# Best Dynamic Application Security Testing (DAST) Software - Page 3

*By [Lauren Worth](https://research.g2.com/insights/author/lauren-worth)*


Dynamic application security testing (DAST) tools automate security tests for a variety of real-world threats. These tools typically test HTTP and HTML interfaces of web applications. DAST is a black-box testing method, meaning it is performed from the outside. Companies use these tools to identify vulnerabilities in their applications from an external perspective to better simulate threats most easily accessed by hackers outside their organization. There are similarities between DAST tools and other application security and vulnerability management solutions, but most other technologies perform internal tests and code analysis instead of focusing on black-box testing.

[SAST vs DAST](https://research.g2.com/blog/sast-vs-dast) — Learn the difference

To qualify for inclusion in the Dynamic Application Security Testing (DAST) category, a product must:

- Test applications in their operational state
- Perform external black-box security tests
- Trace penetrations and exploits to their sources





## Top Dynamic Application Security Testing (DAST) Software at a Glance
| # | Product | Rating | Best For | What Users Say |
|---|---------|--------|----------|----------------|
| 1 | [Aikido Security](https://www.g2.com/products/aikido-security/reviews) | 4.6/5.0 (202 reviews) | Low-noise DAST with unified AppSec scanning | "[Enterprise Security Without an Enterprise Security Team](https://www.g2.com/survey_responses/aikido-security-review-13108704)" |
| 2 | [Astra Pentest](https://www.g2.com/products/astra-pentest/reviews) | 4.6/5.0 (212 reviews) | Validated DAST with human-verified remediation workflows | "[Smooth Onboarding, Responsive Support, and Strong Pentest Lifecycle Controls](https://www.g2.com/survey_responses/astra-pentest-review-13001206)" |
| 3 | [Burp Suite](https://www.g2.com/products/burp-suite/reviews) | 4.8/5.0 (126 reviews) | Proxy-intercept DAST with manual exploit depth | "[Complete Control Over Web Requests with Burp Suite](https://www.g2.com/survey_responses/burp-suite-review-12677559)" |
| 4 | [Qodex.ai](https://www.g2.com/products/qodex-ai/reviews) | 4.9/5.0 (60 reviews) | AI-automated API security testing with self-healing | "[Effortless AI Testing Automation That Accelerates Development](https://www.g2.com/survey_responses/qodex-ai-review-12088697)" |
| 5 | [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) | 4.5/5.0 (68 reviews) | Proof-based DAST with CI/CD integration | "[Accurate, Actionable Scans with Minimal Noise](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-13079965)" |
| 6 | [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews) | 4.5/5.0 (289 reviews) | Credentialed network vulnerability scanning with remediation guidance | "[Self-Contained Nessus Scanning with Full Control in Offline Environments](https://www.g2.com/survey_responses/tenable-nessus-review-12937668)" |
| 7 | [GitLab](https://www.g2.com/products/gitlab/reviews) | 4.5/5.0 (881 reviews) | Pipeline-embedded DAST with unified DevSecOps | "[GitLab’s All-in-One DevOps Platform with CI/CD and Security Scanning](https://www.g2.com/survey_responses/gitlab-review-12864830)" |
| 8 | [Harness Platform](https://www.g2.com/products/harness-platform/reviews) | 4.6/5.0 (300 reviews) | — | "[Best tool for cost optimization and Repository](https://www.g2.com/survey_responses/harness-platform-review-11543262)" |
| 9 | [Intruder](https://www.g2.com/products/intruder/reviews) | 4.8/5.0 (207 reviews) | Continuous external attack surface scanning with auto-remediation | "[Reliable Service with Flexible Plans and Strong Support](https://www.g2.com/survey_responses/intruder-review-13110046)" |
| 10 | [Pynt - API Security Testing](https://www.g2.com/products/pynt-api-security-testing/reviews) | 4.8/5.0 (44 reviews) | API-first DAST with CI/CD-native discovery | "[Comprehensive Review of Pynt Tool](https://www.g2.com/survey_responses/pynt-api-security-testing-review-10046930)" |

---
## What Are the Most Common Questions About Dynamic Application Security Testing (DAST) Software?
*AI-generated · Last updated: May 26, 2026*
### Which DAST tool offers the most comprehensive testing coverage?
Based on G2 reviews, Aikido Security stands out in this category because reviewers consistently describe broad coverage across application and related security testing workflows. According to verified users, it combines DAST with capabilities such as SAST, SCA, container scanning, cloud and infrastructure visibility, and vulnerability management in one place. G2 reviewers mention that this wider coverage helps teams reduce tool sprawl, centralize findings, and speed remediation. Reviewers also repeatedly call out straightforward setup, repository integrations, and developer-friendly workflows. While some users note that certain advanced enterprise controls are still maturing, recent feedback most often highlights Aikido Security for comprehensive, all-in-one testing breadth.


### What best DAST solutions for continuous security integration?
Based on G2 reviews, buyers looking for continuous security integration often prioritize products that fit naturally into development pipelines, automate recurring scans, and reduce operational overhead. G2 reviewers mention that Aikido Security is commonly used inside DevSecOps workflows with repository integrations and automatic scanning, while Invicti is frequently praised for CI/CD integrations and proof-based testing in ongoing web application programs. According to verified users, GitLab is also valued when teams want security checks embedded directly into broader development and deployment workflows. Across recent reviews, the common buying themes are automation, clear reporting, faster remediation, and easier adoption by both security and engineering teams.

**Here are some of the top-rated products on G2:**

- [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – used for automated security scanning inside developer and repository workflows with minimal setup
- [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) – chosen for ongoing web app scanning with CI/CD integrations and proof-based validation
- [GitLab](https://www.g2.com/products/gitlab/reviews) – fits teams that want security checks embedded into pipelines, merge requests, and delivery workflows


### What best tools for combining DAST with SAST?
Based on G2 reviews, teams that want DAST and SAST together often favor platforms that reduce tool switching and present findings in one workflow. According to verified users, Aikido Security is repeatedly described as an all-in-one platform that brings together DAST, SAST, SCA, and other security checks, which helps smaller teams and fast-moving engineering groups centralize remediation. G2 reviewers mention that Invicti is also used for combining DAST with SAST and SCA in a more unified process, especially for organizations managing larger portfolios. GitLab reviews similarly point to built-in security scanning within pipelines, making it useful for teams that want code and application testing closer to delivery processes.

**Here are some of the top-rated products on G2:**

- [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – suited for teams wanting DAST, SAST, and related scanning in one developer-friendly platform
- [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) – useful for organizations seeking DAST plus SAST and SCA within a centralized workflow
- [GitLab](https://www.g2.com/products/gitlab/reviews) – helps embed multiple application security checks into CI/CD and merge request processes


### Which DAST software integrates with CI/CD pipelines?
Based on G2 reviews, Invicti is the strongest fit for this question because reviewers frequently highlight its integrations with CI/CD tools and automated testing workflows. According to verified users, it connects with tools such as Jenkins, GitLab, and Jira, and helps teams move security checks earlier into delivery cycles. G2 reviewers mention that its automation, proof-based validation, and reporting make it easier for development and security teams to focus on real issues instead of manually sorting through excessive noise. Recent feedback also notes that setup can require tuning for more complex environments, but the integration story appears consistently in the review data and is a key reason teams adopt it.


### Which is the best DAST tool for web application security?
Based on G2 reviews, Burp Suite is the clearest answer for web application security use cases. According to verified users, it is widely valued for intercepting, modifying, and replaying web requests, which helps security teams uncover issues in application logic, authentication flows, and input handling. G2 reviewers mention Repeater, Proxy, Intruder, and the broader extension ecosystem as major strengths for deep hands-on testing. Recent reviews also describe Burp Suite as especially effective for web, API, and mobile dynamic testing, with strong support for both manual and automated workflows. Some users note pricing and resource usage concerns, but reviewers consistently position it as a leading tool for web application testing depth.


### What top DAST solutions for cloud-native applications?
Based on G2 reviews, cloud-native buyers tend to favor products that can scan applications while also fitting modern DevSecOps and infrastructure-heavy workflows. G2 reviewers mention that Aikido Security is used across repositories, cloud environments, and container-related security checks, which makes it appealing for teams trying to consolidate tooling. According to verified users, Intruder is also used to monitor vulnerabilities across both cloud resources and applications from a single view. GitLab reviews similarly point to integrated pipelines, automation, and built-in security checks that support cloud-native development practices. Across the recent review set, buyers emphasize ease of setup, workflow integration, and the ability to reduce noise while keeping developers moving quickly.

**Here are some of the top-rated products on G2:**

- [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – works well for teams combining application scans with repository, container, and cloud-focused workflows
- [Intruder](https://www.g2.com/products/intruder/reviews) – fits organizations that want vulnerability visibility across cloud infrastructure and applications in one place
- [GitLab](https://www.g2.com/products/gitlab/reviews) – supports cloud-native delivery with integrated pipelines, automation, and embedded security checks


### What best tools for detecting runtime security issues?
Based on G2 reviews, buyers discussing runtime or live-application risk tend to value products that validate findings in running environments and reduce noisy results. According to verified users, Aikido Security is noted for helping teams connect code and external application risk, and one reviewer specifically highlighted its in-app protection capability for mitigating issues in legacy applications. G2 reviewers also describe Veracode Dynamic Analysis as useful for finding runtime vulnerabilities that static tools can miss, while Burp Suite is frequently used to inspect and manipulate live traffic during testing. The strongest common themes in recent feedback are actionable findings, clearer prioritization, and support for testing realistic application behavior.

**Here are some of the top-rated products on G2:**

- [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – useful for teams wanting live application visibility alongside broader application security workflows
- [Veracode Dynamic Analysis](https://www.g2.com/products/veracode-dynamic-analysis/reviews) – highlighted for identifying runtime vulnerabilities that static tools may miss
- [Burp Suite](https://www.g2.com/products/burp-suite/reviews) – strong for analyzing live web traffic and validating exploitable issues during active testing


### What top platforms for automated application vulnerability testing?
Based on G2 reviews, automated application vulnerability testing buyers often look for products that are easy to deploy, fast to scan, and clear in how they present findings. G2 reviewers mention that Intruder is valued for automated scanning, continuous updates, and low operational overhead, while Aikido Security is praised for automatic scans, developer-friendly workflows, and centralized issue management. According to verified users, Invicti also stands out for proof-based scanning and automation that supports earlier detection in development processes. Across the recent review data, the products most often associated with automation success are the ones that balance broad visibility, manageable noise levels, and integrations that help teams remediate quickly.

**Here are some of the top-rated products on G2:**

- [Intruder](https://www.g2.com/products/intruder/reviews) – designed for automated scanning, continuous monitoring, and straightforward remediation tracking
- [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – automates security scanning and helps developers prioritize and resolve issues faster
- [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) – supports automated web application scanning with validated findings and detailed reporting


### What top-rated DAST platforms for enterprise applications?
Based on G2 reviews, enterprise buyers generally look for scalable scanning, centralized reporting, and support for more complex environments. According to verified users, Invicti is often chosen for larger application portfolios because of endpoint discovery, CI/CD integrations, proof-based validation, and reporting suited to both technical and executive audiences. G2 reviewers also point to Burp Suite for deep testing depth in professional security teams and to GitLab when enterprises want security controls embedded into a broader DevSecOps platform. Recent reviews suggest the best enterprise fit depends on whether the priority is scalable automated scanning, practitioner-led testing depth, or consolidating security within software delivery operations.

**Here are some of the top-rated products on G2:**

- [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) – well suited for enterprise portfolios needing scalable scanning and centralized reporting
- [Burp Suite](https://www.g2.com/products/burp-suite/reviews) – fits enterprise security teams that need deep manual and automated web testing capability
- [GitLab](https://www.g2.com/products/gitlab/reviews) – useful for enterprises embedding security and compliance checks into a unified DevSecOps workflow


### Which DAST tool offers AI-driven vulnerability detection?
Based on G2 reviews, Aikido Security is the strongest grounded answer because multiple reviewers reference AI-related capabilities alongside its broader application security workflow. According to verified users, the platform offers AI-generated pull request fixes and GitHub-related AI features that help teams move from detection to remediation faster. G2 reviewers mention that its developer-friendly design, automated scanning, and prioritization reduce noise and help smaller teams stay productive. Reviewers also note some AI limitations, including cases where GitHub AI suggestions were not always accurate, but the recent review data still shows more direct AI-driven workflow mentions for Aikido Security than for most other products in this category.




## G2 Grid® for Dynamic Application Security Testing (DAST) Software
![G2 Grid® for Dynamic Application Security Testing (DAST) Software plotting products by satisfaction and market presence](https://www.g2.com/categories/dynamic-application-security-testing-dast/grids.png?focus%5B%5D=1259627&focus%5B%5D=154599&focus%5B%5D=32486&focus%5B%5D=1332841&focus%5B%5D=32494&focus%5B%5D=32484&focus%5B%5D=19003&focus%5B%5D=100655)
Highlighted products: Aikido Security, Astra Pentest, Burp Suite, Qodex.ai, Tenable Nessus, Invicti (formerly Netsparker), GitLab, and Harness Platform.
Underlying data: [Grid® JSON](https://www.g2.com/categories/dynamic-application-security-testing-dast/grids.json?focus%5B%5D=aikido-security&amp;focus%5B%5D=astra-pentest&amp;focus%5B%5D=burp-suite&amp;focus%5B%5D=qodex-ai&amp;focus%5B%5D=tenable-nessus&amp;focus%5B%5D=invicti-formerly-netsparker&amp;focus%5B%5D=gitlab&amp;focus%5B%5D=harness-platform)


## How Many Dynamic Application Security Testing (DAST) Software Products Does G2 Track?
**Total Products under this Category:** 94

### Category Stats (Jul 2026)
- **Average Rating**: 4.56/5 The average rating of products in this category, based on all submitted ratings
- **Top Trending Product**: Checkmarx (+0.67%) - Among all products in this category, Checkmarx recorded the largest rating increase compared to last month
*Last updated: July 16, 2026*


## How Does G2 Rank Dynamic Application Security Testing (DAST) Software Products?

**Why You Can Trust G2's Software Rankings:**

- 30 Analysts and Data Experts
- 4,000+ Authentic Reviews
- 94+ Products
- Unbiased Rankings

G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category.


## Which Dynamic Application Security Testing (DAST) Software Is Best for Your Use Case?

- **Leader:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
- **Highest Performer:** [Qodex.ai](https://www.g2.com/products/qodex-ai/reviews)
- **Easiest to Use:** [Qodex.ai](https://www.g2.com/products/qodex-ai/reviews)
- **Top Trending:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
- **Best Free Software:** [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews)


---

**Sponsored**

### Intruder

Intruder&#39;s continuous exposure management platform helps security, IT, and engineering teams stop breaches before they start. By unifying AI penetration testing, attack surface monitoring, cloud security, and vulnerability management in one intuitive platform, Intruder gives stretched teams an always-on security source of truth. Our approach focuses on continuous automated scanning using expertise and agentic solutions to ensure that the findings we deliver are accurate, prioritized by real-world risk, and ready to act on. Founded in 2015 by Chris Wallis, a former ethical hacker turned corporate blue teamer, Intruder is now protecting over 3,000 companies worldwide. Intruder has been awarded multiple accolades, was selected for GCHQ’s Cyber Accelerator, included on Deloitte’s Tech Fast 50 2023 list as the fastest-growing cybersecurity company in the UK and was named in G2’s 2026 Best Software Awards.



[Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&amp;secure%5Bad_slot%5D=category_product_list&amp;secure%5Bcategory_id%5D=1521&amp;secure%5Bchosen_at%5D=2026-07-17T05%3A21%3A41Z&amp;secure%5Bdisplayable_resource_id%5D=1521&amp;secure%5Bdisplayable_resource_type%5D=Category&amp;secure%5Bmedium%5D=sponsored&amp;secure%5Bplacement_reason%5D=page_category&amp;secure%5Bplacement_resource_ids%5D%5B%5D=1521&amp;secure%5Bprioritized%5D=false&amp;secure%5Bproduct_id%5D=27706&amp;secure%5Bresource_id%5D=1521&amp;secure%5Bresource_type%5D=Category&amp;secure%5Bsource_type%5D=category_page&amp;secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fdynamic-application-security-testing-dast%3Fopen_modal_url%3D%252Fproducts%252Fbestorm%252Fwishlists%253Fhost_path%253D%25252Fcategories%25252Fdynamic-application-security-testing-dast%2526source%253Dcategory&amp;secure%5Btoken%5D=0e283bc2600848ec1ea254ba23b32e0d667509dc077ded6acaf06b588e671f79&amp;secure%5Burl%5D=https%3A%2F%2Fwww.intruder.io%2F%3Futm_source%3Dg2%26utm_medium%3Dp_referral%26utm_campaign%3Dglobal%7Cfixed%7Cg2_clicks_2025&amp;secure%5Burl_type%5D=free_trial)

---

## What Are the Top-Rated Dynamic Application Security Testing (DAST) Software Products in 2026?
### 1. [OpenText Core Application Security](https://www.g2.com/products/opentext-opentext-core-application-security/reviews)
Manage, measure and integrate security for the entire software lifecycle.


**Average Rating:** 4.0/5.0
**Total Reviews:** 3
**How Do G2 Users Rate OpenText Core Application Security?**

- **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.2/10)
- **API / Integrations:** 10.0/10 (Category avg: 8.6/10)
- **Detection Rate:** 10.0/10 (Category avg: 8.7/10)
- **Test Automation:** 3.3/10 (Category avg: 8.7/10)

**Who Is the Company Behind OpenText Core Application Security?**

- **Seller:** [OpenText](https://www.g2.com/sellers/opentext)
- **Year Founded:** 1991
- **HQ Location:** Waterloo, ON
- **Twitter:** @OpenText (21,565 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/2709/ (23,048 employees on LinkedIn®)
- **Ownership:** NASDAQ:OTEX

**Who Uses This Product?**
- **Company Size:** 33% Enterprise, 33% Mid-Market


#### What Are OpenText Core Application Security's Pros and Cons?

**Pros:**

- Automation Testing (1 reviews)
- Efficiency (1 reviews)
- User Interface (1 reviews)
- Vulnerability Detection (1 reviews)

**Cons:**

- Integration Issues (1 reviews)
- Limited Integration (1 reviews)


### What Do G2 Reviewers Say About OpenText Core Application Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **automation testing capabilities** in OpenText Core Application Security, enhancing vulnerability management and auditing.
- Users value the **efficiency** of OpenText Core Application Security, particularly in vulnerability management and auto audit features.
- Users value the **intuitive UI** of OpenText Core Application Security, enhancing their experience in vulnerability management.
- Users value the **effective vulnerability management** capabilities and appreciate the impressive auto audit feature in SSC.

**Cons:**

- Users face **integration issues** with OpenText Core Application Security, leading to challenges in combining tools effectively.
- Users face challenges due to **limited integration** with other application security tools, hindering overall effectiveness.

#### What Are Recent G2 Reviews of OpenText Core Application Security?

**"[A good analyzer but not great](https://www.g2.com/survey_responses/opentext-core-application-security-review-6648322)"**

**Rating:** 4.0/5.0 stars
*— Ankit T.*

[Read full review](https://www.g2.com/survey_responses/opentext-core-application-security-review-6648322)

---

**"[Great UI and Seamless Integrations for Vulnerability Management](https://www.g2.com/survey_responses/opentext-core-application-security-review-11830935)"**

**Rating:** 4.5/5.0 stars
*— Lokesh T.*

[Read full review](https://www.g2.com/survey_responses/opentext-core-application-security-review-11830935)

---


#### What Are G2 Users Discussing About OpenText Core Application Security?

- [What is Micro Focus Fortify Software Security Center used for?](https://www.g2.com/discussions/what-is-micro-focus-fortify-software-security-center-used-for)

### 2. [Semgrep](https://www.g2.com/products/semgrep/reviews)
Semgrep is a modern static analysis (SAST), software composition analysis (SCA), and secrets detection platform designed for both developers and security teams. It combines fast, deterministic analysis with context-aware AI that triages findings like a senior security engineer. The AI Assistant helps reduce false positives, prioritize meaningful results, and offers clear remediation guidance. Its “Memories” feature learns from past decisions to further reduce triage noise over time. Semgrep also supports deep analysis of transitive dependencies, not just direct ones, helping teams surface and address hidden risks in their supply chain. It integrates well into modern development workflows and is easy to customize across environments.


**Average Rating:** 4.6/5.0
**Total Reviews:** 56
**How Do G2 Users Rate Semgrep?**

- **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.2/10)

**Who Is the Company Behind Semgrep?**

- **Seller:** [Semgrep](https://www.g2.com/sellers/semgrep)
- **Company Website:** https://semgrep.dev
- **Year Founded:** 2017
- **HQ Location:** San Francisco, US
- **Twitter:** @semgrep (4,433 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/returntocorp (262 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 45% Enterprise, 43% Mid-Market


#### What Are Semgrep's Pros and Cons?

**Pros:**

- Ease of Use (16 reviews)
- Features (14 reviews)
- Vulnerability Detection (13 reviews)
- Scanning Efficiency (12 reviews)
- Security (12 reviews)

**Cons:**

- Not User-Friendly (7 reviews)
- Limited Features (6 reviews)
- Difficult Learning (5 reviews)
- Lack of Guidance (5 reviews)
- Learning Curve (5 reviews)


### What Do G2 Reviewers Say About Semgrep?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of Semgrep, benefiting from its intuitive syntax and seamless integrations.
- Users appreciate the **intuitive custom rule creation** and fast scanning performance of Semgrep, enhancing their development workflow.
- Users value Semgrep for its **effective vulnerability detection** , facilitating quick identification and resolution of security issues.
- Users appreciate the **scanning efficiency** of Semgrep, enabling rapid scans without hindering developer productivity.
- Users appreciate the **effective identification of security vulnerabilities** provided by Semgrep, enhancing code quality and compliance.

**Cons:**

- Users find Semgrep to be **not user-friendly** , experiencing a steep learning curve and challenges with custom rule management.
- Users note the **limited features** of Semgrep, lacking essential tools for comprehensive security analysis and management.
- Users find the **learning curve difficult** for Semgrep, particularly with custom rule syntax and advanced rule creation.
- Users experience a **lack of guidance** with Semgrep, particularly when mastering custom rule creation and configuration.
- Users find the **learning curve for advanced rule creation** steep, complicating initial setup and usage of Semgrep.

#### What Are Recent G2 Reviews of Semgrep?

**"[Streamlined Code Security with Semgrep](https://www.g2.com/survey_responses/semgrep-review-11971635)"**

**Rating:** 5.0/5.0 stars
*— Shreekanth k.*

[Read full review](https://www.g2.com/survey_responses/semgrep-review-11971635)

---

**"[Fast, Easy-to-Customize Rules That Catch Security and Code-Quality Issues Early](https://www.g2.com/survey_responses/semgrep-review-13079252)"**

**Rating:** 4.5/5.0 stars
*— Milan K.*

[Read full review](https://www.g2.com/survey_responses/semgrep-review-13079252)

---



### 3. [TASKING Test &amp; Verification Tools](https://www.g2.com/products/tasking-test-verification-tools/reviews)
TASKING Test &amp; Verification Tools combine software analysis, verification, and compliance capabilities for safety- and security-critical software development. Products: LDRA tool suite and LDRA Productivity Packages.


**Average Rating:** 4.2/5.0
**Total Reviews:** 3
**How Do G2 Users Rate TASKING Test &amp; Verification Tools?**

- **Test Automation:** 10.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind TASKING Test &amp; Verification Tools?**

- **Seller:** [TASKING](https://www.g2.com/sellers/tasking)
- **Company Website:** https://www.tasking.com
- **Year Founded:** 1977
- **HQ Location:** Munich, Bavaria
- **LinkedIn® Page:** https://www.linkedin.com/company/tasking-inc/ (254 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 67% Enterprise, 33% Mid-Market



#### What Are Recent G2 Reviews of TASKING Test &amp; Verification Tools?

**"[LDRA: A Very Powerful Tool](https://www.g2.com/survey_responses/tasking-test-verification-tools-review-13029782)"**

**Rating:** 4.0/5.0 stars
*— Julien Roger Claude V.*

[Read full review](https://www.g2.com/survey_responses/tasking-test-verification-tools-review-13029782)

---

**"[Complete LDRA Toolchain with Powerful Automation and Flexible Debugging Setup](https://www.g2.com/survey_responses/tasking-test-verification-tools-review-12576278)"**

**Rating:** 4.5/5.0 stars
*— Hugo M.*

[Read full review](https://www.g2.com/survey_responses/tasking-test-verification-tools-review-12576278)

---



### 4. [beSTORM](https://www.g2.com/products/bestorm/reviews)
beSTORM is an intelligent black box fuzzer that ensures the security of products, including software and applications, before they are deployed. This easy-to-use dynamic application security testing (DAST) tool offers: -- All-in-one platform -- Real-time fuzzing and protocol description -- More than 200 pre-built protocol modules -- Capabilities to add custom and proprietary modules -- Accurate testing without accessing source code. beSTORM provides your team with a single source for tests and attacks that replaces hundreds of unsupported, open source tools.


**Average Rating:** 4.5/5.0
**Total Reviews:** 1
**How Do G2 Users Rate beSTORM?**

- **API / Integrations:** 8.3/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.3/10 (Category avg: 8.7/10)
- **Test Automation:** 10.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind beSTORM?**

- **Seller:** [Fortra](https://www.g2.com/sellers/fortra)
- **Year Founded:** 1982
- **HQ Location:** Eden Prairie, Minnesota
- **Twitter:** @fortraofficial (2,773 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/fortra (1,755 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Small-Business



#### What Are Recent G2 Reviews of beSTORM?

**"[Providing invaluable insights to enhance our security measures.](https://www.g2.com/survey_responses/bestorm-review-9118862)"**

**Rating:** 4.5/5.0 stars
*— Kratika  P.*

[Read full review](https://www.g2.com/survey_responses/bestorm-review-9118862)

---



### 5. [Com Olho](https://www.g2.com/products/com-olho/reviews)
At Com Olho, we are at the forefront of cybersecurity innovation, bringing together ethical hackers, security researchers, and organisations to strengthen digital defenses. Our platform provides a dynamic space where security experts can identify, report, and remediate vulnerabilities across a diverse range of systems. Com Olho is the first company to be granted a patent for system and method to detect advertising fraud at the Indian Patent Office, Government of India. The company also have patent for digital governance of online digital asset. Com Olho is incubated at NASSCOM 10000 Startups and part of NASSCOM DeepTech Club. The company was a recipient of a cash grant from Facebook for Business under Small Business Grant program. Com Olho is a registered name under Com Olho IT Private Limited. Com Olho has been recognized by Department for Promotion of Industry and Internal Trade, Ministry of Commerce and Industry, Government of India vide certificate number : DIPP45326. Com Olho is a Registered Trademark.


**Average Rating:** 4.8/5.0
**Total Reviews:** 3
**How Do G2 Users Rate Com Olho?**

- **Has the product been a good partner in doing business?:** 8.3/10 (Category avg: 9.2/10)

**Who Is the Company Behind Com Olho?**

- **Seller:** [Com Olho](https://www.g2.com/sellers/com-olho)
- **Year Founded:** 2019
- **HQ Location:** Gurugram, IN
- **Twitter:** @com_olho (80 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/com-olho (52 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 33% Enterprise, 33% Mid-Market


#### What Are Com Olho's Pros and Cons?

**Pros:**

- Dashboard Usability (1 reviews)
- Time Saving (1 reviews)
- Tracking (1 reviews)

**Cons:**

- Difficult Setup (1 reviews)
- Implementation Complexity (1 reviews)


### What Do G2 Reviewers Say About Com Olho?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **dashboard usability** of Com Olho for its simplicity and efficiency in problem detection.
- Users value the **time-saving alerts** from Com Olho, allowing for quick problem identification and resolution.
- Users value the **detailed monitoring and quick alerts** of Com Olho, enhancing problem detection and system security.

**Cons:**

- Users find the **difficult setup** of Com Olho to be complex and time-consuming for new users.
- Users find the **implementation complexity** of Com Olho to be time-consuming and difficult for new users.

#### What Are Recent G2 Reviews of Com Olho?

**"[Reduces human error](https://www.g2.com/survey_responses/com-olho-review-5476576)"**

**Rating:** 5.0/5.0 stars
*— Yatin C.*

[Read full review](https://www.g2.com/survey_responses/com-olho-review-5476576)

---

**"[Effective Bug Bounty Tool with Minor Drawbacks](https://www.g2.com/survey_responses/com-olho-review-10717154)"**

**Rating:** 5.0/5.0 stars
*— Cheedella V.*

[Read full review](https://www.g2.com/survey_responses/com-olho-review-10717154)

---


#### What Are G2 Users Discussing About Com Olho?

- [What is Com Olho used for?](https://www.g2.com/discussions/what-is-com-olho-used-for)

### 6. [Crashtest Security](https://www.g2.com/products/crashtest-security/reviews)
Crashtest Security is a SaaS-based security vulnerability scanner allowing agile development teams to ensure continuous security before every release. Our state-of-the-art dynamic application security testing (DAST) solution integrates seamlessly with your dev environment and protects multi-page and JavaScript apps, as well as microservices and APIs. Set up Crashtest Security Suite in minutes, get advanced crawling options, and automate your security. Whether you want to see vulnerabilities within the OWASP Top 10 or you want to go for deep scans, Crashtest Security is here to help you stay on top of your security and protect your code and customers.


**Average Rating:** 5.0/5.0
**Total Reviews:** 2
**How Do G2 Users Rate Crashtest Security?**

- **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.2/10)
- **API / Integrations:** 10.0/10 (Category avg: 8.6/10)
- **Test Automation:** 10.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind Crashtest Security?**

- **Seller:** [Crashtest Security](https://www.g2.com/sellers/crashtest-security)
- **Year Founded:** 2006
- **HQ Location:** Burlington, Massachusetts, United States
- **LinkedIn® Page:** https://www.linkedin.com/company/veracode (541 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 50% Mid-Market, 50% Small-Business



#### What Are Recent G2 Reviews of Crashtest Security?

**"[Security Testing](https://www.g2.com/survey_responses/crashtest-security-review-7033210)"**

**Rating:** 5.0/5.0 stars
*— Antoine A.*

[Read full review](https://www.g2.com/survey_responses/crashtest-security-review-7033210)

---

**"[A complete tool for vulnerability analysis.](https://www.g2.com/survey_responses/crashtest-security-review-7033427)"**

**Rating:** 5.0/5.0 stars
*— Kleber C.*

[Read full review](https://www.g2.com/survey_responses/crashtest-security-review-7033427)

---



### 7. [Data Theorem](https://www.g2.com/products/data-theorem-data-theorem/reviews)
RamQuest’s solutions include our fully integrated closing, escrow accounting, imaging, transaction management, esigning, and digital marketplace solutions and are available on-premise or in a hosted environment


**Average Rating:** 4.0/5.0
**Total Reviews:** 1

**Who Is the Company Behind Data Theorem?**

- **Seller:** [Data Theorem](https://www.g2.com/sellers/data-theorem)
- **Year Founded:** 2013
- **HQ Location:** Palo Alto, California, United States
- **LinkedIn® Page:** https://www.linkedin.com/company/datatheorem/ (94 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Enterprise



#### What Are Recent G2 Reviews of Data Theorem?

**"[Convenient AppSec](https://www.g2.com/survey_responses/data-theorem-review-5226382)"**

**Rating:** 4.0/5.0 stars
*— Verified User in Transportation/Trucking/Railroad*

[Read full review](https://www.g2.com/survey_responses/data-theorem-review-5226382)

---



### 8. [esChecker MAST (SAST, DAST &amp; IAST)](https://www.g2.com/products/eschecker-mast-sast-dast-iast/reviews)
esChecker combines many years of penetration testing experience with a unique dynamic engine simulating attack techniques, such as reverse-engineering or code tampering. No source code is needed, only the app binary (Android apk or iOS ipa). esChecker provides immediate feedback about the way your app reacts against many hacking techniques. You can now spare your pentest budget for in-depth vulnerability analyses.


**Average Rating:** 4.3/5.0
**Total Reviews:** 2

**Who Is the Company Behind esChecker MAST (SAST, DAST &amp; IAST)?**

- **Seller:** [eShard](https://www.g2.com/sellers/eshard)
- **Year Founded:** 2015
- **HQ Location:** Pessac, FR
- **LinkedIn® Page:** https://www.linkedin.com/company/eshard (47 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Small-Business



#### What Are Recent G2 Reviews of esChecker MAST (SAST, DAST &amp; IAST)?

**"[Great platform to secure your mobile apps](https://www.g2.com/survey_responses/eschecker-mast-sast-dast-iast-review-6826635)"**

**Rating:** 4.5/5.0 stars
*— Donatien C.*

[Read full review](https://www.g2.com/survey_responses/eschecker-mast-sast-dast-iast-review-6826635)

---

**"[A must-have if you care about mobile security](https://www.g2.com/survey_responses/eschecker-mast-sast-dast-iast-review-7836374)"**

**Rating:** 4.0/5.0 stars
*— Thomas G.*

[Read full review](https://www.g2.com/survey_responses/eschecker-mast-sast-dast-iast-review-7836374)

---



### 9. [Fluid Attacks](https://www.g2.com/products/fluid-attacks/reviews)
Implement Fluid Attacks&#39; comprehensive, AI-powered solution into your SDLC and develop secure software without delays. As an all-in-one solution, Fluid Attacks accurately finds and helps you remediate vulnerabilities throughout the SDLC and ensures secure software development. The solution integrates its AI, automated tool, and team of pentesters to perform SAST, SCA, DAST, CSPM, SCR, PtaaS and RE to help you improve your security posture. This way, Fluid Attacks delivers accurate knowledge of the security status of your application. This means security goes alongside innovation without hindering your speed. Fluid Attacks provides you with expert knowledge about vulnerabilities and support options that enable you to remediate the security issues in your application.


**Average Rating:** 4.5/5.0
**Total Reviews:** 1
**How Do G2 Users Rate Fluid Attacks?**

- **Has the product been a good partner in doing business?:** 8.3/10 (Category avg: 9.2/10)
- **API / Integrations:** 10.0/10 (Category avg: 8.6/10)
- **Test Automation:** 10.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind Fluid Attacks?**

- **Seller:** [Fluid Attacks](https://www.g2.com/sellers/fluid-attacks)
- **Year Founded:** 2001
- **HQ Location:** San Francisco, US
- **LinkedIn® Page:** https://www.linkedin.com/company/fluidattacks/ (136 employees on LinkedIn®)
- **Phone:** +14154042154

**Who Uses This Product?**
- **Company Size:** 100% Enterprise



#### What Are Recent G2 Reviews of Fluid Attacks?

**"[Easy integration with the ecosystem and very good support](https://www.g2.com/survey_responses/fluid-attacks-review-13078718)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Banking*

[Read full review](https://www.g2.com/survey_responses/fluid-attacks-review-13078718)

---



### 10. [Nexora Cyber](https://www.g2.com/products/nexora-cyber/reviews)
Nexora is an automated Dynamic Application Security Testing platform designed to help you find web vulnerabilities before they become real incidents. You scan your web applications and APIs continuously. Nexora identifies security risks based on OWASP Top 10, assigns clear risk scores, and shows you what needs to be fixed first.


**Average Rating:** 4.5/5.0
**Total Reviews:** 1
**How Do G2 Users Rate Nexora Cyber?**

- **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.2/10)
- **Test Automation:** 10.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind Nexora Cyber?**

- **Seller:** [Nexora](https://www.g2.com/sellers/nexora)
- **HQ Location:** N/A
- **LinkedIn® Page:** https://www.linkedin.com/company/No-Linkedin-Presence-Added-Intentionally-By-DataOps (1 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Small-Business


#### What Are Nexora Cyber's Pros and Cons?

**Pros:**

- Easy Setup (1 reviews)



### What Do G2 Reviewers Say About Nexora Cyber?
*AI-generated summary from verified user reviews*

**Pros:**

- Users commend the **easy setup** of Nexora Cyber, making it ideal for smaller teams managing web apps or APIs.


#### What Are Recent G2 Reviews of Nexora Cyber?

**"[Nexora Makes Automated DAST Simple for Lean Web App &amp; API Security](https://www.g2.com/survey_responses/nexora-cyber-review-12279200)"**

**Rating:** 4.5/5.0 stars
*— mula d.*

[Read full review](https://www.g2.com/survey_responses/nexora-cyber-review-12279200)

---



### 11. [ProjectDiscovery](https://www.g2.com/products/projectdiscovery/reviews)
ProjectDiscovery Cloud is a highly customizable vulnerability management platform built for the modern internet. ProjectDiscovery combines exploitable vulnerability detection with exposure management, powered by open-source technology, to provide security teams with a proactive and scalable vulnerability management solution without false positives. At our core is Nuclei, one of the fastest-growing open-source security tools with over 22k GitHub stars. Nuclei uses YAML-based detection templates to simulate real-world attack techniques, delivering highly accurate results with minimal false positives. Our global community of 100,000+ security professionals actively contributes to our suite of open-source tools and maintains nearly 10,000 Nuclei templates, often developing new vulnerability detection templates within hours of discovery. The platform integrates industry-leading asset discovery and reconnaissance capabilities to map both external and internal attack surfaces. It automatically enriches assets with critical attributes like HTTP status codes, detected technologies, and screenshots, providing real-time alerts for suspicious changes and a unified view of security exposure. Our AI-powered automation streamlines security workflows through AI-generated Nuclei templates, enabling rapid creation of custom security checks based on penetration tests, bug bounty findings, and internal red team discoveries. This innovation significantly reduces time to discovery while enabling continuous vulnerability monitoring and regression detection. ProjectDiscovery Cloud includes comprehensive internal scanning, reporting, and enterprise capabilities to meet compliance requirements. Organizations can replace traditional vulnerability scanners with our solution, leveraging current security budgets while gaining enhanced value. By combining community-driven intelligence, AI automation, and enterprise-grade capabilities, ProjectDiscovery Cloud delivers the speed, accuracy, and insights security teams need to build a modern and effective vulnerability management program.


**Average Rating:** 5.0/5.0
**Total Reviews:** 4
**How Do G2 Users Rate ProjectDiscovery?**

- **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10)
- **API / Integrations:** 10.0/10 (Category avg: 8.6/10)
- **Detection Rate:** 10.0/10 (Category avg: 8.7/10)
- **Test Automation:** 10.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind ProjectDiscovery?**

- **Seller:** [ProjectDiscovery](https://www.g2.com/sellers/projectdiscovery)
- **Year Founded:** 2020
- **HQ Location:** San Francisco, US
- **Twitter:** @pdiscoveryio (41,738 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/projectdiscovery/ (45 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 75% Enterprise, 25% Mid-Market


#### What Are ProjectDiscovery's Pros and Cons?

**Pros:**

- Customer Support (2 reviews)
- Ease of Use (2 reviews)
- Onboarding (2 reviews)
- Accuracy of Results (1 reviews)
- Cloud Integration (1 reviews)

**Cons:**

- Dashboard Issues (1 reviews)
- Inadequate Analytics (1 reviews)
- Integration Issues (1 reviews)
- Lacking Features (1 reviews)
- Limited Features (1 reviews)


### What Do G2 Reviewers Say About ProjectDiscovery?
*AI-generated summary from verified user reviews*

**Pros:**

- The **customer support** from ProjectDiscovery is exceptional, providing quick, attentive help and genuine care for users&#39; needs.
- Users find the **ease of use** of ProjectDiscovery exceptional, allowing quick integration and immediate value in vulnerability management.
- Users find the **onboarding and ease of implementation** with ProjectDiscovery incredibly simple and efficient for vulnerability management.
- Users praise the **accuracy of results** from ProjectDiscovery, benefiting from timely insights and effective threat identification.
- Users value the **seamless cloud integration** with existing infrastructure, enhancing vulnerability management and immediate value realization.

**Cons:**

- Users feel the **dashboard lacks comprehensive features** , especially for complex security environments, affecting overall utility.
- Users feel the **inadequate analytics** limits insights, particularly in complex security environments compared to more mature solutions.
- Users express concerns about **integration issues** with ProjectDiscovery, particularly in complex security ecosystems.
- Users feel ProjectDiscovery is **lacking features** compared to mature enterprise solutions, limiting its utility for complex security environments.
- Users note the **limited features** of ProjectDiscovery, which may not meet the needs of more complex security systems.

#### What Are Recent G2 Reviews of ProjectDiscovery?

**"[Very good tool for own Nuclei templates and regular port scans](https://www.g2.com/survey_responses/projectdiscovery-review-11568005)"**

**Rating:** 5.0/5.0 stars

[Read full review](https://www.g2.com/survey_responses/projectdiscovery-review-11568005)

---

**"[From Open Source to Enterprise Game-Changer: ProjectDiscovery Delivers](https://www.g2.com/survey_responses/projectdiscovery-review-11029634)"**

**Rating:** 5.0/5.0 stars
*— Jason F.*

[Read full review](https://www.g2.com/survey_responses/projectdiscovery-review-11029634)

---



### 12. [SAMI](https://www.g2.com/products/autnhive-sami/reviews)
Assisted by AI, SAMI (Security Automated by Machine Intelligence) simplifies cyber related financial and operational risk management. Demonstrably reducing risk, saving cost, enhancing ROI, streamlining process and increasing revenue for our customers.


**Average Rating:** 5.0/5.0
**Total Reviews:** 1

**Who Is the Company Behind SAMI?**

- **Seller:** [Autnhive](https://www.g2.com/sellers/autnhive)
- **Year Founded:** 2018
- **HQ Location:** West Bloomfeild, US
- **LinkedIn® Page:** http://www.linkedin.com/company/autnhive (26 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Small-Business



#### What Are Recent G2 Reviews of SAMI?

**"[Cost-effective and reliable solution](https://www.g2.com/survey_responses/sami-review-9992646)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Hospital &amp; Health Care*

[Read full review](https://www.g2.com/survey_responses/sami-review-9992646)

---



### 13. [VulnSign](https://www.g2.com/products/vulnsign/reviews)
VulnSign is help to organizations enhance their cybersecurity posture and protect their web applications from potential threats. Our intuitive, user-friendly platform allows users to quickly and easily scan their web applications for vulnerabilities that could be exploited by cybercriminals. VulnSign is designed to easy to use, yet powerful enough to identify potential vulnerabilities in your web-based systems. Our team of security experts is constantly working to improve and update our DAST application, ensuring that it stays at the forefront of the cybersecurity industry.


**Average Rating:** 5.0/5.0
**Total Reviews:** 1

**Who Is the Company Behind VulnSign?**

- **Seller:** [VulnSign](https://www.g2.com/sellers/vulnsign)
- **Year Founded:** 2022
- **HQ Location:** West Hollywood, US
- **LinkedIn® Page:** http://www.linkedin.com/company/vulnsign (1 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Small-Business



#### What Are Recent G2 Reviews of VulnSign?

**"[VulnSign&#39;s DAST and the Art of Finding Vulnerabilities!](https://www.g2.com/survey_responses/vulnsign-review-8565640)"**

**Rating:** 5.0/5.0 stars
*— Levi Y.*

[Read full review](https://www.g2.com/survey_responses/vulnsign-review-8565640)

---



### 14. [AppScanOnline](https://www.g2.com/products/appscanonline/reviews)
AppScanOnline is the leading provider of mobile app security software for today&#39;s developers. AppScanOnline&#39;s automated static vulnerability testing service quickly provides security teams with a detailed report compliant with both OWASP Top 10 and Industrial Development App standards, allowing developers to bring their application to market sooner.



**Who Is the Company Behind AppScanOnline?**

- **Seller:** [AppScanOnline](https://www.g2.com/sellers/appscanonline)
- **Year Founded:** 2018
- **HQ Location:** Taipei, TW
- **Twitter:** @AppScanOnline (26 Twitter followers)
- **LinkedIn® Page:** http://www.linkedin.com/company/appscanonline (2 employees on LinkedIn®)






### 15. [Appvigil](https://www.g2.com/products/appvigil/reviews)
Appvigil is a completely automated Mobile Reputation Protection Suite for Mobile Apps.Powered by patent pending technology, Appvigil employs intensive static, dynamic &amp; stringent network analysis.



**Who Is the Company Behind Appvigil?**

- **Seller:** [Appvigil](https://www.g2.com/sellers/appvigil)
- **HQ Location:** Seattle, US
- **Twitter:** @appvigil_co (438 Twitter followers)
- **LinkedIn® Page:** http://www.linkedin.com/company/fresh-help (1 employees on LinkedIn®)






### 16. [Bugsmirror MASST (Mobile Application Security Suite &amp; Tools)](https://www.g2.com/products/bugsmirror-masst-mobile-application-security-suite-tools/reviews)
Bugsmirror Mobile Application Security Suite &amp; Tools (MASST) is designed specifically for your business, providing scalable, end-to-end security for your mobile app. From detection to protection, MASST ensures your app is safeguarded against evolving security threats. With MASST, you can focus on growing your business, knowing your app is fully protected at every stage.



**Who Is the Company Behind Bugsmirror MASST (Mobile Application Security Suite &amp; Tools)?**

- **Seller:** [Bugsmirror](https://www.g2.com/sellers/bugsmirror)
- **Year Founded:** 2021
- **HQ Location:** Indore, IN
- **LinkedIn® Page:** https://www.linkedin.com/company/bugsmirror/ (17 employees on LinkedIn®)






### 17. [Conviso](https://www.g2.com/products/conviso/reviews)
The Conviso Platform is a complete Application Security Posture Management (ASPM) solution that centralizes visibility, correlation, and prioritization of vulnerabilities across the software development lifecycle. It integrates with your existing SAST, DAST, SCA, IaC, and CI/CD tools, automates triage, and provides a unified view of risk — helping security and development teams work together to reduce complexity and strengthen AppSec maturity.



**Who Is the Company Behind Conviso?**

- **Seller:** [Conviso Application Security](https://www.g2.com/sellers/conviso-application-security)
- **Year Founded:** 2008
- **HQ Location:** Curitiba, BR
- **LinkedIn® Page:** https://www.linkedin.com/company/convisoappsec (81 employees on LinkedIn®)






### 18. [Enso Security](https://www.g2.com/products/enso-security/reviews)
Enso Application Security Posture is a platform for AppSec teams to manage their day-to-day work, implement their security strategy into an AppSec organizational program, enforce it and automate it. And all of that in a scalable rapidly changing environment. AppSec teams struggle with prioritization - they may have a vision and concept of how to handle AppSec, but they don’t know where to invest and what actions to take. To keep up with R&amp;D velocity and scale, Enso provides full visibility on the application inventory, focuses the AppSec teams on the most important tasks and insights, and takes a policy-based “call to action” approach so that the AppSec professionals won’t waste their time looking for application changes, prioritizing, or doing manual work.



**Who Is the Company Behind Enso Security?**

- **Seller:** [Enso Security](https://www.g2.com/sellers/enso-security)
- **HQ Location:** Boston, Massachusetts, United States
- **LinkedIn® Page:** https://www.linkedin.com/company/enso-security/ (1,331 employees on LinkedIn®)






### 19. [Hexway ASOC](https://www.g2.com/products/hexway-asoc/reviews)
Universal DevSecOps platform to simplify vulnerability management. Assess, analyze, and assign vulnerabilities, ensuring a secure and controlled environment.



**Who Is the Company Behind Hexway ASOC?**

- **Seller:** [Hexway](https://www.g2.com/sellers/hexway)
- **HQ Location:** N/A
- **LinkedIn® Page:** https://www.linkedin.com/company/hexway (2 employees on LinkedIn®)






### 20. [MeshaSec](https://www.g2.com/products/meshasec/reviews)
Product Overview: The Autonomous Evolution of DAST MeshaSec is an autonomous DAST (Dynamic Application Security Testing) tool that scans web applications, APIs, and SPAs behind MFA, SSO, and TOTP authentication — without manual configuration. Built for DevSecOps teams and security engineers who need authenticated coverage with zero false positives. In 2026, security is no longer about just &quot;finding bugs&quot;—it’s about established Protocol Truth. MeshaSec orchestrates the identity handshake natively, treating your complex React/Vue/Angular applications as dynamic state machines rather than static pages. The result? 99.9% noise reduction, 100% authenticated coverage, and deterministic evidence fragments that your developers can act on instantly. Core Value Proposition: Why MeshaSec? 1. Identity-Aware Orchestration (Bypassing the Moat) Legacy scanners bounce off the entrance. MeshaSec natively orchestrates complex identity sessions, including: Enterprise SSO: Microsoft Entra ID (Azure AD), Okta, PingFederate, and Google Workspace. Adaptive MFA: Native TOTP/MFA fulfillment during scan execution. Session Continuity: Protocol-level heartbeats that detect 401/403 errors and silently re-authenticate to maintain continuous discovery. 2. Autonomous Discovery Nodes (Thinking Like an Attacker) Our discovery engine doesn&#39;t just crawl links; it understands application states. SPA Mastery: Native navigation of JS-rich environments (React, Vue, etc.). Shadow API Discovery: Uncovering private, undocumented endpoints hidden within client-side state transitions. Deep Business Logic Paths: Mapping every potential user journey to ensure no attack vector is left unverified. 3. Deterministic Protocol Truth (Ending the Triage War) Security teams are drowning in &quot;Possible XSS&quot; alerts. MeshaSec delivers Deterministic Verification: Raw Evidence Fragments: Every finding includes the raw HTTP Request and Response that triggered the flaw. 99.9% Deduplication: We correlate thousands of vectors into a single, irrefutable source of truth. Zero-Guessing Triage: If MeshaSec reports it, it exists. No probability scores—just proof. Technical Specifications &amp; Standards Alignment MeshaSec is engineered to align with global security frameworks, making it the preferred choice for compliance-driven enterprises: OWASP Top 10 Mapping: Every vulnerability is automatically categorized under current OWASP standards. MITRE ATT&amp;CK Integration: Specifically mapped to initial access and credential access techniques. Federal &amp; Global Compliance: Native reporting for NIST 800-53, WASC v2.0, and SOC2 Readiness. Intelligence Isolation: AES-256 encryption-at-rest with total environment separation between scans. Use Cases: Industry Focus FinTech &amp; Banking Secure portals protected by strict MFA and rotating session tokens. MeshaSec fulfills the identity handshake and audits deep behind the boundary without manual intervention. Enterprise SaaS Continuously map and secure multi-tenant dashboards and complex API surfaces that change daily. Our autonomous nodes scale with your deployment frequency About MeshaSec Headquartered in the global technology hub of Bengaluru, India. MeshaSec is committed to engineering the future of autonomous, identity-aware AppSec. We believe that security should be as agile as your code, and as deterministic as your logic. MeshaSec: Precision DAST for the Global Elite



**Who Is the Company Behind MeshaSec?**

- **Seller:** [MeshaSec](https://www.g2.com/sellers/meshasec)
- **HQ Location:** Bengaluru, Karnataka, India
- **LinkedIn® Page:** https://linkedin.com/company/meshasec (1 employees on LinkedIn®)






### 21. [Mobix](https://www.g2.com/products/mobix/reviews)
Mobix is a SaaS mobile application testing platform that reduces application analysis costs and time, making tests creation and finding vulnerabilities effortless. Mobix&#39;s unique characteristics include: - Non-invasive tool, which augments existing SDLC (Software Development Life Cycle) - Automates 90% of the entire test coverage for dynamic and static analysis - No code, plug and play analysis - Automated recording of tests - Machine Learning to automatically adapt auto-tests - Scalable multithread testing, custom scan rules - Compliance to all major mobile security standards



**Who Is the Company Behind Mobix?**

- **Seller:** [Swordfish Security](https://www.g2.com/sellers/swordfish-security)
- **HQ Location:** N/A
- **LinkedIn® Page:** https://www.linkedin.com/company/No-Linkedin-Presence-Added-Intentionally-By-DataOps (1 employees on LinkedIn®)






### 22. [Nullify](https://www.g2.com/products/nullify/reviews)
The post-human product security program. Nullify continuously allocates AI capacity toward the highest-impact product security work, maximizing outcomes from every engineer hour and every token spent.



**Who Is the Company Behind Nullify?**

- **Seller:** [Nullify](https://www.g2.com/sellers/nullify)
- **Company Website:** https://www.nullify.ai
- **HQ Location:** San Francisco, US
- **LinkedIn® Page:** http://www.linkedin.com/company/nullifyai (27 employees on LinkedIn®)






### 23. [Outpost24 Scale](https://www.g2.com/products/outpost24-scale/reviews)
Dynamic Application Security Testing&amp;nbsp;for DevOps Frequent changes to applications, whether built by in-house DevOps teams or outsourced from commercial suppliers, means risk evaluation must shift towards continuous testing. Our Dynamic Application Security Testing (DAST) solution, provides critical assessments&amp;nbsp;during the SDLC rapidly and efficiently with quick-and-easy configuration assessments.&amp;nbsp;With an accessible REST API, Selenium integration, and automated reporting, Scale is designed to deliver the high-quality vulnerability findings&amp;nbsp;needed to enable each iteration of the SDLC to confidently address issues before they&amp;nbsp;are released to the next phase.&amp;nbsp;



**Who Is the Company Behind Outpost24 Scale?**

- **Seller:** [Outpost24](https://www.g2.com/sellers/outpost24)
- **HQ Location:** Karlskrona, SE
- **LinkedIn® Page:** http://www.linkedin.com/company/outpost24 (252 employees on LinkedIn®)






### 24. [Oversecured](https://www.g2.com/products/oversecured/reviews)
Enterprise vulnerability scanner for Android and iOS apps. It offers app owners and developers the ability to secure each new version of a mobile app by integrating Oversecured into the development process.



**Who Is the Company Behind Oversecured?**

- **Seller:** [Oversecured](https://www.g2.com/sellers/oversecured)
- **Year Founded:** 2020
- **HQ Location:** Dover, US
- **LinkedIn® Page:** http://www.linkedin.com/company/oversecured (8 employees on LinkedIn®)






### 25. [Panoptic Scans](https://www.g2.com/products/panoptic-scans/reviews)
Panoptic Scans is a hosted vulnerability scanning platform designed to bolster cybersecurity for businesses by offering automated, comprehensive network and application vulnerability scans. Our platform empowers users to schedule vulnerability scans - daily, weekly, monthly, or annually - to ensure compliance with stringent regulations like SOC 2, HIPAA, ISO 27001, NIST 800-53, CMMC, and GDPR. Leveraging powerful tools such as OpenVAS for network vulnerabilities, OWASP ZAP for application security, and Nmap for port scanning, Panoptic Scans identifies weaknesses like unpatched software, misconfigurations, and open ports that could be exploited by cyber threats. With features like email notifications, detailed scan reports, and a user-friendly API, it simplifies vulnerability management, making it ideal for SaaS companies, security teams, and agile development environments aiming to safeguard sensitive data and maintain robust compliance effortlessly.


**Average Rating:** 5.0/5.0
**Total Reviews:** 1
**How Do G2 Users Rate Panoptic Scans?**

- **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.2/10)
- **API / Integrations:** 10.0/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.3/10 (Category avg: 8.7/10)
- **Test Automation:** 8.3/10 (Category avg: 8.7/10)

**Who Is the Company Behind Panoptic Scans?**

- **Seller:** [Panoptic Scans](https://www.g2.com/sellers/panoptic-scans)
- **Year Founded:** 2019
- **HQ Location:** N/A
- **LinkedIn® Page:** https://www.linkedin.com/company/panoptic-scans (2 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 100% Mid-Market


#### What Are Panoptic Scans's Pros and Cons?

**Pros:**

- Automated Scanning (1 reviews)
- Automation (1 reviews)
- Automation Testing (1 reviews)
- Dashboard Usability (1 reviews)
- Ease of Use (1 reviews)



### What Do G2 Reviewers Say About Panoptic Scans?
*AI-generated summary from verified user reviews*

**Pros:**

- Users find the **automated scanning** feature of Panoptic Scans easy, enhancing their SOC2 vulnerability management efficiency.
- Users find the **automation capabilities** of Panoptic Scans incredibly easy, enhancing efficiency in managing vulnerability scans.
- Users value the **ease of automation in testing** with Panoptic Scans, enabling efficient SOC2 vulnerability management.
- Users praise the **dashboard usability** of Panoptic Scans, facilitating easy automation and actionable insights for vulnerability scans.
- Users appreciate the **ease of use** with Panoptic Scans, enjoying streamlined automation for vulnerability scans and dashboards.


#### What Are Recent G2 Reviews of Panoptic Scans?

**"[Panopticsans does exactly what we need.](https://www.g2.com/survey_responses/panoptic-scans-review-11767777)"**

**Rating:** 5.0/5.0 stars
*— Jason C.*

[Read full review](https://www.g2.com/survey_responses/panoptic-scans-review-11767777)

---




## What Is Dynamic Application Security Testing (DAST) Software?

[DevSecOps Software](https://www.g2.com/categories/devsecops)

## What Software Categories Are Similar to Dynamic Application Security Testing (DAST) Software?

- [Vulnerability Scanner Software](https://www.g2.com/categories/vulnerability-scanner)
- [Penetration Testing Tools](https://www.g2.com/categories/penetration-testing-tools)
- [API Security Tools](https://www.g2.com/categories/api-security)


---

## How Do You Choose the Right Dynamic Application Security Testing (DAST) Software?

### What You Should Know About Dynamic Application Security Testing (DAST)﻿ Software

### What is Dynamic Application Security Testing (DAST) Software?

Dynamic application security testing (DAST) is one of the many technology groupings of security testing solutions. DAST is a form of black-box security testing, meaning it simulates realistic threats and attacks. This differs from other forms of testing such as static application security testing (SAST), a white-box testing methodology used to examine the source code of an application.

DAST includes a number of testing components that operate while an application is running. Security professionals simulate real-world functionality through testing the application for vulnerabilities and then evaluate the effects on application performance. The methodology is often used to find issues near the end of the software development lifecycle. These issues may be tougher to fix than early flaws and bugs are, but those flaws pose a larger threat to critical components of an application.

DAST can also be thought of as a methodology. It’s a different approach than traditional security testing because once a test is completed, there are still tests to be done. It involves periodic inspections as updates are pushed live or changes are made before release. While a penetration test or code scan might serve as a one-off test for specific vulnerabilities or bugs, dynamic testing can be performed continually throughout the lifecycle of an application.

Key Benefits of Dynamic Application Security Testing (DAST) Software

- Simulate realistic attacks and threats
- Discover vulnerabilities not found in source code
- Flexible and customizable testing options
- Comprehensive assessment and scalable testing

### Why Use Dynamic Application Security Testing (DAST) Software?

There are a number of testing solutions necessary for an all-encompassing approach to security testing and vulnerability discovery. Most start in the early stages of software development and help programmers discover bugs in the code and issues with the underlying framework or design. These tests require access to source code and are often used during development and quality assurance (QA) processes.

While early testing solutions approach testing from the standpoint of the developer, DAST approaches testing from the standpoint of a hacker. These tools simulate real threats to a functional, running application. Security professionals can simulate common attacks such as SQL injection and cross-site scripting or customize tests to threats specific to their product. These tools offer a highly customizable solution for testing during the later stages of development and while applications are deployed.

**Flexibility —** Users can schedule tests as they please or perform them continuously throughout an application’s or website’s lifecycle. Security professionals can modify environments to simulate their resources and infrastructure to ensure a realistic test and evaluation. They’re often scalable, as well, to see if increased traffic or usage would affect vulnerabilities and protection.

Industries with more specific threats may require more specific testing. Security professionals may identify a threat specific to the health care industry or financial sector and alter tests to simulate the threats most common to them. If performed correctly, these tools offer some of the most realistic and customizable solutions to the threats present in real-world situations.

**Comprehensiveness —** Threats are continuously evolving and expanding, making the ability to simulate multiple tests more necessary. DAST offers a versatile approach to testing, wherein security professionals can simulate and analyze each threat or attack type individually. These tests deliver comprehensive feedback and actionable insights that security and development teams use to remediate any issues, flaws, and vulnerabilities.

These tools will first perform an initial crawl, or examination, of applications and websites from a third-party perspective. They interact with applications using HTTP, allowing the tools to examine applications built with any programming language or on any framework. The tool will then test for misconfigurations, which expose a greater attack surface than internal vulnerabilities. Additional tests can be run, depending on the solution, but all the results and discoveries can be stored for actionable remediation.

**Continuous assessment —** Agile teams and other companies relying on frequent updates to applications should use DAST products with continuous assessment capabilities. SAST tools will provide more direct solutions for issues related to continuous integration processes, but DAST tools will provide a better view of how updates and changes will be seen from an outside perspective. Each new update may pose a new threat or unveil a new vulnerability; it is therefore crucial to continue testing even after applications have been completed and deployed.

Unlike SAST, DAST also requires less access to potentially sensitive source code within the application. DAST approaches the situation from an outside perspective as simulated threats attempt to gain access to vulnerable systems or sensitive information. This can make it easier to perform tests continuously without requiring individuals to access source code or other internal systems.

### What are the Common Features of Dynamic Application Security Testing (DAST) Software?

Standard functionality is included in most dynamic application security testing (DAST) solutions:

**Compliance testing —** Compliance testing gives users the ability to test for various requirements from regulatory bodies. This can help ensure information is stored securely and protected from hackers.

**Test automation —** Test automation is the feature powering continuous testing processes. This functionality operates by running prescripted tests as frequently as required without the need for hands-on or manual testing.

**Manual testing —** Manual testing gives the user complete control over individual tests. These features allow users to perform hands-on live simulations and penetration tests.

**Command-line tools —** The command-line interface (CLI) is the language interpreter of a computer. CLI capabilities will allow security testers to simulate threats directly from the terminal host system and input command sequences.

**Static code analysis —** Static code analysis and static security testing is used to test from the inside out. These tools help security professionals examine application source code for security flaws without executing it.

**Issue tracking —** Issue tracking helps security professionals and developers document flaws or vulnerabilities as they are discovered. Proper documentation will make it easier to organize the actionable insights provided by the DAST tool.

**Reporting and analytics —** Reporting capabilities are important to DAST tools because they provide the information necessary to remediate any recently discovered vulnerabilities. Reporting and analytics features can also give teams a better idea of how attacks may affect application availability and performance.

**Extensibility —** Many applications offer the ability to expand functionality through the use of integrations, APIs, and plugins. These extensible components provide the ability to extend the platform beyond its native feature set to include additional features and functionalities.

### Potential Issues with Dynamic Application Security Testing (DAST) Software

**Testing coverage —** While DAST technologies have come a long way, DAST tools alone are unable to discover the majority of vulnerabilities. This is why most experts suggest pairing them with SAST solutions. Combining the two can decrease the rate at which false positives occur. They can also be used to simplify the continuous testing process for agile teams. While no tool will detect every vulnerability, DAST may be less efficient than other testing tools if used alone.

**Late-stage issues —** DAST tools will require code to be compiled for each individual test because they rely on simulated functionality to test responses. This can be a roadblock for agile teams constantly integrating new code into an application. Reports are usually static and result from single tests. For agile teams, those reports can become outdated and lose value very quickly. This is just one more reason DAST tools should be used as a component of an all-encompassing security testing stack rather than a standalone solution.

**Testing capabilities —** Because DAST tools do not access an application&#39;s underlying source code, there are a number of flaws DAST tools will be unable to detect. For example, DAST tools are most effective at simulating reflection, or call-and-response, attacks where they can simulate an input and receive a response. They are not, however, highly effective in discovering smaller vulnerabilities or flaws in areas of the application that are rarely touched by users. These issues, as well as vulnerabilities in the original source code, will need to be addressed by additional security testing technologies.

### Software and Services Related to Dynamic Application Security Testing (DAST) Software

Most security software focuses on the vulnerabilities of networks and devices. Not all, but some, are used specifically for testing. But there are many different ways to tackle the topic, and using a combination of tools and testing methods is always more effective than relying on one tool alone. These are a few security tools used for various testing purposes.

[**Static application security testing (SAST) software**](https://www.g2.com/categories/static-application-security-testing-sast) **—** SAST tools are used to inspect the underlying source code of an application, making them the perfect complement to DAST tools. Using the tools in tandem is often referred to as interactive application security testing (IAST). This can help combine the black-box nature of DAST and the white-box nature of SAST to both find errors in source code as well as errors in functionality and third-party components of an application.

[**Vulnerability scanners**](https://www.g2.com/categories/vulnerability-scanner) **—** Some people use the term vulnerability scanner to describe DAST tools, but in reality DAST is just one component of most vulnerability scanners. DAST tools are application-specific, while vulnerability scanners typically provide a larger set of features for vulnerability management, risk assessment, and continuous testing.

[**Static code analysis software**](https://www.g2.com/categories/static-code-analysis) **—** Static code analysis tools are more similar to SAST than DAST, in that they’re used to evaluate an application’s source code. These tools are less directed towards security but may provide SAST capabilities. They’re typically used to scan code for a number of flaws that include bugs, security vulnerabilities, performance issues, and any other issue that may present itself if source code is not tested and optimized.



