate documentation and required collaboration for configurations. - Users face a **high learning curve** with StackHawk due to its code-centric approach and lack of intuitive setup. - Users note the **lack of features** in StackHawk, particularly regarding API management and vulnerability handling. - Users find StackHawk's **limited scope** restricts usage and hinders customization, impacting overall effectiveness and user experience. - Users find the **setup complexity** of StackHawk frustrating, requiring extensive trial and error for configuration. #### What Are Recent G2 Reviews of StackHawk? **"[StackHawk is a great DAST security tool](https://www.g2.com/survey_responses/stackhawk-review-10761348)"** **Rating:** 5.0/5.0 stars *— David M.* [Read full review](https://www.g2.com/survey_responses/stackhawk-review-10761348) --- **"[A Game-Changer for DevSecOps](https://www.g2.com/survey_responses/stackhawk-review-8847655)"** **Rating:** 5.0/5.0 stars *— Todd L.* [Read full review](https://www.g2.com/survey_responses/stackhawk-review-8847655) --- #### What Are G2 Users Discussing About StackHawk? - [What is StackHawk used for?](https://www.g2.com/discussions/what-is-stackhawk-used-for) ### 24. [Checkmarx](https://www.g2.com/products/checkmarx/reviews) Checkmarx is a type of application security solution designed to help organizations safeguard their software development processes while enhancing efficiency and reducing costs. The Checkmarx One platform stands out in the realm of enterprise-grade security, offering comprehensive protection that addresses the complexities of modern software development, including legacy systems and AI-generated code. By scanning trillions of lines of code annually, Checkmarx enables companies to significantly lower their vulnerability density, ensuring a robust defense against potential threats. The platform is particularly beneficial for software development teams, security professionals, and organizations that prioritize secure coding practices. With the increasing reliance on AI technologies and the rapid pace of software development, Checkmarx One provides essential tools to mitigate risks associated with both traditional and emerging programming languages. Its innovative architecture, powered by autonomous security agents and AI-native intelligence, allows organizations to integrate security seamlessly into their development workflows, thereby accelerating development velocity without compromising on safety. Key features of Checkmarx One include Triage Assist, which employs an autonomous AI agent to prioritize vulnerabilities based on real-world exploitability and contextual risk. This feature empowers teams to concentrate their efforts on the most critical issues rather than getting bogged down by static severity scores. Additionally, Remediation Assist generates review-ready fixes for validated vulnerabilities prior to code merges, streamlining the secure delivery process and minimizing the manual overhead typically associated with remediation tasks. Developer Assist is another notable feature, acting as a standalone security agent that identifies risks during the coding process. By providing safe, explainable, and verified fixes directly within the integrated development environment (IDE), it supports developers in maintaining a stable and rapid development pace. Furthermore, the platform includes AI Supply Chain Security, which offers centralized governance and visibility for AI components embedded in applications, ensuring that hidden AI assets are discovered and managed effectively. Lastly, Checkmarx One incorporates advanced analysis engines such as AI SAST and DAST for AI, which enhance security measures across various environments. The AI SAST feature expands detection capabilities to cover emerging and unsupported programming languages, while the DAST for AI strengthens runtime protection in continuous integration and deployment (CI/CD) settings. Together, these features position Checkmarx One as a comprehensive solution for organizations looking to fortify their software development lifecycle against evolving threats. **Average Rating:** 4.2/5.0 **Total Reviews:** 41 **How Do G2 Users Rate Checkmarx?** - **Has the product been a good partner in doing business?:** 8.3/10 (Category avg: 9.2/10) - **API / Integrations:** 8.3/10 (Category avg: 8.6/10) - **Detection Rate:** 5.0/10 (Category avg: 8.7/10) - **Test Automation:** 6.7/10 (Category avg: 8.7/10) **Who Is the Company Behind Checkmarx?** - **Seller:** [Checkmarx](https://www.g2.com/sellers/checkmarx) - **Company Website:** https://www.checkmarx.com - **Year Founded:** 2006 - **HQ Location:** Paramus, NJ - **Twitter:** @Checkmarx (7,284 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/checkmarx (1,019 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 58% Enterprise, 22% Mid-Market #### What Are Checkmarx's Pros and Cons? **Pros:** - Implementation Ease (2 reviews) - User Interface (2 reviews) - Accuracy of Results (1 reviews) - Automation Testing (1 reviews) - Customer Support (1 reviews) **Cons:** - False Positives (1 reviews) - Lacking Features (1 reviews) - Missing Features (1 reviews) - Poor Navigation (1 reviews) ### What Do G2 Reviewers Say About Checkmarx? *AI-generated summary from verified user reviews* **Pros:** - Users appreciate the **implementation ease** of Checkmarx, making integration into existing repositories intuitive and straightforward. - Users appreciate the **intuitive user interface** of Checkmarx, finding it user-friendly and easy to navigate. - Users appreciate the **accuracy of results** from Checkmarx, benefiting from precise vulnerability insights for effective code corrections. - Users value the **easy implementation** of Checkmarx for automating security reviews and the intuitive user interface. - Users value the **responsive Customer Support** at Checkmarx, consistently providing assistance for unresolved issues. **Cons:** - Users frequently report **false positives** in Checkmarx for Kotlin projects, causing frustration compared to more popular languages. - Users find Checkmarx to have **limited support for Kotlin** , leading to many false positives in their reports. - Users report **missing features** for Kotlin support in Checkmarx, leading to numerous false positives compared to other languages. - Users find the **navigation poor** , noting that the dashboard layout and display need significant improvement. #### What Are Recent G2 Reviews of Checkmarx? **"[Automated Checkmarx Scans Keep Us Ahead of Key Vulnerabilities](https://www.g2.com/survey_responses/checkmarx-review-12983770)"** **Rating:** 4.5/5.0 stars *— Nitesh A.* [Read full review](https://www.g2.com/survey_responses/checkmarx-review-12983770) --- **"[Centralized Source Code Security with Seamless CI/CD Integration](https://www.g2.com/survey_responses/checkmarx-review-12980590)"** **Rating:** 5.0/5.0 stars *— Aman M.* [Read full review](https://www.g2.com/survey_responses/checkmarx-review-12980590) --- #### What Are G2 Users Discussing About Checkmarx? - [What is Checkmarx used for?](https://www.g2.com/discussions/checkmarx-what-is-checkmarx-used-for) - 1 comment, 1 upvote - [How much does Checkmarx cost?](https://www.g2.com/discussions/how-much-does-checkmarx-cost) - [Which testing method does Checkmarx support?](https://www.g2.com/discussions/which-testing-method-does-checkmarx-support) - 1 comment - [Does Checkmarx support DAST?](https://www.g2.com/discussions/does-checkmarx-support-dast) - 1 comment - [What is Checkmarx used for?](https://www.g2.com/discussions/what-is-checkmarx-used-for) - 2 comments ### 25. [APPCHECK](https://www.g2.com/products/appcheck/reviews) AppCheck is a Dynamic Application Security Testing (DAST) and network vulnerability testing solution, developed and supported by experienced penetration testers. We approach security testing as a hacker would, leveraging multiple proprietary crawling engines to analyse target behaviour across both modern and traditional technologies, including Single Page Applications (SPAs), APIs, and complex authentication flows such as SSO, 2FA, and TOTP. Organisations can conduct unlimited security assessments across Web Applications, SPAs, APIs, cloud services, networks, across internal or external assets. Supporting production and UAT testing, AppCheck also helps organisations ‘shift left’ by integrating with CI/CD pipelines and build servers, including ADO, GitHub, Jenkins, TeamCity, CircleCI, TravisCI, Bamboo, and GitLab CI/CD. Allowing automated security testing throughout development, identifying risks as soon as changes are introduced. AppCheck are proud to be part of the CVE Numbering Authority (CNA), contributing to global security research **Average Rating:** 4.6/5.0 **Total Reviews:** 67 **How Do G2 Users Rate APPCHECK?** - **Has the product been a good partner in doing business?:** 9.5/10 (Category avg: 9.2/10) - **API / Integrations:** 7.9/10 (Category avg: 8.6/10) - **Detection Rate:** 8.9/10 (Category avg: 8.7/10) - **Test Automation:** 9.2/10 (Category avg: 8.7/10) **Who Is the Company Behind APPCHECK?** - **Seller:** [APPCHECK](https://www.g2.com/sellers/appcheck) - **Company Website:** https://www.appcheck-ng.com - **Year Founded:** 2014 - **HQ Location:** Leeds, GB - **Twitter:** @AppcheckNG (649 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/appcheck-ng-ltd/ (106 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 49% Mid-Market, 30% Small-Business #### What Are APPCHECK's Pros and Cons? **Pros:** - Ease of Use (5 reviews) - Vulnerability Detection (5 reviews) - Features (4 reviews) - Pentesting Efficiency (4 reviews) - Scanning Efficiency (4 reviews) **Cons:** - UX Improvement (2 reviews) - API Issues (1 reviews) - Difficult Customization (1 reviews) - Difficult Learning Curve (1 reviews) - False Positives (1 reviews) ### What Do G2 Reviewers Say About APPCHECK? *AI-generated summary from verified user reviews* **Pros:** - Users value the **ease of use** of APPCHECK, making complex processes simple to complete efficiently. - Users commend **effective vulnerability detection** with AppCheck, providing actionable insights for improved security and integration. - Users highly value the **excellent pricing and functionality** of AppCheck, enhancing security management for web applications. - Users value the **high pentesting efficiency** of AppCheck, enhancing security while reducing the need for manual testing. - Users value the **scanning efficiency** of AppCheck, appreciating actionable reports and seamless integration with CI/CD pipelines. **Cons:** - Users feel there is **room for improvement in UX** , particularly regarding scoring, customization, and scan templates. - Users find the **API endpoint changes cumbersome** , requiring a service request, but appreciate the responsiveness to feedback. - Users find **difficult customization** options in AppCheck, limiting their ability to tailor reports and improve context. - Users acknowledge a **difficult learning curve** with Appcheck, but ultimately find the product to be very good. - Users find the **need for manual validation due to false positives** to be a significant drawback in APPCHECK. #### What Are Recent G2 Reviews of APPCHECK? **"[Effortless Vulnerability Management with APPCHECK](https://www.g2.com/survey_responses/appcheck-review-12463853)"** **Rating:** 5.0/5.0 stars *— Aaron H.* [Read full review](https://www.g2.com/survey_responses/appcheck-review-12463853) --- **"[Great onboarding experience and trial](https://www.g2.com/survey_responses/appcheck-review-11771398)"** **Rating:** 4.0/5.0 stars *— Tyler S.* [Read full review](https://www.g2.com/survey_responses/appcheck-review-11771398) --- ## What Is Dynamic Application Security Testing (DAST) Software? [DevSecOps Software](https://www.g2.com/categories/devsecops) ## What Software Categories Are Similar to Dynamic Application Security Testing (DAST) Software? - [Vulnerability Scanner Software](https://www.g2.com/categories/vulnerability-scanner) - [Penetration Testing Tools](https://www.g2.com/categories/penetration-testing-tools) - [API Security Tools](https://www.g2.com/categories/api-security) --- ## How Do You Choose the Right Dynamic Application Security Testing (DAST) Software? ### What You Should Know About Dynamic Application Security Testing (DAST) Software ### What is Dynamic Application Security Testing (DAST) Software? Dynamic application security testing (DAST) is one of the many technology groupings of security testing solutions. DAST is a form of black-box security testing, meaning it simulates realistic threats and attacks. This differs from other forms of testing such as static application security testing (SAST), a white-box testing methodology used to examine the source code of an application. DAST includes a number of testing components that operate while an application is running. Security professionals simulate real-world functionality through testing the application for vulnerabilities and then evaluate the effects on application performance. The methodology is often used to find issues near the end of the software development lifecycle. These issues may be tougher to fix than early flaws and bugs are, but those flaws pose a larger threat to critical components of an application. DAST can also be thought of as a methodology. It’s a different approach than traditional security testing because once a test is completed, there are still tests to be done. It involves periodic inspections as updates are pushed live or changes are made before release. While a penetration test or code scan might serve as a one-off test for specific vulnerabilities or bugs, dynamic testing can be performed continually throughout the lifecycle of an application. Key Benefits of Dynamic Application Security Testing (DAST) Software - Simulate realistic attacks and threats - Discover vulnerabilities not found in source code - Flexible and customizable testing options - Comprehensive assessment and scalable testing ### Why Use Dynamic Application Security Testing (DAST) Software? There are a number of testing solutions necessary for an all-encompassing approach to security testing and vulnerability discovery. Most start in the early stages of software development and help programmers discover bugs in the code and issues with the underlying framework or design. These tests require access to source code and are often used during development and quality assurance (QA) processes. While early testing solutions approach testing from the standpoint of the developer, DAST approaches testing from the standpoint of a hacker. These tools simulate real threats to a functional, running application. Security professionals can simulate common attacks such as SQL injection and cross-site scripting or customize tests to threats specific to their product. These tools offer a highly customizable solution for testing during the later stages of development and while applications are deployed. **Flexibility —** Users can schedule tests as they please or perform them continuously throughout an application’s or website’s lifecycle. Security professionals can modify environments to simulate their resources and infrastructure to ensure a realistic test and evaluation. They’re often scalable, as well, to see if increased traffic or usage would affect vulnerabilities and protection. Industries with more specific threats may require more specific testing. Security professionals may identify a threat specific to the health care industry or financial sector and alter tests to simulate the threats most common to them. If performed correctly, these tools offer some of the most realistic and customizable solutions to the threats present in real-world situations. **Comprehensiveness —** Threats are continuously evolving and expanding, making the ability to simulate multiple tests more necessary. DAST offers a versatile approach to testing, wherein security professionals can simulate and analyze each threat or attack type individually. These tests deliver comprehensive feedback and actionable insights that security and development teams use to remediate any issues, flaws, and vulnerabilities. These tools will first perform an initial crawl, or examination, of applications and websites from a third-party perspective. They interact with applications using HTTP, allowing the tools to examine applications built with any programming language or on any framework. The tool will then test for misconfigurations, which expose a greater attack surface than internal vulnerabilities. Additional tests can be run, depending on the solution, but all the results and discoveries can be stored for actionable remediation. **Continuous assessment —** Agile teams and other companies relying on frequent updates to applications should use DAST products with continuous assessment capabilities. SAST tools will provide more direct solutions for issues related to continuous integration processes, but DAST tools will provide a better view of how updates and changes will be seen from an outside perspective. Each new update may pose a new threat or unveil a new vulnerability; it is therefore crucial to continue testing even after applications have been completed and deployed. Unlike SAST, DAST also requires less access to potentially sensitive source code within the application. DAST approaches the situation from an outside perspective as simulated threats attempt to gain access to vulnerable systems or sensitive information. This can make it easier to perform tests continuously without requiring individuals to access source code or other internal systems. ### What are the Common Features of Dynamic Application Security Testing (DAST) Software? Standard functionality is included in most dynamic application security testing (DAST) solutions: **Compliance testing —** Compliance testing gives users the ability to test for various requirements from regulatory bodies. This can help ensure information is stored securely and protected from hackers. **Test automation —** Test automation is the feature powering continuous testing processes. This functionality operates by running prescripted tests as frequently as required without the need for hands-on or manual testing. **Manual testing —** Manual testing gives the user complete control over individual tests. These features allow users to perform hands-on live simulations and penetration tests. **Command-line tools —** The command-line interface (CLI) is the language interpreter of a computer. CLI capabilities will allow security testers to simulate threats directly from the terminal host system and input command sequences. **Static code analysis —** Static code analysis and static security testing is used to test from the inside out. These tools help security professionals examine application source code for security flaws without executing it. **Issue tracking —** Issue tracking helps security professionals and developers document flaws or vulnerabilities as they are discovered. Proper documentation will make it easier to organize the actionable insights provided by the DAST tool. **Reporting and analytics —** Reporting capabilities are important to DAST tools because they provide the information necessary to remediate any recently discovered vulnerabilities. Reporting and analytics features can also give teams a better idea of how attacks may affect application availability and performance. **Extensibility —** Many applications offer the ability to expand functionality through the use of integrations, APIs, and plugins. These extensible components provide the ability to extend the platform beyond its native feature set to include additional features and functionalities. ### Potential Issues with Dynamic Application Security Testing (DAST) Software **Testing coverage —** While DAST technologies have come a long way, DAST tools alone are unable to discover the majority of vulnerabilities. This is why most experts suggest pairing them with SAST solutions. Combining the two can decrease the rate at which false positives occur. They can also be used to simplify the continuous testing process for agile teams. While no tool will detect every vulnerability, DAST may be less efficient than other testing tools if used alone. **Late-stage issues —** DAST tools will require code to be compiled for each individual test because they rely on simulated functionality to test responses. This can be a roadblock for agile teams constantly integrating new code into an application. Reports are usually static and result from single tests. For agile teams, those reports can become outdated and lose value very quickly. This is just one more reason DAST tools should be used as a component of an all-encompassing security testing stack rather than a standalone solution. **Testing capabilities —** Because DAST tools do not access an application's underlying source code, there are a number of flaws DAST tools will be unable to detect. For example, DAST tools are most effective at simulating reflection, or call-and-response, attacks where they can simulate an input and receive a response. They are not, however, highly effective in discovering smaller vulnerabilities or flaws in areas of the application that are rarely touched by users. These issues, as well as vulnerabilities in the original source code, will need to be addressed by additional security testing technologies. ### Software and Services Related to Dynamic Application Security Testing (DAST) Software Most security software focuses on the vulnerabilities of networks and devices. Not all, but some, are used specifically for testing. But there are many different ways to tackle the topic, and using a combination of tools and testing methods is always more effective than relying on one tool alone. These are a few security tools used for various testing purposes. [**Static application security testing (SAST) software**](https://www.g2.com/categories/static-application-security-testing-sast) **—** SAST tools are used to inspect the underlying source code of an application, making them the perfect complement to DAST tools. Using the tools in tandem is often referred to as interactive application security testing (IAST). This can help combine the black-box nature of DAST and the white-box nature of SAST to both find errors in source code as well as errors in functionality and third-party components of an application. [**Vulnerability scanners**](https://www.g2.com/categories/vulnerability-scanner) **—** Some people use the term vulnerability scanner to describe DAST tools, but in reality DAST is just one component of most vulnerability scanners. DAST tools are application-specific, while vulnerability scanners typically provide a larger set of features for vulnerability management, risk assessment, and continuous testing. [**Static code analysis software**](https://www.g2.com/categories/static-code-analysis) **—** Static code analysis tools are more similar to SAST than DAST, in that they’re used to evaluate an application’s source code. These tools are less directed towards security but may provide SAST capabilities. They’re typically used to scan code for a number of flaws that include bugs, security vulnerabilities, performance issues, and any other issue that may present itself if source code is not tested and optimized.