# Best Dynamic Application Security Testing (DAST) Software

*By [Lauren Worth](https://research.g2.com/insights/author/lauren-worth)*


Dynamic application security testing (DAST) tools automate security tests for a variety of real-world threats. These tools typically test HTTP and HTML interfaces of web applications. DAST is a black-box testing method, meaning it is performed from the outside. Companies use these tools to identify vulnerabilities in their applications from an external perspective to better simulate threats most easily accessed by hackers outside their organization. There are similarities between DAST tools and other application security and vulnerability management solutions, but most other technologies perform internal tests and code analysis instead of focusing on black-box testing.

[SAST vs DAST](https://research.g2.com/blog/sast-vs-dast) — Learn the difference

To qualify for inclusion in the Dynamic Application Security Testing (DAST) category, a product must:

- Test applications in their operational state
- Perform external black-box security tests
- Trace penetrations and exploits to their sources





## Top Dynamic Application Security Testing (DAST) Software at a Glance
| # | Product | Rating | Best For | What Users Say |
|---|---------|--------|----------|----------------|
| 1 | [Aikido Security](https://www.g2.com/products/aikido-security/reviews) | 4.6/5.0 (145 reviews) | Low-noise DAST with unified AppSec scanning | "[Effortless Security Testing with Comprehensive Coverage](https://www.g2.com/survey_responses/aikido-security-review-12747129)" |
| 2 | [Astra Pentest](https://www.g2.com/products/astra-pentest/reviews) | 4.6/5.0 (212 reviews) | Validated DAST with human-verified remediation workflows | "[Smooth Onboarding, Responsive Support, and Strong Pentest Lifecycle Controls](https://www.g2.com/survey_responses/astra-pentest-review-13001206)" |
| 3 | [Burp Suite](https://www.g2.com/products/burp-suite/reviews) | 4.8/5.0 (126 reviews) | Proxy-intercept DAST with manual exploit depth | "[Complete Control Over Web Requests with Burp Suite](https://www.g2.com/survey_responses/burp-suite-review-12677559)" |
| 4 | [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) | 4.5/5.0 (68 reviews) | Proof-based DAST with CI/CD integration | "[Accurate, Actionable Scans with Minimal Noise](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-13079965)" |
| 5 | [Qodex.ai](https://www.g2.com/products/qodex-ai/reviews) | 4.9/5.0 (60 reviews) | AI-automated API security testing with self-healing | "[Effortless AI Testing Automation That Accelerates Development](https://www.g2.com/survey_responses/qodex-ai-review-12088697)" |
| 6 | [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews) | 4.5/5.0 (289 reviews) | Credentialed network vulnerability scanning with remediation guidance | "[Self-Contained Nessus Scanning with Full Control in Offline Environments](https://www.g2.com/survey_responses/tenable-nessus-review-12937668)" |
| 7 | [GitLab](https://www.g2.com/products/gitlab/reviews) | 4.5/5.0 (881 reviews) | Pipeline-embedded DAST with unified DevSecOps | "[GitLab’s All-in-One DevOps Platform with CI/CD and Security Scanning](https://www.g2.com/survey_responses/gitlab-review-12864830)" |
| 8 | [Harness Platform](https://www.g2.com/products/harness-platform/reviews) | 4.6/5.0 (300 reviews) | — | "[Best tool for cost optimization and Repository](https://www.g2.com/survey_responses/harness-platform-review-11543262)" |
| 9 | [Intruder](https://www.g2.com/products/intruder/reviews) | 4.8/5.0 (207 reviews) | Continuous external attack surface scanning with auto-remediation | "[Revolutionized Our Vulnerability Management with Real-Time Insights](https://www.g2.com/survey_responses/intruder-review-13100568)" |
| 10 | [Pynt - API Security Testing](https://www.g2.com/products/pynt-api-security-testing/reviews) | 4.8/5.0 (44 reviews) | API-first DAST with CI/CD-native discovery | "[Comprehensive Review of Pynt Tool](https://www.g2.com/survey_responses/pynt-api-security-testing-review-10046930)" |

---
## What Are the Most Common Questions About Dynamic Application Security Testing (DAST) Software?
*AI-generated · Last updated: May 26, 2026*
### Which DAST tool offers the most comprehensive testing coverage?
Based on G2 reviews, Aikido Security stands out in this category because reviewers consistently describe broad coverage across application and related security testing workflows. According to verified users, it combines DAST with capabilities such as SAST, SCA, container scanning, cloud and infrastructure visibility, and vulnerability management in one place. G2 reviewers mention that this wider coverage helps teams reduce tool sprawl, centralize findings, and speed remediation. Reviewers also repeatedly call out straightforward setup, repository integrations, and developer-friendly workflows. While some users note that certain advanced enterprise controls are still maturing, recent feedback most often highlights Aikido Security for comprehensive, all-in-one testing breadth.


### What best DAST solutions for continuous security integration?
Based on G2 reviews, buyers looking for continuous security integration often prioritize products that fit naturally into development pipelines, automate recurring scans, and reduce operational overhead. G2 reviewers mention that Aikido Security is commonly used inside DevSecOps workflows with repository integrations and automatic scanning, while Invicti is frequently praised for CI/CD integrations and proof-based testing in ongoing web application programs. According to verified users, GitLab is also valued when teams want security checks embedded directly into broader development and deployment workflows. Across recent reviews, the common buying themes are automation, clear reporting, faster remediation, and easier adoption by both security and engineering teams.

**Here are some of the top-rated products on G2:**

- [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – used for automated security scanning inside developer and repository workflows with minimal setup
- [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) – chosen for ongoing web app scanning with CI/CD integrations and proof-based validation
- [GitLab](https://www.g2.com/products/gitlab/reviews) – fits teams that want security checks embedded into pipelines, merge requests, and delivery workflows


### What best tools for combining DAST with SAST?
Based on G2 reviews, teams that want DAST and SAST together often favor platforms that reduce tool switching and present findings in one workflow. According to verified users, Aikido Security is repeatedly described as an all-in-one platform that brings together DAST, SAST, SCA, and other security checks, which helps smaller teams and fast-moving engineering groups centralize remediation. G2 reviewers mention that Invicti is also used for combining DAST with SAST and SCA in a more unified process, especially for organizations managing larger portfolios. GitLab reviews similarly point to built-in security scanning within pipelines, making it useful for teams that want code and application testing closer to delivery processes.

**Here are some of the top-rated products on G2:**

- [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – suited for teams wanting DAST, SAST, and related scanning in one developer-friendly platform
- [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) – useful for organizations seeking DAST plus SAST and SCA within a centralized workflow
- [GitLab](https://www.g2.com/products/gitlab/reviews) – helps embed multiple application security checks into CI/CD and merge request processes


### Which DAST software integrates with CI/CD pipelines?
Based on G2 reviews, Invicti is the strongest fit for this question because reviewers frequently highlight its integrations with CI/CD tools and automated testing workflows. According to verified users, it connects with tools such as Jenkins, GitLab, and Jira, and helps teams move security checks earlier into delivery cycles. G2 reviewers mention that its automation, proof-based validation, and reporting make it easier for development and security teams to focus on real issues instead of manually sorting through excessive noise. Recent feedback also notes that setup can require tuning for more complex environments, but the integration story appears consistently in the review data and is a key reason teams adopt it.


### Which is the best DAST tool for web application security?
Based on G2 reviews, Burp Suite is the clearest answer for web application security use cases. According to verified users, it is widely valued for intercepting, modifying, and replaying web requests, which helps security teams uncover issues in application logic, authentication flows, and input handling. G2 reviewers mention Repeater, Proxy, Intruder, and the broader extension ecosystem as major strengths for deep hands-on testing. Recent reviews also describe Burp Suite as especially effective for web, API, and mobile dynamic testing, with strong support for both manual and automated workflows. Some users note pricing and resource usage concerns, but reviewers consistently position it as a leading tool for web application testing depth.


### What top DAST solutions for cloud-native applications?
Based on G2 reviews, cloud-native buyers tend to favor products that can scan applications while also fitting modern DevSecOps and infrastructure-heavy workflows. G2 reviewers mention that Aikido Security is used across repositories, cloud environments, and container-related security checks, which makes it appealing for teams trying to consolidate tooling. According to verified users, Intruder is also used to monitor vulnerabilities across both cloud resources and applications from a single view. GitLab reviews similarly point to integrated pipelines, automation, and built-in security checks that support cloud-native development practices. Across the recent review set, buyers emphasize ease of setup, workflow integration, and the ability to reduce noise while keeping developers moving quickly.

**Here are some of the top-rated products on G2:**

- [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – works well for teams combining application scans with repository, container, and cloud-focused workflows
- [Intruder](https://www.g2.com/products/intruder/reviews) – fits organizations that want vulnerability visibility across cloud infrastructure and applications in one place
- [GitLab](https://www.g2.com/products/gitlab/reviews) – supports cloud-native delivery with integrated pipelines, automation, and embedded security checks


### What best tools for detecting runtime security issues?
Based on G2 reviews, buyers discussing runtime or live-application risk tend to value products that validate findings in running environments and reduce noisy results. According to verified users, Aikido Security is noted for helping teams connect code and external application risk, and one reviewer specifically highlighted its in-app protection capability for mitigating issues in legacy applications. G2 reviewers also describe Veracode Dynamic Analysis as useful for finding runtime vulnerabilities that static tools can miss, while Burp Suite is frequently used to inspect and manipulate live traffic during testing. The strongest common themes in recent feedback are actionable findings, clearer prioritization, and support for testing realistic application behavior.

**Here are some of the top-rated products on G2:**

- [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – useful for teams wanting live application visibility alongside broader application security workflows
- [Veracode Dynamic Analysis](https://www.g2.com/products/veracode-dynamic-analysis/reviews) – highlighted for identifying runtime vulnerabilities that static tools may miss
- [Burp Suite](https://www.g2.com/products/burp-suite/reviews) – strong for analyzing live web traffic and validating exploitable issues during active testing


### What top platforms for automated application vulnerability testing?
Based on G2 reviews, automated application vulnerability testing buyers often look for products that are easy to deploy, fast to scan, and clear in how they present findings. G2 reviewers mention that Intruder is valued for automated scanning, continuous updates, and low operational overhead, while Aikido Security is praised for automatic scans, developer-friendly workflows, and centralized issue management. According to verified users, Invicti also stands out for proof-based scanning and automation that supports earlier detection in development processes. Across the recent review data, the products most often associated with automation success are the ones that balance broad visibility, manageable noise levels, and integrations that help teams remediate quickly.

**Here are some of the top-rated products on G2:**

- [Intruder](https://www.g2.com/products/intruder/reviews) – designed for automated scanning, continuous monitoring, and straightforward remediation tracking
- [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – automates security scanning and helps developers prioritize and resolve issues faster
- [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) – supports automated web application scanning with validated findings and detailed reporting


### What top-rated DAST platforms for enterprise applications?
Based on G2 reviews, enterprise buyers generally look for scalable scanning, centralized reporting, and support for more complex environments. According to verified users, Invicti is often chosen for larger application portfolios because of endpoint discovery, CI/CD integrations, proof-based validation, and reporting suited to both technical and executive audiences. G2 reviewers also point to Burp Suite for deep testing depth in professional security teams and to GitLab when enterprises want security controls embedded into a broader DevSecOps platform. Recent reviews suggest the best enterprise fit depends on whether the priority is scalable automated scanning, practitioner-led testing depth, or consolidating security within software delivery operations.

**Here are some of the top-rated products on G2:**

- [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) – well suited for enterprise portfolios needing scalable scanning and centralized reporting
- [Burp Suite](https://www.g2.com/products/burp-suite/reviews) – fits enterprise security teams that need deep manual and automated web testing capability
- [GitLab](https://www.g2.com/products/gitlab/reviews) – useful for enterprises embedding security and compliance checks into a unified DevSecOps workflow


### Which DAST tool offers AI-driven vulnerability detection?
Based on G2 reviews, Aikido Security is the strongest grounded answer because multiple reviewers reference AI-related capabilities alongside its broader application security workflow. According to verified users, the platform offers AI-generated pull request fixes and GitHub-related AI features that help teams move from detection to remediation faster. G2 reviewers mention that its developer-friendly design, automated scanning, and prioritization reduce noise and help smaller teams stay productive. Reviewers also note some AI limitations, including cases where GitHub AI suggestions were not always accurate, but the recent review data still shows more direct AI-driven workflow mentions for Aikido Security than for most other products in this category.




## G2 Grid® for Dynamic Application Security Testing (DAST) Software
![G2 Grid® for Dynamic Application Security Testing (DAST) Software plotting products by satisfaction and market presence](https://www.g2.com/categories/dynamic-application-security-testing-dast/grids.png?focus%5B%5D=1259627&focus%5B%5D=154599&focus%5B%5D=32486&focus%5B%5D=1332841&focus%5B%5D=32484&focus%5B%5D=32494&focus%5B%5D=19003&focus%5B%5D=100655)
Highlighted products: Aikido Security, Astra Pentest, Burp Suite, Qodex.ai, Invicti (formerly Netsparker), Tenable Nessus, GitLab, and Harness Platform.
Underlying data: [Grid® JSON](https://www.g2.com/categories/dynamic-application-security-testing-dast/grids.json?focus%5B%5D=aikido-security&amp;focus%5B%5D=astra-pentest&amp;focus%5B%5D=burp-suite&amp;focus%5B%5D=qodex-ai&amp;focus%5B%5D=invicti-formerly-netsparker&amp;focus%5B%5D=tenable-nessus&amp;focus%5B%5D=gitlab&amp;focus%5B%5D=harness-platform)


## How Many Dynamic Application Security Testing (DAST) Software Products Does G2 Track?
**Total Products under this Category:** 94

### Category Stats (Jul 2026)
- **Average Rating**: 4.56/5 The average rating of products in this category, based on all submitted ratings
- **Top Trending Product**: Checkmarx (+0.67%) - Among all products in this category, Checkmarx recorded the largest rating increase compared to last month
*Last updated: July 14, 2026*


## How Does G2 Rank Dynamic Application Security Testing (DAST) Software Products?

**Why You Can Trust G2's Software Rankings:**

- 30 Analysts and Data Experts
- 3,900+ Authentic Reviews
- 94+ Products
- Unbiased Rankings

G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category.


## Which Dynamic Application Security Testing (DAST) Software Is Best for Your Use Case?

- **Leader:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
- **Highest Performer:** [Qodex.ai](https://www.g2.com/products/qodex-ai/reviews)
- **Easiest to Use:** [Qodex.ai](https://www.g2.com/products/qodex-ai/reviews)
- **Top Trending:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
- **Best Free Software:** [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews)


---

**Sponsored**

### Aikido Security

Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido helps teams of any size ship secure software faster, automate protection, and simulate real-world attacks with AI-driven precision. The platform’s proprietary AI cuts noise by 95%, delivers one-click fixes, and saves developers 10+ hours per week. Aikido Intel proactively uncovers vulnerabilities in open source packages before disclosure, helping secure more than 50,000 organizations worldwide, including Revolut, Niantic, Visma, Montblanc, and GoCardless.



[Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&amp;secure%5Bad_slot%5D=category_product_list&amp;secure%5Bcategory_id%5D=1521&amp;secure%5Bchosen_at%5D=2026-07-14T23%3A40%3A22Z&amp;secure%5Bdisplayable_resource_id%5D=1521&amp;secure%5Bdisplayable_resource_type%5D=Category&amp;secure%5Bmedium%5D=sponsored&amp;secure%5Bplacement_reason%5D=page_category&amp;secure%5Bplacement_resource_ids%5D%5B%5D=1521&amp;secure%5Bprioritized%5D=false&amp;secure%5Bproduct_id%5D=1259627&amp;secure%5Bresource_id%5D=1521&amp;secure%5Bresource_type%5D=Category&amp;secure%5Bsource_type%5D=category_page&amp;secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fdynamic-application-security-testing-dast%3Fopen_modal_url%3D%252Fproducts%252Fcontrast-security-contrast-security%252Fwishlists%253Fhost_path%253D%25252Fcategories%25252Fdynamic-application-security-testing-dast%2526source%253Dcategory&amp;secure%5Btoken%5D=92d0e82ad3d7ea77b427479708aa0077b5d960e366ccd948185ef4618030b1ea&amp;secure%5Burl%5D=https%3A%2F%2Fwww.aikido.dev%2Fattack%2Fsurface-monitoring-dast%3Futm_source%3Dg2%26utm_campaign%3Dg2-promoted-listing-dast%26utm_medium%3Dcpc&amp;secure%5Burl_type%5D=custom_url)

---

## What Are the Top-Rated Dynamic Application Security Testing (DAST) Software Products in 2026?
### 1. [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido helps teams of any size ship secure software faster, automate protection, and simulate real-world attacks with AI-driven precision. The platform’s proprietary AI cuts noise by 95%, delivers one-click fixes, and saves developers 10+ hours per week. Aikido Intel proactively uncovers vulnerabilities in open source packages before disclosure, helping secure more than 50,000 organizations worldwide, including Revolut, Niantic, Visma, Montblanc, and GoCardless.


**Average Rating:** 4.6/5.0
**Total Reviews:** 145
**How Do G2 Users Rate Aikido Security?**

- **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.3/10 (Category avg: 8.6/10)
- **Detection Rate:** 10.0/10 (Category avg: 8.7/10)
- **Test Automation:** 10.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind Aikido Security?**

- **Seller:** [Aikido Security](https://www.g2.com/sellers/aikido-security)
- **Company Website:** https://aikido.dev
- **Year Founded:** 2022
- **HQ Location:** Ghent, Belgium
- **Twitter:** @AikidoSecurity (11,770 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/aikido-security/ (241 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** CTO, Founder
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 72% Small-Business, 16% Mid-Market


#### What Are Aikido Security's Pros and Cons?

**Pros:**

- Ease of Use (78 reviews)
- Security (55 reviews)
- Features (52 reviews)
- Easy Integrations (47 reviews)
- Easy Setup (47 reviews)

**Cons:**

- Missing Features (19 reviews)
- Expensive (17 reviews)
- Limited Features (16 reviews)
- Pricing Issues (15 reviews)
- Lacking Features (14 reviews)


### What Do G2 Reviewers Say About Aikido Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of Aikido Security, benefiting from clear insights and streamlined vulnerability management.
- Users commend Aikido Security for its **intuitive dashboard** that simplifies identifying and managing security issues efficiently.
- Users value the **meaningful features and usability** of Aikido Security&#39;s free tier, enhancing everyday engineering workflows.
- Users appreciate the **easy integrations** with GitHub and other systems, enhancing usability for both developers and non-developers.
- Users highlight the **easy setup** of Aikido Security, making integration and implementation a seamless experience.

**Cons:**

- Users note a desire for **additional features** in Aikido Security, particularly in the free plan and integrations.
- Users find the **pricing to be quite high** , especially for startups trying to manage costs.
- Users find Aikido Security&#39;s **limited features** hinder advanced customization and reporting for enterprise-level needs.
- Users find the **entry-level pricing** of Aikido Security quite high, especially for startups with tight budgets.
- Users find Aikido Security lacking in **essential features** , complicating workflows and limiting their development capabilities.

#### What Are Recent G2 Reviews of Aikido Security?

**"[Effortless Security Testing with Comprehensive Coverage](https://www.g2.com/survey_responses/aikido-security-review-12747129)"**

**Rating:** 4.0/5.0 stars
*— Dylan E.*

[Read full review](https://www.g2.com/survey_responses/aikido-security-review-12747129)

---

**"[AI Code Reviews That Catch Vulnerabilities and Logic Bugs Across Multiple Repos](https://www.g2.com/survey_responses/aikido-security-review-13024655)"**

**Rating:** 5.0/5.0 stars
*— Jonathon K.*

[Read full review](https://www.g2.com/survey_responses/aikido-security-review-13024655)

---



### 2. [Astra Pentest](https://www.g2.com/products/astra-pentest/reviews)
Astra Security is a leading continuous penetration testing platform that combines AI-powered autonomous pentesting with certified expert-led assessments. Powered by Attack AI, trained on 6.8M+ security findings and insights from 5,000+ real-world pentests. Astra deploys intelligent agents that continuously discover, validate, prioritize, and help remediate vulnerabilities at scale. While AI handles speed and scale, Astra’s certified security experts focus on what automation alone cannot: complex business logic flaws, multi-step attack chains, advanced exploit paths, and emerging AI/LLM-specific threats. Built for modern engineering teams, Astra integrates directly into CI/CD workflows, enabling continuous security validation between releases instead of relying on outdated annual pentests. The platform delivers comprehensive Autonomous Pentest powered by AI agents, DAST vulnerability scanner and human-driven pentests across web apps, AI/LLMs, mobile apps, APIs, cloud infrastructure. Astra is CREST-accredited, CERT-IN empaneled, and a PCI ASV-certified vendor. Our team also led the development of the OWASP APTS framework, helping shape the industry standard for continuous security testing. Today, 1,500+ organizations across 70+ countries trust Astra Security, including Ford, Loom, CompTIA, Hitachi, HackerRank, and OLX.


**Average Rating:** 4.6/5.0
**Total Reviews:** 212
**How Do G2 Users Rate Astra Pentest?**

- **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.3/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.9/10 (Category avg: 8.7/10)
- **Test Automation:** 8.8/10 (Category avg: 8.7/10)

**Who Is the Company Behind Astra Pentest?**

- **Seller:** [ASTRA IT, Inc.](https://www.g2.com/sellers/astra-it-inc)
- **Company Website:** https://www.getastra.com/
- **Year Founded:** 2018
- **HQ Location:** New Delhi, IN
- **Twitter:** @getastra (694 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/getastra/ (130 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** CTO, CEO
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 66% Small-Business, 28% Mid-Market


#### What Are Astra Pentest's Pros and Cons?

**Pros:**

- Customer Support (65 reviews)
- Vulnerability Detection (52 reviews)
- Ease of Use (51 reviews)
- Pentesting Efficiency (42 reviews)
- Vulnerability Identification (38 reviews)

**Cons:**

- Poor Customer Support (12 reviews)
- Poor Interface Design (10 reviews)
- Slow Performance (8 reviews)
- UX Improvement (7 reviews)
- False Positives (6 reviews)


### What Do G2 Reviewers Say About Astra Pentest?
*AI-generated summary from verified user reviews*

**Pros:**

- Users rave about Astra Pentest&#39;s **outstanding customer support** , highlighting their responsiveness and flexibility throughout the testing process.
- Users value the **user-friendly dashboard** of Astra Pentest, providing real-time insights and effective collaboration for security teams.
- Users highlight the **ease of use** of Astra Pentest, appreciating its user-friendly interface and efficient support.
- Users appreciate the **efficiency of pentesting** with Astra Pentest, benefiting from automated tools and proactive support.
- Users value the **thorough vulnerability identification** process in Astra Pentest, enhancing overall security and understanding of issues.

**Cons:**

- Users express frustration with **poor customer support** , citing slow email responses and a lack of instant messaging options.
- Users find the **poor interface design** of Astra Pentest confusing, affecting usability and note-taking capabilities.
- Users experience **slow performance** with Astra Pentest, facing delays in report generation and inconsistent status updates.
- Users suggest that the **UI could significantly improve** to enhance usability and clarity during pentesting tasks.
- Users are frustrated by the **false positives** in Astra Pentest, wasting time and complicating the vulnerability management process.

#### What Are Recent G2 Reviews of Astra Pentest?

**"[Exceptional VAPT Solution with Prompt Support](https://www.g2.com/survey_responses/astra-pentest-review-9603864)"**

**Rating:** 5.0/5.0 stars
*— Nikhil Ajit S.*

[Read full review](https://www.g2.com/survey_responses/astra-pentest-review-9603864)

---

**"[Smooth Onboarding, Responsive Support, and Strong Pentest Lifecycle Controls](https://www.g2.com/survey_responses/astra-pentest-review-13001206)"**

**Rating:** 5.0/5.0 stars
*— Sivakumar S.*

[Read full review](https://www.g2.com/survey_responses/astra-pentest-review-13001206)

---


#### What Are G2 Users Discussing About Astra Pentest?

- [What is Astra Pentest used for?](https://www.g2.com/discussions/what-is-astra-pentest-used-for) - 2 comments

### 3. [Burp Suite](https://www.g2.com/products/burp-suite/reviews)
Burp Suite is a complete ecosystem for web application and API security testing, combining two products: Burp Suite DAST - a best-of-breed, precision DAST solution that automates runtime testing, and Burp Suite Professional - the industry-standard toolkit for manual penetration testing. Developed by PortSwigger, more than 85,000 security professionals rely on Burp Suite to find, verify, and understand vulnerabilities across complex modern web applications. Burp Suite DAST is PortSwigger’s enterprise dynamic application security testing (DAST) solution, purpose-built for continuous, automated scanning of web applications and APIs. Unlike many DAST solutions, which are part of a wider AST offering, Burp Suite DAST is not a bolt-on tool - instead it’s precision-built from over 20 years of dynamic testing experience. Burp Suite DAST reveals the runtime issues that static analysis tools miss, such as authentication flaws, configuration drift, and chained vulnerabilities. Built on the same proprietary scanning engine that powers Burp Suite Professional, it delivers precise, low-noise results that security teams trust. Key capabilities of Burp Suite DAST include: Continuous, automated scanning of web applications and APIs, integration with CI/CD pipelines and vulnerability management tools, flexible deployment across cloud, and on-premise environments, shared scanning logic and configurations between automated and manual testing, accurate, low-noise detection informed by PortSwigger Research. Burp Suite Professional complements DAST with deep manual testing capability. It’s the industry-standard toolkit for penetration testers, consultants, and AppSec engineers who need complete insight and flexibility when validating or exploring vulnerabilities. Findings discovered by DAST can be investigated and verified in Burp Suite Professional, ensuring every result is accurate, contextual, and actionable. Together, Burp Suite DAST and Burp Suite Professional create a unified ecosystem that delivers automation at breadth and manual depth where it counts. Burp Suite is built for AppSec teams who need scalable, trustworthy coverage across web and API environments, enabling a seamless handoff between automated and manual testing.


**Average Rating:** 4.8/5.0
**Total Reviews:** 126
**How Do G2 Users Rate Burp Suite?**

- **Has the product been a good partner in doing business?:** 9.7/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.3/10 (Category avg: 8.6/10)
- **Detection Rate:** 7.2/10 (Category avg: 8.7/10)
- **Test Automation:** 7.5/10 (Category avg: 8.7/10)

**Who Is the Company Behind Burp Suite?**

- **Seller:** [PortSwigger](https://www.g2.com/sellers/portswigger)
- **Company Website:** https://www.portswigger.net
- **Year Founded:** 2008
- **HQ Location:** Knutsford, GB
- **Twitter:** @Burp_Suite (138,186 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/portswigger-web-security/ (345 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Cyber Security Analyst
- **Top Industries:** Information Technology and Services, Computer &amp; Network Security
- **Company Size:** 41% Mid-Market, 31% Small-Business


#### What Are Burp Suite's Pros and Cons?

**Pros:**

- Ease of Use (12 reviews)
- User Interface (8 reviews)
- Testing Services (7 reviews)
- Features (5 reviews)
- Clear Interface (4 reviews)

**Cons:**

- Expensive (5 reviews)
- Slow Performance (5 reviews)
- High Learning Curve (2 reviews)
- Learning Curve (2 reviews)
- Limited Customization (2 reviews)


### What Do G2 Reviewers Say About Burp Suite?
*AI-generated summary from verified user reviews*

**Pros:**

- Users praise the **ease of use** of Burp Suite, appreciating its intuitive interface and quick setup for efficient testing.
- Users appreciate the **user-friendly interface** of Burp Suite, making traffic interception and parameter changes effortless.
- Users value the **deep automation and manual testing capabilities** of Burp Suite, enhancing their web application security assessments.
- Users praise the **user-friendly interface** of Burp Suite, making it efficient and enjoyable for security professionals.
- Users appreciate Burp Suite&#39;s **clear and user-friendly interface** , allowing effortless navigation and efficient traffic interception.

**Cons:**

- Users criticize Burp Suite for its **high cost** and limited accessibility for students and beginners.
- Users face **slow performance** issues, especially on low-spec devices, leading to occasional hangs and frustrating experiences.
- Users find the **high learning curve** of Burp Suite challenging, particularly in grasping its proxy setup and workflow.
- Users struggle with a **steep learning curve** in Burp Suite, particularly regarding the proxy setup and tool usage.
- Users find **limited customization** in Burp Suite restricts exploration for beginners, affecting their overall learning experience.

#### What Are Recent G2 Reviews of Burp Suite?

**"[Burp Suite Pro: A Powerful, All-in-One Platform for Web App Pen Testing](https://www.g2.com/survey_responses/burp-suite-review-12818180)"**

**Rating:** 4.5/5.0 stars
*— Aryan S.*

[Read full review](https://www.g2.com/survey_responses/burp-suite-review-12818180)

---

**"[Complete Control Over Web Requests with Burp Suite](https://www.g2.com/survey_responses/burp-suite-review-12677559)"**

**Rating:** 5.0/5.0 stars
*— Arish B.*

[Read full review](https://www.g2.com/survey_responses/burp-suite-review-12677559)

---


#### What Are G2 Users Discussing About Burp Suite?

- [What are the benefits and challenges of using BurpSuite for web application security?](https://www.g2.com/discussions/what-are-the-benefits-and-challenges-of-using-burpsuite-for-web-application-security)
- [What is BurpSuite used for?](https://www.g2.com/discussions/burpsuite-what-is-burpsuite-used-for)
- [What types of vulnerabilities can Burp Suite detect?](https://www.g2.com/discussions/what-types-of-vulnerabilities-can-burp-suite-detect)
- [What is Burp Suite Professional?](https://www.g2.com/discussions/what-is-burp-suite-professional) - 1 comment
- [Is BurpSuite free?](https://www.g2.com/discussions/is-burpsuite-free) - 2 comments

### 4. [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews)
Invicti (formerly known as Netsparker) is an enterprise application and API security testing platform that helps organizations secure thousands of web applications and APIs at scale while dramatically reducing the risk of attack. Combining advanced DAST and IAST capabilities in a single platform, Invicti enables security teams to continuously identify, prioritize, and remediate vulnerabilities across complex modern environments with confidence and automation. With Invicti, security teams can: - Automate application security testing workflows and save hundreds of hours every month - Discover and secure all web applications and APIs, including forgotten, unmanaged, and shadow assets - Deliver actionable, developer-friendly feedback that helps teams remediate vulnerabilities faster and build more secure code over time - Reduce false positives with proof-based scanning technology that validates exploitable vulnerabilities - Scale application security programs across large enterprises without slowing development teams - Integrate security seamlessly into existing DevSecOps and CI/CD workflows Built for organizations with the most demanding security requirements, Invicti empowers teams to confidently secure their entire attack surface with accuracy, scalability, and automation.


**Average Rating:** 4.5/5.0
**Total Reviews:** 68
**How Do G2 Users Rate Invicti (formerly Netsparker)?**

- **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.2/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.6/10 (Category avg: 8.7/10)
- **Test Automation:** 8.5/10 (Category avg: 8.7/10)

**Who Is the Company Behind Invicti (formerly Netsparker)?**

- **Seller:** [Invicti Security](https://www.g2.com/sellers/invicti-security-04cb0d3d-fd96-45b2-83dc-2038fc9dac92)
- **Company Website:** https://www.invicti.com/
- **Year Founded:** 2018
- **HQ Location:** Austin, Texas
- **Twitter:** @InvictiSecurity (2,557 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/invicti-security/people/ (335 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 46% Enterprise, 28% Mid-Market


#### What Are Invicti (formerly Netsparker)'s Pros and Cons?

**Pros:**

- Ease of Use (9 reviews)
- Scanning Technology (7 reviews)
- Features (6 reviews)
- Reporting Quality (6 reviews)
- Vulnerability Detection (6 reviews)

**Cons:**

- Poor Customer Support (3 reviews)
- Slow Performance (3 reviews)
- Slow Scanning (3 reviews)
- API Issues (2 reviews)
- Complex Setup (2 reviews)


### What Do G2 Reviewers Say About Invicti (formerly Netsparker)?
*AI-generated summary from verified user reviews*

**Pros:**

- Users find Invicti to be **very easy to use** , with user-friendly setup and quick, effective vulnerability scans.
- Users value the **efficient scanning technology** of Invicti, streamlining monthly tests and providing detailed vulnerability insights.
- Users value the **accurate vulnerability detection** and seamless integration with CI/CD tools offered by Invicti.
- Users value the **well-formatted and presentable reports** from Invicti, enhancing efficiency and streamlining certification processes.
- Users appreciate the **effective vulnerability detection** capabilities of Invicti, enjoying quick and accurate scans.

**Cons:**

- Users find **customer support lacking** as it often fails to provide timely solutions and enhancements are needed.
- Users often experience **slow performance** during scans and setup, impacting the overall efficiency of Invicti.
- Users experience **slow scanning** and difficulties with API endpoints, despite overall satisfactory performance when set up.
- Users face **API scanning issues** , limiting its effectiveness for certain tasks despite excellent support from Invicti.
- Users often find the **setup complex** and the UI overwhelming, making initial configurations challenging.

#### What Are Recent G2 Reviews of Invicti (formerly Netsparker)?

**"[Scalable Enterprise Security: Deep Endpoint Coverage via Invicti](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-12742667)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Information Technology and Services*

[Read full review](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-12742667)

---

**"[Accurate, Actionable Scans with Minimal Noise](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-13079965)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Retail*

[Read full review](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-13079965)

---


#### What Are G2 Users Discussing About Invicti (formerly Netsparker)?

- [What is Invicti (formerly Netsparker) used for?](https://www.g2.com/discussions/what-is-invicti-formerly-netsparker-used-for) - 1 comment
- [What type of vulnerabilities Netsparker can automatically confirm?](https://www.g2.com/discussions/invicti-formerly-netsparker-what-type-of-vulnerabilities-netsparker-can-automatically-confirm)
- [What type of vulnerabilities Netsparker can automatically confirm?](https://www.g2.com/discussions/what-type-of-vulnerabilities-netsparker-can-automatically-confirm)
- [How much does Netsparker cost?](https://www.g2.com/discussions/invicti-formerly-netsparker-how-much-does-netsparker-cost-a1ecffa4-a216-4bcc-affd-40dc140f3e27)
- [How much does Netsparker cost?](https://www.g2.com/discussions/invicti-formerly-netsparker-how-much-does-netsparker-cost)

### 5. [Qodex.ai](https://www.g2.com/products/qodex-ai/reviews)
Qodex is a continuous testing platform that runs your test scenarios against your real app on every pull request and deploy, then shows you exactly what broke with the failing request, response, and screenshot.


**Average Rating:** 4.9/5.0
**Total Reviews:** 60
**How Do G2 Users Rate Qodex.ai?**

- **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.3/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.3/10 (Category avg: 8.7/10)
- **Test Automation:** 10.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind Qodex.ai?**

- **Seller:** [QodexAI](https://www.g2.com/sellers/qodexai)
- **Company Website:** https://www.qodex.ai/
- **Year Founded:** 2023
- **HQ Location:** San Francisco, California
- **LinkedIn® Page:** https://linkedin.com/company/qodexai (13 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 75% Small-Business, 20% Mid-Market


#### What Are Qodex.ai's Pros and Cons?

**Pros:**

- Ease of Use (23 reviews)
- Automation (17 reviews)
- Testing (17 reviews)
- Testing Efficiency (17 reviews)
- Helpful (13 reviews)

**Cons:**

- Slow Loading (6 reviews)
- Poor Documentation (5 reviews)
- Slow Performance (5 reviews)
- Bug Issues (4 reviews)
- Bugs (4 reviews)


### What Do G2 Reviewers Say About Qodex.ai?
*AI-generated summary from verified user reviews*

**Pros:**

- Users find Qodex.ai&#39;s **ease of use** remarkable, with intuitive features that streamline API testing and enhance productivity.
- Users love the **automation of tests** in Qodex.ai, as it significantly saves time and enhances reliability.
- Users commend the **easy interface** for writing test cases, enhancing efficiency and accessibility for all team members.
- Users praise the **testing efficiency** of Qodex.ai, significantly reducing shipment time and simplifying bug detection.
- Users love how **Qodex.ai effortlessly automates tasks** , dramatically reducing time spent on API testing and enhancing productivity.

**Cons:**

- Users experience **slow loading** times with the UI and chatbot, affecting overall usability and efficiency.
- Users find the **poor documentation** of Qodex.ai challenging, requesting more clarity and resources for advanced features.
- Users experience **slow performance** with Qodex.ai, noting delays in UI loading and chatbot response times.
- Users report **bug issues** like repeated test cases and call for improved tagging and accuracy for better management.
- Users frequently encounter **repeated test cases** and suggest improvements for bug classification and accuracy in Qodex.ai.

#### What Are Recent G2 Reviews of Qodex.ai?

**"[Effortless AI Testing Automation That Accelerates Development](https://www.g2.com/survey_responses/qodex-ai-review-12088697)"**

**Rating:** 4.5/5.0 stars
*— Abhilash S.*

[Read full review](https://www.g2.com/survey_responses/qodex-ai-review-12088697)

---

**"[Effortless Automation and Insightful AI Testing with Qodex.ai](https://www.g2.com/survey_responses/qodex-ai-review-12065938)"**

**Rating:** 4.5/5.0 stars
*— Anshuk K.*

[Read full review](https://www.g2.com/survey_responses/qodex-ai-review-12065938)

---



### 6. [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews)
Built for security practitioners, by security professionals, Nessus products by Tenable are the de-facto industry standard for vulnerability assessment. Nessus performs point-in-time assessments to help security professionals quickly and easily identify and fix vulnerabilities, including software flaws, missing patches, malware, and misconfigurations - across a variety of operating systems, devices, and applications. With features such as pre-built policies and templates, customizable reporting, group “snooze” functionality, and real-time updates, Nessus is designed to make vulnerability assessment simple, easy, and intuitive. The result: less time and effort to assess, prioritize, and remediate issues.


**Average Rating:** 4.5/5.0
**Total Reviews:** 289
**How Do G2 Users Rate Tenable Nessus?**

- **Has the product been a good partner in doing business?:** 8.7/10 (Category avg: 9.2/10)

**Who Is the Company Behind Tenable Nessus?**

- **Seller:** [Tenable](https://www.g2.com/sellers/tenable)
- **Company Website:** https://www.tenable.com/
- **HQ Location:** Columbia, MD
- **Twitter:** @TenableSecurity (87,752 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/25452/ (2,350 employees on LinkedIn®)
- **Ownership:** NASDAQ: TENB

**Who Uses This Product?**
- **Who Uses This:** Security Engineer, Network Engineer
- **Top Industries:** Information Technology and Services, Computer &amp; Network Security
- **Company Size:** 40% Mid-Market, 34% Enterprise


#### What Are Tenable Nessus's Pros and Cons?

**Pros:**

- Vulnerability Identification (20 reviews)
- Vulnerability Detection (18 reviews)
- Ease of Use (16 reviews)
- Automated Scanning (15 reviews)
- Features (13 reviews)

**Cons:**

- Slow Scanning (7 reviews)
- Expensive (6 reviews)
- Limited Features (6 reviews)
- Complexity (5 reviews)
- False Positives (5 reviews)


### What Do G2 Reviewers Say About Tenable Nessus?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **comprehensive vulnerability identification** capabilities of Nessus for effective security risk management.
- Users value the **comprehensive vulnerability detection** capabilities of Tenable Nessus, enhancing their security management efforts.
- Users find Tenable Nessus to be **user-friendly and easy to set up** , making vulnerability detection straightforward for everyone.
- Users value the **comprehensive automated scanning** provided by Nessus, effectively identifying vulnerabilities across various assets.
- Users value the **powerful scanning features** of Tenable Nessus, enhancing vulnerability management through automation and reporting.

**Cons:**

- Users note the **slow scanning** process can take several days and impact system resources and production environments.
- Users find the **costs of running and maintaining Tenable Nessus** to be excessively high, impacting overall satisfaction.
- Users find **limited features** in Tenable Nessus, affecting usability and the ability to conduct comprehensive scans.
- Users find the **complexity** of Tenable Nessus challenging, especially with advanced features and technical requirements.
- Users note the presence of **false positives** in Nessus, resulting in additional workload for security teams.

#### What Are Recent G2 Reviews of Tenable Nessus?

**"[Self-Contained Nessus Scanning with Full Control in Offline Environments](https://www.g2.com/survey_responses/tenable-nessus-review-12937668)"**

**Rating:** 4.0/5.0 stars
*— Verified User in Higher Education*

[Read full review](https://www.g2.com/survey_responses/tenable-nessus-review-12937668)

---

**"[Reliable and Efficient Vulnerability Management Tool](https://www.g2.com/survey_responses/tenable-nessus-review-12989192)"**

**Rating:** 5.0/5.0 stars
*— Mohsin H.*

[Read full review](https://www.g2.com/survey_responses/tenable-nessus-review-12989192)

---


#### What Are G2 Users Discussing About Tenable Nessus?

- [What is Nessus used for?](https://www.g2.com/discussions/what-is-nessus-used-for) - 1 comment
- [What types of vulnerabilities are scanned by Nessus?](https://www.g2.com/discussions/what-types-of-vulnerabilities-are-scanned-by-nessus)
- [Is there a free version of Nessus?](https://www.g2.com/discussions/is-there-a-free-version-of-nessus) - 2 comments
- [What is an advantage of using Nessus?](https://www.g2.com/discussions/what-is-an-advantage-of-using-nessus)
- [What does Nessus scan for?](https://www.g2.com/discussions/what-does-nessus-scan-for) - 1 comment

### 7. [GitLab](https://www.g2.com/products/gitlab/reviews)
GitLab is the most comprehensive AI-Powered DevSecOps platform that enables software innovation by empowering development, security, and operations teams to build better software, faster. With GitLab, teams can create, deliver, and manage code quickly and continuously instead of managing disparate tools and scripts. GitLab helps your teams across the complete DevSecOps lifecycle, from developing, securing, and deploying software. What makes us truly different? - Flexibility: Consume as a service or manage your own deployment - Cloud-Agnostic: Deploy anywhere with no vendor lock-in - No rip and replace: Scale to a platform approach at your own pace


**Average Rating:** 4.5/5.0
**Total Reviews:** 881
**How Do G2 Users Rate GitLab?**

- **Has the product been a good partner in doing business?:** 8.8/10 (Category avg: 9.2/10)
- **API / Integrations:** 9.2/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.0/10 (Category avg: 8.7/10)
- **Test Automation:** 9.1/10 (Category avg: 8.7/10)

**Who Is the Company Behind GitLab?**

- **Seller:** [GitLab Inc.](https://www.g2.com/sellers/gitlab-inc)
- **Company Website:** https://about.gitlab.com/
- **Year Founded:** 2014
- **HQ Location:** San Francisco, California
- **Twitter:** @gitlab (171,534 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/5101804/ (3,473 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer, Senior Software Engineer
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 37% Mid-Market, 36% Small-Business


#### What Are GitLab's Pros and Cons?

**Pros:**

- Ease of Use (40 reviews)
- Features (39 reviews)
- CI (33 reviews)
- Integrations (32 reviews)
- CD Integration (31 reviews)

**Cons:**

- Complexity (20 reviews)
- Difficult Learning (18 reviews)
- Confusing Interface (15 reviews)
- Complex User Interface (14 reviews)
- Learning Curve (13 reviews)


### What Do G2 Reviewers Say About GitLab?
*AI-generated summary from verified user reviews*

**Pros:**

- Users find GitLab&#39;s interface to provide **ease of use** , streamlining DevOps processes for better efficiency and organization.
- Users value the **unified platform** of GitLab, integrating multiple tools to enhance productivity and reduce complexity.
- Users appreciate the **powerful CI/CD integration** of GitLab, allowing seamless automation and easy configuration for deployment.
- Users value the **seamless integrations** of GitLab, allowing easy setup and efficient project management without extra tools.
- Users appreciate the **seamless CI/CD integration** of GitLab, enhancing automation and efficiency from code to deployment.

**Cons:**

- Users find the **complexity of GitLab&#39;s structure** and management challenging, especially for newcomers and infrastructure management.
- Users face a **difficult learning curve** with GitLab, especially for those unfamiliar with the platform or technical aspects.
- Users find the **interface confusing** , requiring significant effort to navigate and understand its layered functionality.
- Users find GitLab&#39;s **complex user interface** challenging to navigate, requiring significant effort to understand its functionalities.
- Users find the **learning curve steep** when adapting to GitLab&#39;s vast features and unique group structures.

#### What Are Recent G2 Reviews of GitLab?

**"[GitLab’s All-in-One DevOps Platform with CI/CD and Security Scanning](https://www.g2.com/survey_responses/gitlab-review-12864830)"**

**Rating:** 5.0/5.0 stars
*— mani s.*

[Read full review](https://www.g2.com/survey_responses/gitlab-review-12864830)

---

**"[User-Friendly Gitlab with Powerful APIs for Smooth Integrations](https://www.g2.com/survey_responses/gitlab-review-12778582)"**

**Rating:** 4.5/5.0 stars
*— Prasanth N.*

[Read full review](https://www.g2.com/survey_responses/gitlab-review-12778582)

---


#### What Are G2 Users Discussing About GitLab?

- [What is GitLab used for?](https://www.g2.com/discussions/what-is-gitlab-used-for) - 2 comments
- [Why GitLab is better than Jenkins?](https://www.g2.com/discussions/why-gitlab-is-better-than-jenkins) - 1 comment
- [Is GitLab paid?](https://www.g2.com/discussions/is-gitlab-paid) - 5 comments, 2 upvotes
- [Is GitLab free software?](https://www.g2.com/discussions/is-gitlab-free-software) - 4 comments, 1 upvote
- [What can GitLab do?](https://www.g2.com/discussions/what-can-gitlab-do) - 2 comments

### 8. [Harness Platform](https://www.g2.com/products/harness-platform/reviews)
Simplify your developer experience with the world&#39;s first AI-augmented software delivery platform. Upgrade your software delivery with Harness&#39; innovative CI/CD, Feature Flags, Infrastructure as Code Management, and Chaos Engineering tools. We are a software delivery platform that helps developers and infrastructure engineers build and ship code for cloud and on-premise projects. We automate the continuous integration and continuous delivery (CI/CD) process to help teams build faster, ship more frequently, and improve quality, efficiency, and governance. We help companies in four key areas: Number one, we accelerate innovation through DevOps modernization. We provide an approach for software delivery that automates processes, reduces manual interventions, consolidates tools, and accelerates time-to-market for new products, features, and fixes. Number two, we improve developer experience. We give you the ability to attract, retain, and onboard high-caliber engineering talent while fostering a culture of continuous innovation and improvement. Number three, we secure software delivery. We give you the ability to integrate security into every phase of the SDLC. And last but not least is, we optimize cloud costs. We give you the ability to eliminate waste and to ensure that appropriate cloud resources are allocated at the right place at the right time.


**Average Rating:** 4.6/5.0
**Total Reviews:** 300
**How Do G2 Users Rate Harness Platform?**

- **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10)

**Who Is the Company Behind Harness Platform?**

- **Seller:** [Harness](https://www.g2.com/sellers/harness-25016f40-e80f-4417-bea8-39412055d17a)
- **Company Website:** https://harness.io/
- **Year Founded:** 2018
- **HQ Location:** San Francisco
- **Twitter:** @HarnessWealth (1,389 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/harnessinc/ (1,701 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer, DevOps Engineer
- **Top Industries:** Computer Software, Financial Services
- **Company Size:** 43% Enterprise, 38% Mid-Market


#### What Are Harness Platform's Pros and Cons?

**Pros:**

- Ease of Use (114 reviews)
- Features (73 reviews)
- Feature Flags (49 reviews)
- Easy Setup (40 reviews)
- Easy Integrations (31 reviews)

**Cons:**

- Missing Features (23 reviews)
- Limitations (20 reviews)
- Limited Features (20 reviews)
- Learning Curve (17 reviews)
- Poor UI (16 reviews)


### What Do G2 Reviewers Say About Harness Platform?
*AI-generated summary from verified user reviews*

**Pros:**

- Users find the **ease of use** of the Harness Platform simplifies project implementation and streamlines their workflow.
- Users value the **flexible targeting options** in Harness Platform, enhancing project implementation and feature management.
- Users appreciate the **user-friendly interface** of Split.io, enabling seamless feature flag management for all team members.
- Users appreciate the **easy setup** of Harness Platform, enabling quick implementation and immediate cost savings.
- Users admire the **easy integrations** of Harness Platform, enhancing the streamlined software delivery process with AI and modularity.

**Cons:**

- Users highlight a **lack of multiple filters** and missing features that could enhance the Harness Platform experience.
- Users face **limitations in configuration and management** options within Harness Platform, hindering usability and flexibility.
- Users note the **limited features** of Harness Platform, particularly the lack of advanced filtering options and intuitiveness.
- Users find the **steep learning curve** challenging and desire better documentation for easier navigation of the platform.
- Users find the **poor UI** of Harness Platform to be complex and not user-friendly, causing frustration.

#### What Are Recent G2 Reviews of Harness Platform?

**"[Harness - World of automation](https://www.g2.com/survey_responses/harness-platform-review-11792426)"**

**Rating:** 4.5/5.0 stars
*— Sunil A.*

[Read full review](https://www.g2.com/survey_responses/harness-platform-review-11792426)

---

**"[Best tool for cost optimization and Repository](https://www.g2.com/survey_responses/harness-platform-review-11543262)"**

**Rating:** 5.0/5.0 stars
*— Satendra V.*

[Read full review](https://www.g2.com/survey_responses/harness-platform-review-11543262)

---


#### What Are G2 Users Discussing About Harness Platform?

- [What is Harness Continuous Delivery used for?](https://www.g2.com/discussions/what-is-harness-continuous-delivery-used-for) - 1 comment
- [What is Propelo used for?](https://www.g2.com/discussions/what-is-propelo-used-for)
- [What is Harness Cloud Cost Management used for?](https://www.g2.com/discussions/what-is-harness-cloud-cost-management-used-for)
- [What is the difference between harness and Jenkins?](https://www.g2.com/discussions/what-is-the-difference-between-harness-and-jenkins) - 1 comment
- [What is streaming Split IO?](https://www.g2.com/discussions/what-is-streaming-split-io) - 1 comment

### 9. [Intruder](https://www.g2.com/products/intruder/reviews)
Intruder&#39;s continuous exposure management platform helps security, IT, and engineering teams stop breaches before they start. By unifying AI penetration testing, attack surface monitoring, cloud security, and vulnerability management in one intuitive platform, Intruder gives stretched teams an always-on security source of truth. Our approach focuses on continuous automated scanning using expertise and agentic solutions to ensure that the findings we deliver are accurate, prioritized by real-world risk, and ready to act on. Founded in 2015 by Chris Wallis, a former ethical hacker turned corporate blue teamer, Intruder is now protecting over 3,000 companies worldwide. Intruder has been awarded multiple accolades, was selected for GCHQ’s Cyber Accelerator, included on Deloitte’s Tech Fast 50 2023 list as the fastest-growing cybersecurity company in the UK and was named in G2’s 2026 Best Software Awards.


**Average Rating:** 4.8/5.0
**Total Reviews:** 207
**How Do G2 Users Rate Intruder?**

- **Has the product been a good partner in doing business?:** 9.7/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.9/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.5/10 (Category avg: 8.7/10)
- **Test Automation:** 8.8/10 (Category avg: 8.7/10)

**Who Is the Company Behind Intruder?**

- **Seller:** [Intruder](https://www.g2.com/sellers/intruder)
- **Company Website:** https://www.intruder.io
- **Year Founded:** 2015
- **HQ Location:** London
- **Twitter:** @intruder_io (979 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/6443623/ (83 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** CTO, Director
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 57% Small-Business, 36% Mid-Market


#### What Are Intruder's Pros and Cons?

**Pros:**

- Ease of Use (41 reviews)
- Vulnerability Detection (30 reviews)
- Customer Support (25 reviews)
- User Interface (24 reviews)
- Vulnerability Identification (24 reviews)

**Cons:**

- Expensive (9 reviews)
- Slow Scanning (8 reviews)
- Licensing Issues (7 reviews)
- False Positives (6 reviews)
- Limited Features (6 reviews)


### What Do G2 Reviewers Say About Intruder?
*AI-generated summary from verified user reviews*

**Pros:**

- Users find Intruder&#39;s **ease of use** exceptional, facilitating rapid setup and straightforward configuration for cloud resources.
- Users value the **super easy configuration and automated scanning** of Intruder, enhancing security across cloud environments.
- Users highly value Intruder&#39;s **responsive customer support** , enhancing their cybersecurity management experience with timely assistance.
- Users love Intruder&#39;s **intuitive interface** , which simplifies security tasks and integrates seamlessly with essential tools.
- Users commend the **efficient vulnerability identification** of Intruder, praising its ease of use and automated scanning features.

**Cons:**

- Users find the pricing to be **expensive** , expressing a desire for more flexible and cost-effective models.
- Users report **slow scanning** issues with Intruder, missing some SQL injections and lacking mobile device support.
- Users find **licensing issues** with Intruder challenging, particularly in understanding the model and its application to scans.
- Users report experiencing **false positives** , making it challenging to prioritize critical vulnerabilities effectively.
- Users find the **limited features** in Intruder, such as rigid licensing and reporting controls, somewhat frustrating.

#### What Are Recent G2 Reviews of Intruder?

**"[Revolutionized Our Vulnerability Management with Real-Time Insights](https://www.g2.com/survey_responses/intruder-review-13100568)"**

**Rating:** 4.5/5.0 stars
*— Verified User*

[Read full review](https://www.g2.com/survey_responses/intruder-review-13100568)

---

**"[Outstanding Experience with No Drawbacks](https://www.g2.com/survey_responses/intruder-review-12097237)"**

**Rating:** 5.0/5.0 stars
*— Nic H.*

[Read full review](https://www.g2.com/survey_responses/intruder-review-12097237)

---


#### What Are G2 Users Discussing About Intruder?

- [Who developed intruder?](https://www.g2.com/discussions/who-developed-intruder)
- [What is an intruder in cyber security?](https://www.g2.com/discussions/what-is-an-intruder-in-cyber-security)
- [Is intruder IO safe?](https://www.g2.com/discussions/is-intruder-io-safe) - 1 comment
- [What is intruder software?](https://www.g2.com/discussions/what-is-intruder-software) - 1 comment

### 10. [Pynt - API Security Testing](https://www.g2.com/products/pynt-api-security-testing/reviews)
Pynt is an innovative API Security Testing platform exposing verified API threats through simulated attacks. Hundreds of companies rely on Pynt to continuously monitor, classify and attack poorly secured APIs, before hackers do.


**Average Rating:** 4.8/5.0
**Total Reviews:** 44
**How Do G2 Users Rate Pynt - API Security Testing?**

- **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.2/10)
- **API / Integrations:** 9.5/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.3/10 (Category avg: 8.7/10)
- **Test Automation:** 9.2/10 (Category avg: 8.7/10)

**Who Is the Company Behind Pynt - API Security Testing?**

- **Seller:** [Pynt](https://www.g2.com/sellers/pynt)
- **Year Founded:** 2022
- **HQ Location:** Tel Aviv, IL
- **Twitter:** @pynt_io (361 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/pynt (16 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Computer &amp; Network Security
- **Company Size:** 57% Small-Business, 23% Enterprise


#### What Are Pynt - API Security Testing's Pros and Cons?

**Pros:**

- Vulnerability Detection (20 reviews)
- Security (19 reviews)
- API Management (17 reviews)
- Easy Integrations (17 reviews)
- Automation (15 reviews)

**Cons:**

- Complex Setup (12 reviews)
- Setup Complexity (7 reviews)
- Limited Features (4 reviews)
- Poor Interface Design (4 reviews)
- UX Improvement (4 reviews)


### What Do G2 Reviewers Say About Pynt - API Security Testing?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **flawless execution of vulnerability tests** by Pynt, ensuring robust API security effortlessly.
- Users appreciate the **seamless integration of Pynt** for addressing API security issues efficiently during development.
- Users value Pynt for its **seamless API security integration** , streamlining discovery and enhancing security throughout development.
- Users value the **easy integrations** of Pynt, simplifying API security testing with seamless connectivity to existing tools.
- Users value the **automation capabilities** of Pynt, enabling seamless and continuous API security testing within their workflows.

**Cons:**

- Users often face **complex setup challenges** with Pynt, requiring time and resources to achieve smooth integration.
- Users find **setup complexity** challenging, especially beginners, leading to difficulties during the initial configuration of Pynt.
- Users note the **limited features** of Pynt, particularly with reporting, onboarding, and free plan restrictions.
- Users feel the **poor interface design** hampers usability and suggest improvements to enhance their overall experience.
- Users feel the **user interface needs significant improvement** to enhance the overall experience while using Pynt.

#### What Are Recent G2 Reviews of Pynt - API Security Testing?

**"[Performance and Usability Review of pynt G2](https://www.g2.com/survey_responses/pynt-api-security-testing-review-11135423)"**

**Rating:** 5.0/5.0 stars
*— Devanggiri G.*

[Read full review](https://www.g2.com/survey_responses/pynt-api-security-testing-review-11135423)

---

**"[Comprehensive Review of Pynt Tool](https://www.g2.com/survey_responses/pynt-api-security-testing-review-10046930)"**

**Rating:** 5.0/5.0 stars
*— Vijayaraghavan (Vijay) V.*

[Read full review](https://www.g2.com/survey_responses/pynt-api-security-testing-review-10046930)

---



### 11. [BugDazz API Scanner](https://www.g2.com/products/bugdazz-api-scanner/reviews)
BugDazz API Security Scanner by SecureLayer7 is a comprehensive tool designed to automatically detect vulnerabilities, misconfigurations, and security gaps in API endpoints, aiding security teams in protecting digital assets against increasing API-related threats and potential exploits. It offers real-time scanning capabilities, enabling the automatic detection of vulnerabilities as they arise. It supports authentication and access control management, allowing for the management of API controls within a single platform. BugDazz assists in achieving compliance by accelerating the generation of reports for standards such as PCI DSS and HIPAA. It integrates seamlessly with existing CI/CD pipelines, facilitating the acceleration of product rollouts. The scanner goes beyond standard OWASP Top 10 vulnerabilities, providing comprehensive protection against critical API security risks.


**Average Rating:** 4.9/5.0
**Total Reviews:** 11
**How Do G2 Users Rate BugDazz API Scanner?**

- **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.2/10)
- **API / Integrations:** 10.0/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.3/10 (Category avg: 8.7/10)
- **Test Automation:** 10.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind BugDazz API Scanner?**

- **Seller:** [SecureLayer7](https://www.g2.com/sellers/securelayer7)
- **Year Founded:** 2012
- **HQ Location:** Pune, Maharshtra
- **Twitter:** @SecureLayer7 (2,522 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/securelayer7/ (127 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 91% Small-Business, 9% Mid-Market


#### What Are BugDazz API Scanner's Pros and Cons?

**Pros:**

- Accuracy of Results (4 reviews)
- CD Integration (4 reviews)
- CI (4 reviews)
- Ease of Use (4 reviews)
- Scanning Technology (4 reviews)

**Cons:**

- Poor Documentation (2 reviews)
- Difficult Learning Curve (1 reviews)
- Lack of Guidance (1 reviews)
- Lack of Information (1 reviews)
- Learning Curve (1 reviews)


### What Do G2 Reviewers Say About BugDazz API Scanner?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **accuracy of results** from BugDazz API Scanner, facilitating clearer, more productive team discussions.
- Users value the **seamless CD integration** of BugDazz, enhancing workflow efficiency and enabling fast, accurate scans.
- Users appreciate the **s seamless integration with CI/CD workflows** , enhancing efficiency and collaboration across security and engineering teams.
- Users commend the **ease of use** of BugDazz API Scanner, facilitating smooth integration into existing workflows and rapid adoption.
- Users value the **effective scanning technology** of BugDazz API Scanner for fast, accurate results in CI/CD workflows.

**Cons:**

- Users find the **poor documentation** a barrier, especially for infrastructure-specific guidance and Jenkins integration clarity.
- Users report a **difficult learning curve** with BugDazz API Scanner, needing time to effectively tune scans for testing.
- Users feel there is a **lack of guidance** in the documentation, particularly for infrastructure-specific scenarios.
- Users feel the **lack of infrastructure-specific guidance** in the BugDazz API Scanner documentation hinders effective use.
- Users note a **learning curve** with BugDazz API Scanner, requiring time to master tuning scans for various scenarios.

#### What Are Recent G2 Reviews of BugDazz API Scanner?

**"[Effective scanner and fits well into our release workflow](https://www.g2.com/survey_responses/bugdazz-api-scanner-review-12381013)"**

**Rating:** 4.5/5.0 stars
*— Kabilesh kumar K.*

[Read full review](https://www.g2.com/survey_responses/bugdazz-api-scanner-review-12381013)

---

**"[Good tool for security teams](https://www.g2.com/survey_responses/bugdazz-api-scanner-review-12300254)"**

**Rating:** 4.5/5.0 stars
*— Khaja moinuddin F.*

[Read full review](https://www.g2.com/survey_responses/bugdazz-api-scanner-review-12300254)

---



### 12. [Cobalt](https://www.g2.com/products/cobalt-io-cobalt/reviews)
Cobalt is the pioneer in pentesting as a service (PTaaS) and a leader in human-led, AI-powered offensive security services. We are focused on combining talent and technology with speed, scalability, and expertise. Thousands of customers and hundreds of partners rely on the Cobalt Offensive Security Platform, along with 500+ trusted security experts, to find and fix vulnerabilities across their environments. By enabling faster pentest launches, real-time collaboration with pentesters, and seamless integration with remediation workflows, we help organizations identify critical issues and accelerate risk mitigation so they can operate fearlessly and innovate securely.


**Average Rating:** 4.5/5.0
**Total Reviews:** 177
**How Do G2 Users Rate Cobalt?**

- **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.6/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.6/10 (Category avg: 8.7/10)
- **Test Automation:** 8.9/10 (Category avg: 8.7/10)

**Who Is the Company Behind Cobalt?**

- **Seller:** [Cobalt](https://www.g2.com/sellers/cobalt-33275b9c-c870-4949-8fd5-a68eb12f96bb)
- **Company Website:** https://cobalt.io/
- **Year Founded:** 2013
- **HQ Location:** San Francisco, California
- **Twitter:** @cobalt_io (8,462 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/cobalt_io/ (557 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** CTO, Security Engineer
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 51% Mid-Market, 23% Small-Business


#### What Are Cobalt's Pros and Cons?

**Pros:**

- Pentesting Efficiency (50 reviews)
- Customer Support (40 reviews)
- Ease of Use (39 reviews)
- Communication (31 reviews)
- Reporting Quality (28 reviews)

**Cons:**

- Expensive (14 reviews)
- Limited Scope (8 reviews)
- Lack of Detail (7 reviews)
- Pricing Issues (6 reviews)
- Inaccuracy (5 reviews)


### What Do G2 Reviewers Say About Cobalt?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **efficiency of pentesting** with Cobalt, appreciating seamless scheduling and prompt reports.
- Users highly value the **amazing customer support** from Cobalt, facilitating smooth processes and expert guidance.
- Users appreciate the **ease of use** with Cobalt, allowing seamless scheduling and immediate reports for pentests.
- Users appreciate the **excellent communication** from Cobalt, which enhances collaboration and transparency throughout the process.
- Users appreciate the **immediate and competent reporting** from Cobalt, making pentesting seamless and efficient.

**Cons:**

- Users find Cobalt to be **expensive** , especially challenging for small organizations and limited application scopes.
- Users find the **limited scope** of Cobalt&#39;s testing insufficient, lacking depth and personalization necessary for effective assessment.
- Users criticize the **lack of detail** in Cobalt&#39;s instructions, making setup and process more tedious than necessary.
- Users find the **pricing model confusing** and suggest a review to eliminate unnecessary upcharges for integrations.
- Users experience **inaccuracy** in Cobalt&#39;s audits, leading to lost credits and inconsistent quality in security testing results.

#### What Are Recent G2 Reviews of Cobalt?

**"[Flexible Scheduling and Clear, Consistent Pen Test Communication](https://www.g2.com/survey_responses/cobalt-review-12678239)"**

**Rating:** 4.0/5.0 stars
*— Chris A.*

[Read full review](https://www.g2.com/survey_responses/cobalt-review-12678239)

---

**"[Collaborative, Real-World Pentesting with Actionable Findings](https://www.g2.com/survey_responses/cobalt-review-12683090)"**

**Rating:** 5.0/5.0 stars
*— Arpit G.*

[Read full review](https://www.g2.com/survey_responses/cobalt-review-12683090)

---


#### What Are G2 Users Discussing About Cobalt?

- [How do you use Cobalt?](https://www.g2.com/discussions/how-do-you-use-cobalt)
- [What is cobalt database?](https://www.g2.com/discussions/what-is-cobalt-database)
- [What is a cobalt developer?](https://www.g2.com/discussions/what-is-a-cobalt-developer)
- [Is cobalt an operating system?](https://www.g2.com/discussions/is-cobalt-an-operating-system)

### 13. [Edgescan](https://www.g2.com/products/edgescan/reviews)
What Is Edgescan? Edgescan is a cybersecurity company that helps organizations proactively identify, validate, and prioritize vulnerabilities across their applications, API’s and digital landscape. The company specializes in continuous vulnerability assessment, automated penetration testing, Attack Surface Management and Penetration Testing as a Service (PTaaS). Edgescan combines advanced automation with certified security experts, including professionals holding credentials such as CREST and OSCP, to deliver highly accurate and actionable security testing. This hybrid approach allows organizations to move beyond traditional point-in-time penetration tests and operate a continuous proactive cybersecurity program. The Edgescan platform is designed primarily for web application and API security, enabling organizations to continuously assess their attack surface and identify vulnerabilities throughout the development lifecycle but also delivers “full stack” coverage to detect host layer CVE’s. With a client retention rate of over 90%, Edgescan has built long-term partnerships by delivering measurable improvements in security efficiency, risk visibility, and vulnerability management. Key Features and Capabilities of Edgescan Automated Penetration Testing Edgescan uses intelligent automation to continuously assess applications, APIs, hosts, and cloud environments for vulnerabilities. This enables frequent, scalable security testing across modern and distributed architectures. Human‑Validated Testing Findings are reviewed and manually validated by certified security experts to eliminate false positives and provide deeper insight into real‑world exploitability. Each result is accurate, contextual, and actionable. Penetration Testing as a Service (PTaaS) Edgescan’s PTaaS model extends beyond automated testing by allowing expert testers to focus on vulnerabilities that require human analysis, including: • Business logic flaws • Authentication and authorization weaknesses • Context-dependent exposures • Complex attack chains and privilege escalation paths Cyber Analytics and AI‑Assisted Validation AI-driven analysis enhances detection, verifies exploitability, and increases accuracy. This reduces noise and gives security teams a clearer picture of genuine threats. Integrated Threat Intelligence Edgescan correlates vulnerabilities with real-world threat intelligence, including known exploits and ransomware activity to help organizations prioritize the most dangerous exposures first. Risk‑Based Prioritization Findings are prioritized based on exploitability, severity, threat context, and business impact, ensuring teams focus on the issues that matter most. Primary Value: What Edgescan Solves for Clients Edgescan enables organizations to shift from reactive vulnerability management to a continuous, proactive security model. Traditional scanners and periodic penetration tests frequently produce large volumes of unvalidated findings. This creates noise and forces security teams to spend hours determining which issues are real and critical. Edgescan solves this by combining: Automation for continuous testing Human expertise for validation and complex analysis Cyber analytics and AI for accuracy and prioritization Key Benefits Significant efficiency gains: reducing thousands of hours spent on manual validation. Higher accuracy, thanks to expert‑validated findings and reduced false positives. Clear prioritization, using threat intelligence and ransomware insights to highlight the highest‑risk exposures. Continuous security improvement, enabling rapid detection, faster remediation, and scalable vulnerability management. By unifying automation, human expertise, AI, and threat intelligence, Edgescan empowers organizations to maintain a continuous cybersecurity program that strengthens overall security posture while dramatically reducing operational burden.


**Average Rating:** 4.7/5.0
**Total Reviews:** 51
**How Do G2 Users Rate Edgescan?**

- **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.0/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.2/10 (Category avg: 8.7/10)
- **Test Automation:** 9.3/10 (Category avg: 8.7/10)

**Who Is the Company Behind Edgescan?**

- **Seller:** [Edgescan](https://www.g2.com/sellers/edgescan)
- **Company Website:** https://www.edgescan.com
- **Year Founded:** 2017
- **HQ Location:** Dublin, Dublin
- **Twitter:** @edgescan (2,256 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/2928425/ (89 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 32% Enterprise, 32% Mid-Market


#### What Are Edgescan's Pros and Cons?

**Pros:**

- Ease of Use (25 reviews)
- Vulnerability Detection (24 reviews)
- Customer Support (19 reviews)
- Vulnerability Identification (19 reviews)
- Features (18 reviews)

**Cons:**

- Complex UI (5 reviews)
- Limited Customization (5 reviews)
- Poor Interface Design (5 reviews)
- Slow Performance (5 reviews)
- UX Improvement (5 reviews)


### What Do G2 Reviewers Say About Edgescan?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of Edgescan, enabling efficient navigation and streamlined vulnerability management.
- Users value the **automated vulnerability detection** of Edgescan, enhancing efficiency and risk management across their systems.
- Users value the **excellent customer support** from Edgescan, with a proactive team ready to assist anytime.
- Users commend Edgescan for its **thorough vulnerability identification** , enhancing security planning and response efficiency.
- Users commend Edgescan for its **feature-rich portal** and intuitive interface, making security assessments streamlined and efficient.

**Cons:**

- Users find the **UI complex and not user-friendly** , making navigation and finding settings challenging at times.
- Users note **limited customization options** , particularly in the filtering system, which can hamper initial usability.
- Users find the **poor interface design** of Edgescan frustrating, impacting usability and ease of access to features.
- Users experience **slow performance** due to manual review processes, leading to longer scan completion times.
- Users find the **UI not user friendly** , citing issues with intuitiveness and difficulty in locating settings.

#### What Are Recent G2 Reviews of Edgescan?

**"[Edgescan Is Amazing!](https://www.g2.com/survey_responses/edgescan-review-11014532)"**

**Rating:** 5.0/5.0 stars
*— Greg S.*

[Read full review](https://www.g2.com/survey_responses/edgescan-review-11014532)

---

**"[Edgescan: Easy Setup, Clear Insights, and Expert Security Support](https://www.g2.com/survey_responses/edgescan-review-12224347)"**

**Rating:** 5.0/5.0 stars
*— Matt W.*

[Read full review](https://www.g2.com/survey_responses/edgescan-review-12224347)

---


#### What Are G2 Users Discussing About Edgescan?

- [What is edgescan used for?](https://www.g2.com/discussions/what-is-edgescan-used-for) - 1 comment

### 14. [Acunetix by Invicti](https://www.g2.com/products/acunetix-by-invicti/reviews)
Acunetix (by Invicti) is an automated application security testing tool that enables small security teams to tackle huge application security challenges. With fast scanning, comprehensive results, and intelligent automation, Acunetix helps organizations to reduce risk across all types of web applications, websites, and APIs. With Acunetix, security teams can: - Save time and resources by automating manual security processes - Work more seamlessly with developers, or embrace DevSecOps by integrating directly into development tools - Feel confident that every web application has been crawled entirely thanks to DAST + IAST scanning and intelligent crawling technology - Finally, make web application and API security a priority and not just an add-on with a solution that is dedicated to application and API security 100% of the time You can depend on Acunetix to meet your organization’s needs today and face the challenges of modern web technology together tomorrow.


**Average Rating:** 4.1/5.0
**Total Reviews:** 100
**How Do G2 Users Rate Acunetix by Invicti?**

- **Has the product been a good partner in doing business?:** 8.2/10 (Category avg: 9.2/10)
- **API / Integrations:** 7.9/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.7/10 (Category avg: 8.7/10)
- **Test Automation:** 8.1/10 (Category avg: 8.7/10)

**Who Is the Company Behind Acunetix by Invicti?**

- **Seller:** [Invicti Security](https://www.g2.com/sellers/invicti-security-04cb0d3d-fd96-45b2-83dc-2038fc9dac92)
- **Company Website:** https://www.invicti.com/
- **Year Founded:** 2018
- **HQ Location:** Austin, Texas
- **Twitter:** @InvictiSecurity (2,557 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/invicti-security/people/ (335 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 40% Enterprise, 34% Mid-Market


#### What Are Acunetix by Invicti's Pros and Cons?

**Pros:**

- Vulnerability Detection (7 reviews)
- Ease of Use (6 reviews)
- Security (5 reviews)
- Vulnerability Identification (5 reviews)
- Accuracy of Results (4 reviews)

**Cons:**

- Expensive (4 reviews)
- Complexity (3 reviews)
- Complex Setup (3 reviews)
- Slow Scanning (3 reviews)
- Difficult Customization (2 reviews)


### What Do G2 Reviewers Say About Acunetix by Invicti?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **accurate and fast vulnerability detection** of Acunetix, enhancing security in their web applications.
- Users value the **ease of use** of Acunetix, appreciating its simple setup and seamless integration into workflows.
- Users highlight the **exceptional security capabilities** of Acunetix, ensuring superior protection for web applications and APIs.
- Users praise Acunetix for its **powerful vulnerability identification** , enhancing security while being user-friendly and efficient.
- Users praise the **accuracy of results** with Acunetix, making vulnerability detection reliable and effective.

**Cons:**

- Users find the **pricing structure expensive** , making it challenging for smaller teams to access Acunetix effectively.
- Users find the **complexity of setup and resource intensity** of Acunetix challenging, particularly with large applications.
- Users find the **complex setup** of Acunetix challenging, especially for first-time configurations and integrations.
- Users find the **scanning process to be slow** , often hindering workflow and impacting system performance during deep scans.
- Users find **difficult customization** challenging with Acunetix, requiring technical skills and patience for effective integration and setup.

#### What Are Recent G2 Reviews of Acunetix by Invicti?

**"[Effortless Vulnerability Detection That Fits Seamlessly into DevSecOps](https://www.g2.com/survey_responses/acunetix-by-invicti-review-11909125)"**

**Rating:** 5.0/5.0 stars
*— Ranit D.*

[Read full review](https://www.g2.com/survey_responses/acunetix-by-invicti-review-11909125)

---

**"[Powerful Security Scanning Made Easy with Acunetix](https://www.g2.com/survey_responses/acunetix-by-invicti-review-11964967)"**

**Rating:** 5.0/5.0 stars
*— Deepesh V.*

[Read full review](https://www.g2.com/survey_responses/acunetix-by-invicti-review-11964967)

---


#### What Are G2 Users Discussing About Acunetix by Invicti?

- [How has Acunetix supported your web security efforts, and what features do you rely on most?](https://www.g2.com/discussions/how-has-acunetix-supported-your-web-security-efforts-and-what-features-do-you-rely-on-most)
- [What is Acunetix by Invicti used for?](https://www.g2.com/discussions/what-is-acunetix-by-invicti-used-for)

### 15. [Checkmarx](https://www.g2.com/products/checkmarx/reviews)
Checkmarx is a type of application security solution designed to help organizations safeguard their software development processes while enhancing efficiency and reducing costs. The Checkmarx One platform stands out in the realm of enterprise-grade security, offering comprehensive protection that addresses the complexities of modern software development, including legacy systems and AI-generated code. By scanning trillions of lines of code annually, Checkmarx enables companies to significantly lower their vulnerability density, ensuring a robust defense against potential threats. The platform is particularly beneficial for software development teams, security professionals, and organizations that prioritize secure coding practices. With the increasing reliance on AI technologies and the rapid pace of software development, Checkmarx One provides essential tools to mitigate risks associated with both traditional and emerging programming languages. Its innovative architecture, powered by autonomous security agents and AI-native intelligence, allows organizations to integrate security seamlessly into their development workflows, thereby accelerating development velocity without compromising on safety. Key features of Checkmarx One include Triage Assist, which employs an autonomous AI agent to prioritize vulnerabilities based on real-world exploitability and contextual risk. This feature empowers teams to concentrate their efforts on the most critical issues rather than getting bogged down by static severity scores. Additionally, Remediation Assist generates review-ready fixes for validated vulnerabilities prior to code merges, streamlining the secure delivery process and minimizing the manual overhead typically associated with remediation tasks. Developer Assist is another notable feature, acting as a standalone security agent that identifies risks during the coding process. By providing safe, explainable, and verified fixes directly within the integrated development environment (IDE), it supports developers in maintaining a stable and rapid development pace. Furthermore, the platform includes AI Supply Chain Security, which offers centralized governance and visibility for AI components embedded in applications, ensuring that hidden AI assets are discovered and managed effectively. Lastly, Checkmarx One incorporates advanced analysis engines such as AI SAST and DAST for AI, which enhance security measures across various environments. The AI SAST feature expands detection capabilities to cover emerging and unsupported programming languages, while the DAST for AI strengthens runtime protection in continuous integration and deployment (CI/CD) settings. Together, these features position Checkmarx One as a comprehensive solution for organizations looking to fortify their software development lifecycle against evolving threats.


**Average Rating:** 4.2/5.0
**Total Reviews:** 43
**How Do G2 Users Rate Checkmarx?**

- **Has the product been a good partner in doing business?:** 8.6/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.3/10 (Category avg: 8.6/10)
- **Detection Rate:** 5.0/10 (Category avg: 8.7/10)
- **Test Automation:** 6.7/10 (Category avg: 8.7/10)

**Who Is the Company Behind Checkmarx?**

- **Seller:** [Checkmarx](https://www.g2.com/sellers/checkmarx)
- **Company Website:** https://www.checkmarx.com
- **Year Founded:** 2006
- **HQ Location:** Paramus, NJ
- **Twitter:** @Checkmarx (7,284 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/checkmarx (1,019 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 57% Enterprise, 21% Mid-Market


#### What Are Checkmarx's Pros and Cons?

**Pros:**

- Implementation Ease (2 reviews)
- User Interface (2 reviews)
- Accuracy of Results (1 reviews)
- Automation Testing (1 reviews)
- Customer Support (1 reviews)

**Cons:**

- False Positives (1 reviews)
- Lacking Features (1 reviews)
- Missing Features (1 reviews)
- Poor Navigation (1 reviews)


### What Do G2 Reviewers Say About Checkmarx?
*AI-generated summary from verified user reviews*

**Pros:**

- Users find Checkmarx to offer **easy implementation** into existing repositories, enhancing their security review processes effortlessly.
- Users enjoy the **intuitive user interface** of Checkmarx, making navigation through features straightforward and user-friendly.
- Users value the **accuracy of results** from Checkmarx, appreciating its precise vulnerability descriptions and guidance.
- Users value **automation testing** in Checkmarx for its ease of integration, intuitive UI, and detailed vulnerability guidance.
- Users value the **responsive Customer Support** team at Checkmarx, ensuring help is available when needed.

**Cons:**

- Users experience a significant number of **false positives** in Checkmarx, especially when analyzing Kotlin projects.
- Users report a significant issue with **false positives** in Checkmarx, especially for Kotlin-based projects compared to others.
- Users face **missing features** in Checkmarx, particularly in Kotlin support, leading to numerous false positives.
- Users find the **navigation poor** in Checkmarx, noting the need for better dashboard layout and display enhancements.

#### What Are Recent G2 Reviews of Checkmarx?

**"[Checkmarx: Reliable SAST Solution for Strengthening Application Security](https://www.g2.com/survey_responses/checkmarx-review-13085824)"**

**Rating:** 4.0/5.0 stars
*— Naushad T.*

[Read full review](https://www.g2.com/survey_responses/checkmarx-review-13085824)

---

**"[Centralized Source Code Security with Seamless CI/CD Integration](https://www.g2.com/survey_responses/checkmarx-review-12980590)"**

**Rating:** 5.0/5.0 stars
*— Aman M.*

[Read full review](https://www.g2.com/survey_responses/checkmarx-review-12980590)

---


#### What Are G2 Users Discussing About Checkmarx?

- [What is Checkmarx used for?](https://www.g2.com/discussions/checkmarx-what-is-checkmarx-used-for) - 1 comment, 1 upvote
- [How much does Checkmarx cost?](https://www.g2.com/discussions/how-much-does-checkmarx-cost)
- [Which testing method does Checkmarx support?](https://www.g2.com/discussions/which-testing-method-does-checkmarx-support) - 1 comment
- [Does Checkmarx support DAST?](https://www.g2.com/discussions/does-checkmarx-support-dast) - 1 comment
- [What is Checkmarx used for?](https://www.g2.com/discussions/what-is-checkmarx-used-for) - 2 comments

### 16. [Jit](https://www.g2.com/products/jit/reviews)
Jit is redefining application security by introducing the first Agentic AppSec Platform, seamlessly blending human expertise with AI-driven automation. Designed for modern development teams, Jit empowers organizations to proactively manage security risks across the entire software development lifecycle.​ AI-Powered Agents Jit&#39;s AI Agents, such as SERA (Security Evaluation and Remediation Agent) and COTA (Communication, Ops, and Ticketing Agent), collaborate with your teams to automate vulnerability triage, risk assessment, and remediation processes, significantly reducing manual workloads. ​ Comprehensive Security Scanning Achieve full-stack security coverage with integrated scanners for SAST, DAST, SCA, IaC, CSPM, and more. Jit&#39;s platform ensures continuous monitoring and immediate feedback on code changes, facilitating rapid identification and resolution of security issues. ​ Developer-Centric Experience With integrations into popular IDEs and CI/CD pipelines, Jit provides developers with contextual security insights directly within their workflows, promoting a shift-left approach without disrupting productivity. ​ Agentic AI for AppSec Teams Risk-Based Prioritization Utilizing the Model Context Protocol (MCP), Jit evaluates vulnerabilities in the context of runtime environments, business impact, and compliance requirements, enabling teams to focus on the most critical risks. ​ Seamless Integrations Jit integrates with a wide array of tools, including GitHub, GitLab, AWS, Azure, GCP, Jira, Slack, and more, ensuring that security processes are embedded within your existing technology stack. ​


**Average Rating:** 4.5/5.0
**Total Reviews:** 43
**How Do G2 Users Rate Jit?**

- **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.7/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.0/10 (Category avg: 8.7/10)
- **Test Automation:** 8.5/10 (Category avg: 8.7/10)

**Who Is the Company Behind Jit?**

- **Seller:** [jit](https://www.g2.com/sellers/jit)
- **Year Founded:** 2021
- **HQ Location:** Boston, MA
- **Twitter:** @jit_io (522 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/jit/ (150 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Financial Services
- **Company Size:** 44% Mid-Market, 42% Small-Business


#### What Are Jit's Pros and Cons?

**Pros:**

- Security (10 reviews)
- Ease of Use (7 reviews)
- Easy Integrations (7 reviews)
- Efficiency (7 reviews)
- Automation (6 reviews)

**Cons:**

- Integration Issues (4 reviews)
- Limited Features (4 reviews)
- Limited Integration (4 reviews)
- Poor Documentation (4 reviews)
- Complexity (3 reviews)


### What Do G2 Reviewers Say About Jit?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate how Jit offers **seamless integration of security** into workflows, enhancing efficiency and consistency.
- Users appreciate the **ease of use** of Jit, enabling efficient processes and streamlined security integration without complexity.
- Users appreciate the **easy integrations** of Jit, streamlining security within their development workflows effortlessly.
- Users value the **efficiency of JIT** , which minimizes waste and streamlines processes for better productivity.
- Users appreciate the **automation of security controls** in Jit, which enhances workflow efficiency without adding overhead.

**Cons:**

- Users note **integration issues** with some enterprise tools, requiring extra setup and lacking comprehensive support for frameworks.
- Users find the **limited features** of Jit restrict customization and deeper analytics for complex environments.
- Users note the **limited integration** with certain tools, impacting functionality and requiring additional manual setup.
- Users feel the **documentation is lacking** , making advanced configurations and integrations challenging, especially for first-time users.
- Users find Jit&#39;s **complexity** overwhelming, particularly in configurations and for those unfamiliar with DevSecOps.

#### What Are Recent G2 Reviews of Jit?

**"[Exploring jit a personal review](https://www.g2.com/survey_responses/jit-review-11751139)"**

**Rating:** 4.0/5.0 stars
*— Mohamed A.*

[Read full review](https://www.g2.com/survey_responses/jit-review-11751139)

---

**"[Helpful Tool for Integrating Security in Mobile App Development](https://www.g2.com/survey_responses/jit-review-11750234)"**

**Rating:** 4.0/5.0 stars
*— Ali A.*

[Read full review](https://www.g2.com/survey_responses/jit-review-11750234)

---



### 17. [Bright Security](https://www.g2.com/products/bright-security/reviews)
Bright Security’s dev-centric DAST platform empowers both developers and AppSec professionals with enterprise-grade security testing capabilities for web applications, APIs, and GenAI and LLM applications. Bright knows how to deliver the right tests, at the right time in the SDLC, in developers and AppSec tools and stacks of choice with minimal false positives and alert fatigue.


**Average Rating:** 4.7/5.0
**Total Reviews:** 29
**How Do G2 Users Rate Bright Security?**

- **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.3/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.2/10 (Category avg: 8.7/10)
- **Test Automation:** 8.9/10 (Category avg: 8.7/10)

**Who Is the Company Behind Bright Security?**

- **Seller:** [Bright Security ](https://www.g2.com/sellers/bright-security)
- **Year Founded:** 2018
- **HQ Location:** San Rafael
- **Twitter:** @BrightAppSec (1,511 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/brightappsec (111 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer &amp; Network Security, Information Technology and Services
- **Company Size:** 52% Enterprise, 34% Mid-Market


#### What Are Bright Security's Pros and Cons?

**Pros:**

- Accuracy of Results (4 reviews)
- Automated Scanning (4 reviews)
- Ease of Use (4 reviews)
- Detection (3 reviews)
- Easy Integrations (3 reviews)

**Cons:**

- Learning Curve (3 reviews)
- Complex Setup (2 reviews)
- Setup Complexity (2 reviews)
- Complexity (1 reviews)
- Confusing Interface (1 reviews)


### What Do G2 Reviewers Say About Bright Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **accuracy of results** from Bright Security, focusing on real issues with minimal noise during development.
- Users value the **automated scanning** of Bright Security, enhancing security seamlessly within their development processes.
- Users value the **ease of use** of Bright Security, appreciating its intuitive design and seamless integration into workflows.
- Users love the **seamless integration** of Bright Security into workflows, enhancing efficiency without compromising security during development.
- Users value the **easy integrations** of Bright Security, enhancing their CI/CD workflows without compromising deployment speed.

**Cons:**

- Users find the **learning curve challenging** , especially with initial setup and navigating the dense UI of Bright Security.
- Users find the **initial setup complex** , especially with the learning curve for configuring scan profiles and features.
- Users find the **initial setup complex** , causing delays due to a learning curve with configuration and customization.
- Users find the **complexity of initial setup** challenging, especially when navigating advanced features and scan configurations.
- Users find the **confusing interface** of Bright Security overwhelming, making it difficult to locate important settings easily.

#### What Are Recent G2 Reviews of Bright Security?

**"[Reliable and Developer-Friendly Security Solution](https://www.g2.com/survey_responses/bright-security-review-12157897)"**

**Rating:** 4.5/5.0 stars
*— John S.*

[Read full review](https://www.g2.com/survey_responses/bright-security-review-12157897)

---

**"[Modern, Insightful, and Seamlessly Fits Our Workflow](https://www.g2.com/survey_responses/bright-security-review-12164035)"**

**Rating:** 4.5/5.0 stars
*— Gauri K.*

[Read full review](https://www.g2.com/survey_responses/bright-security-review-12164035)

---



### 18. [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews)
Veracode helps companies that innovate through software deliver secure code on time. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline,empower developers to fix security defects, and scales your program through best practices to achieve your desired outcomes. Veracode covers your all your AppSec needs in one solution through a combination of five analysis types available for 24 programming languages, 77 frameworks, and application types as varied as microservices, mainframe and mobile apps.


**Average Rating:** 3.8/5.0
**Total Reviews:** 25
**How Do G2 Users Rate Veracode Application Security Platform?**

- **Has the product been a good partner in doing business?:** 7.9/10 (Category avg: 9.2/10)
- **API / Integrations:** 7.9/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.0/10 (Category avg: 8.7/10)
- **Test Automation:** 9.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind Veracode Application Security Platform?**

- **Seller:** [VERACODE](https://www.g2.com/sellers/veracode)
- **Year Founded:** 2006
- **HQ Location:** Burlington, MA
- **Twitter:** @Veracode (21,950 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/27845/ (502 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services
- **Company Size:** 69% Enterprise, 31% Mid-Market


#### What Are Veracode Application Security Platform's Pros and Cons?

**Pros:**

- Security (5 reviews)
- Vulnerability Detection (5 reviews)
- Automated Scanning (3 reviews)
- Detection (3 reviews)
- Ease of Use (3 reviews)

**Cons:**

- Expensive (2 reviews)
- Lack of Information (2 reviews)
- Licensing Issues (2 reviews)
- Poor Customer Support (2 reviews)
- Pricing Issues (2 reviews)


### What Do G2 Reviewers Say About Veracode Application Security Platform?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **effective security vulnerability identification** in Veracode, enhancing overall application security and adherence to best practices.
- Users value the **effective vulnerability detection** of Veracode, facilitating comprehensive security and streamlined development processes.
- Users value the **automated scanning** features of Veracode for effectively identifying and addressing security vulnerabilities.
- Users value the **robust detection capabilities** of Veracode, efficiently identifying vulnerabilities and enhancing application security.
- Users appreciate the **ease of use** of Veracode, as it streamlines integration and enhances security processes effectively.

**Cons:**

- Users find the platform **expensive** due to increasing costs and a complex licensing model that lacks justification.
- Users face a **lack of information** regarding feature availability and discrepancies between documentation and delivery.
- Users face **licensing issues** with increasing costs, complexity, and pressure from account executives, impacting overall satisfaction.
- Users experience **poor customer support** with Veracode, facing pressure, unmet promises, and complicated processes.
- Users find the **pricing issues** with Veracode challenging, citing increased costs and complex licensing that complicates usage.

#### What Are Recent G2 Reviews of Veracode Application Security Platform?

**"[Streamlined Security, Effortless Integration](https://www.g2.com/survey_responses/veracode-application-security-platform-review-11757799)"**

**Rating:** 5.0/5.0 stars
*— Bhanu Prakash M.*

[Read full review](https://www.g2.com/survey_responses/veracode-application-security-platform-review-11757799)

---

**"[Clear, Unified View of Application Capabilities](https://www.g2.com/survey_responses/veracode-application-security-platform-review-12910910)"**

**Rating:** 4.5/5.0 stars
*— Christopher S.*

[Read full review](https://www.g2.com/survey_responses/veracode-application-security-platform-review-12910910)

---


#### What Are G2 Users Discussing About Veracode Application Security Platform?

- [What is difference between veracode and SonarQube?](https://www.g2.com/discussions/what-is-difference-between-veracode-and-sonarqube)
- [What is veracode software composition analysis?](https://www.g2.com/discussions/what-is-veracode-software-composition-analysis)
- [What is veracode used for?](https://www.g2.com/discussions/what-is-veracode-used-for)
- [What is the veracode application security platform?](https://www.g2.com/discussions/what-is-the-veracode-application-security-platform)

### 19. [Akto API Security Platform](https://www.g2.com/products/akto-api-security-platform/reviews)
Akto is a trusted platform for application security and product security teams to build an enterprise-grade API security program throughout their DevSecOps pipeline. Our industry-leading suite of — API discovery, API security posture management, sensitive data exposure, and API security testing solutions enables organizations to gain visibility in their API security posture. 1,000+ Application Security teams globally trust Akto for their API security needs. Akto use cases: 1. API Discovery 2. API Security Testing in CI/CD 3. API Security Posture Management 4. Authentication and Authorization Testing 5. Sensitive data Exposure 6. Shift left in DevSecOps


**Average Rating:** 4.5/5.0
**Total Reviews:** 54
**How Do G2 Users Rate Akto API Security Platform?**

- **Has the product been a good partner in doing business?:** 9.1/10 (Category avg: 9.2/10)
- **API / Integrations:** 9.0/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.1/10 (Category avg: 8.7/10)
- **Test Automation:** 8.8/10 (Category avg: 8.7/10)

**Who Is the Company Behind Akto API Security Platform?**

- **Seller:** [Akto.io](https://www.g2.com/sellers/akto-io)
- **Company Website:** https://www.akto.io
- **Year Founded:** 2022
- **HQ Location:** San Francisco, California
- **Twitter:** @Aktodotio (1,357 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/akto-io/ (29 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Financial Services, Information Technology and Services
- **Company Size:** 44% Mid-Market, 40% Small-Business


#### What Are Akto API Security Platform's Pros and Cons?

**Pros:**

- Security (11 reviews)
- Cybersecurity (8 reviews)
- Ease of Use (8 reviews)
- API Management (7 reviews)
- Automation Testing (7 reviews)

**Cons:**

- Complex Setup (7 reviews)
- Setup Complexity (6 reviews)
- API Management (4 reviews)
- Complexity (4 reviews)
- Difficult Configuration (4 reviews)


### What Do G2 Reviewers Say About Akto API Security Platform?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **automated security testing** of Akto API Security Platform, enhancing their development process and security measures.
- Users value the **efficient AI integration** in Akto, enhancing API security and seamlessly fitting into DevSecOps workflows.
- Users appreciate the **user-friendly experience** of Akto API Security Platform, enjoying its clear dashboard and easy navigation.
- Users value the **seamless API security testing** integration with CI/CD pipelines, enhancing efficiency and collaboration in DevSecOps.
- Users appreciate the **automation testing capabilities** of Akto, simplifying API security and enhancing integration within CI/CD workflows.

**Cons:**

- Users find the **complex initial setup** challenging due to steep learning curves and inadequate documentation.
- Users face a **complex initial setup** with Akto, highlighting the need for better documentation and onboarding support.
- Users find the **steep learning curve** and complex configuration of Akto API Security challenging for new teams.
- Users find the **complexity** of Akto&#39;s platform can hinder new users in their understanding and setup experience.
- Users often face **difficult configuration** challenges with Akto, requiring significant time and effort to understand its features.

#### What Are Recent G2 Reviews of Akto API Security Platform?

**"[Easy to Implement, Clear API Security Visibility, and Responsive Support](https://www.g2.com/survey_responses/akto-api-security-platform-review-12272742)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Information Technology and Services*

[Read full review](https://www.g2.com/survey_responses/akto-api-security-platform-review-12272742)

---

**"[Easy to Use API Security Tool That Helps Save Time](https://www.g2.com/survey_responses/akto-api-security-platform-review-11240428)"**

**Rating:** 4.5/5.0 stars
*— ashish d.*

[Read full review](https://www.g2.com/survey_responses/akto-api-security-platform-review-11240428)

---



### 20. [Veracode Dynamic Analysis](https://www.g2.com/products/veracode-dynamic-analysis/reviews)
Veracode Dynamic Analysis helps companies scan their web applications for exploitable vulnerabilities at scale. With an ability to test thousands of applications simultaneously and a less than 1% false positive rate coupled with comprehensive remediation guidance, customers are able to rapidly reduce their risk of a breach across their web applications.The solution integrates with Veracode Discovery, which maps your web attack surface, to scan inventoried sites


**Average Rating:** 4.3/5.0
**Total Reviews:** 14
**How Do G2 Users Rate Veracode Dynamic Analysis?**

- **Has the product been a good partner in doing business?:** 7.3/10 (Category avg: 9.2/10)
- **API / Integrations:** 9.4/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.2/10 (Category avg: 8.7/10)
- **Test Automation:** 9.4/10 (Category avg: 8.7/10)

**Who Is the Company Behind Veracode Dynamic Analysis?**

- **Seller:** [VERACODE](https://www.g2.com/sellers/veracode)
- **Year Founded:** 2006
- **HQ Location:** Burlington, MA
- **Twitter:** @Veracode (21,950 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/27845/ (502 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 75% Enterprise, 19% Mid-Market



#### What Are Recent G2 Reviews of Veracode Dynamic Analysis?

**"[Dynamic Analysis Security Testing (DAST)](https://www.g2.com/survey_responses/veracode-dynamic-analysis-review-5100493)"**

**Rating:** 4.0/5.0 stars
*— Syed Ubaid A.*

[Read full review](https://www.g2.com/survey_responses/veracode-dynamic-analysis-review-5100493)

---

**"[Very Low False Positives and Actionable Results](https://www.g2.com/survey_responses/veracode-dynamic-analysis-review-12516427)"**

**Rating:** 4.5/5.0 stars
*— Tarun K.*

[Read full review](https://www.g2.com/survey_responses/veracode-dynamic-analysis-review-12516427)

---



### 21. [HCL AppScan](https://www.g2.com/products/hcl-appscan/reviews)
HCL AppScan is a comprehensive suite of market-leading application security testing solutions (SAST, DAST, IAST, SCA, API), available on-premises and on-cloud. These powerful DevSecOps tools pinpoint application vulnerabilities, allowing for quick remediation in every phase of the software development lifecycle. Fast and Accurate Scanning for Secure DevOps Developers and DevOps teams can quickly and accurately scan code, applications, and APIs for security vulnerabilities while applications are being developed. This allows companies to fix issues at the earliest stages of the software development lifecycle, when it is least costly to the business. Focus on the Fix Continuous monitoring with IAST, along with auto issue correlation with DAST and SAST scan results allows DevOps teams to group and prioritize findings for faster, more streamlined remediation. Enterprise Management for Security Teams Centralized, easy-to-use dashboards provide visibility and oversight of all security scanning and remediation, and allow users to set scan parameters and compliance policies.


**Average Rating:** 4.1/5.0
**Total Reviews:** 74
**How Do G2 Users Rate HCL AppScan?**

- **Has the product been a good partner in doing business?:** 8.8/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.1/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.2/10 (Category avg: 8.7/10)
- **Test Automation:** 7.9/10 (Category avg: 8.7/10)

**Who Is the Company Behind HCL AppScan?**

- **Seller:** [HCL Technologies](https://www.g2.com/sellers/hcl-technologies)
- **Company Website:** https://hcl-software.com/
- **Year Founded:** 1999
- **HQ Location:** Noida, Uttar Pradesh
- **Twitter:** @hcltech (425,043 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/1756/ (246,058 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer &amp; Network Security
- **Company Size:** 54% Enterprise, 28% Small-Business



#### What Are Recent G2 Reviews of HCL AppScan?

**"[Easy to setup and powerful application security](https://www.g2.com/survey_responses/hcl-appscan-review-9387983)"**

**Rating:** 4.0/5.0 stars
*— chandramohan K.*

[Read full review](https://www.g2.com/survey_responses/hcl-appscan-review-9387983)

---

**"[A Testing Suite that packs quite a punch!](https://www.g2.com/survey_responses/hcl-appscan-review-9215302)"**

**Rating:** 5.0/5.0 stars
*— Pranav U.*

[Read full review](https://www.g2.com/survey_responses/hcl-appscan-review-9215302)

---


#### What Are G2 Users Discussing About HCL AppScan?

- [What is HCL AppScan used for?](https://www.g2.com/discussions/what-is-hcl-appscan-used-for)
- [What does HCL AppScan do?](https://www.g2.com/discussions/what-does-hcl-appscan-do)
- [Who owns AppScan?](https://www.g2.com/discussions/who-owns-appscan) - 1 comment
- [Is AppScan free?](https://www.g2.com/discussions/is-appscan-free) - 1 comment

### 22. [Indusface WAS](https://www.g2.com/products/indusface-was/reviews)
Indusface WAS (Web Application Scanner) provides comprehensive managed dynamic application security testing (DAST) solution. It is a zero-touch, non-intrusive cloud-based solution that provides daily monitoring for web applications, checking for systems and application vulnerabilities, and malware. Indusface WAS with its automated scans &amp; manual pentesting done by certified security experts ensures none of the OWASP Top10, business logic vulnerabilities, and malware go unnoticed. With zero false-positive guarantee and comprehensive reporting with remediation guidance, Indusface web app scanning ensures developers to quickly fix vulnerabilities seamlessly.


**Average Rating:** 4.6/5.0
**Total Reviews:** 63
**How Do G2 Users Rate Indusface WAS?**

- **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10)
- **API / Integrations:** 9.7/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.4/10 (Category avg: 8.7/10)
- **Test Automation:** 9.4/10 (Category avg: 8.7/10)

**Who Is the Company Behind Indusface WAS?**

- **Seller:** [Indusface](https://www.g2.com/sellers/indusface)
- **Year Founded:** 2012
- **HQ Location:** Vadodara
- **Twitter:** @Indusface (3,472 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/indusface/ (180 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 52% Small-Business, 37% Mid-Market


#### What Are Indusface WAS's Pros and Cons?

**Pros:**

- Vulnerability Detection (19 reviews)
- Vulnerability Identification (16 reviews)
- Customer Support (6 reviews)
- Scanning Efficiency (6 reviews)
- Security (6 reviews)

**Cons:**

- Expensive (2 reviews)
- Confusing Interface (1 reviews)
- Lacking Features (1 reviews)
- Limited Scope (1 reviews)
- Poor Interface Design (1 reviews)


### What Do G2 Reviewers Say About Indusface WAS?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **vulnerability detection capabilities** of Indusface WAS, ensuring accurate identification and guided remediation of risks.
- Users value the **consistent and reliable vulnerability detection** of Indusface WAS, enhancing their security over time.
- Users rave about the **excellent customer support** from Indusface, ensuring quick resolutions and thorough assistance.
- Users value the **scanning efficiency** of Indusface WAS, facilitating extensive vulnerability assessments post-deployment.
- Users value the **deep-dive security scanning** of Indusface WAS, aiding in accreditation and vulnerability management.

**Cons:**

- Users find Indusface WAS **expensive** , especially for additional scanning in staging and development environments.
- Users find the **interface confusing** and suggest it could be more intuitive and visually appealing.
- Users feel that there is **a lack of features** for staging environment scans, limiting their testing capabilities.
- Users find the **limited scope** of Indusface WAS regarding staging scans to be a significant drawback for testing.
- Users find the **interface design poor** , feeling it&#39;s outdated and lacking in intuitiveness and informative elements.

#### What Are Recent G2 Reviews of Indusface WAS?

**"[Vulnerability and malware scanner in one](https://www.g2.com/survey_responses/indusface-was-review-11323529)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Insurance*

[Read full review](https://www.g2.com/survey_responses/indusface-was-review-11323529)

---

**"[Great support Given by shivani](https://www.g2.com/survey_responses/indusface-was-review-11074325)"**

**Rating:** 5.0/5.0 stars
*— Sai N.*

[Read full review](https://www.g2.com/survey_responses/indusface-was-review-11074325)

---


#### What Are G2 Users Discussing About Indusface WAS?

- [What is Indusface WAS used for?](https://www.g2.com/discussions/what-is-indusface-was-used-for)

### 23. [Pentest-Tools.com](https://www.g2.com/products/pentest-tools-com/reviews)
Discover what&#39;s possible. Prove what&#39;s real. With proprietary tech and key experts in offensive security. Pentest-Tools.com is built for actual security testing, not just detection. We provide the coverage, consolidation, and automation cybersecurity teams need to optimize vulnerability assessment workflows. And we ensure the depth, control, and customization on which professional pentesters count to increase engagement quality and profitability. ✔️ Comprehensive toolkit with real-world coverage ✔️ Validated findings rich with evidence ✔️ Automation options with granular control ✔️ Flexible, high-quality reporting ✔️ Workflow-friendly by design Optimize and scale penetration testing and vulnerability assessment workflows - without sacrificing accuracy, control, or manual testing depth. 🎯 Attack surface mapping and recon 🎯 Comprehensive vulnerability scanning 🎯 Vulnerability exploitation 🎯 Customizable pentest reporting and data exports 🎯 Continuous vulnerability monitoring In our company, we build what we use We launched Pentest-Tools.com in 2017 as a team of professional penetration testers - and we&#39;ve kept that mindset ever since. Our experts still drive product development today, focusing relentlessly on accuracy, speed, and control. Every new feature, detection, and workflow comes from real-world experience. We constantly improve the product with updated attack techniques, smarter automation, and validation that reflects how malicious hackers actually operate - so your team can deliver security work that&#39;s faster, more visible, and built on proof.


**Average Rating:** 4.8/5.0
**Total Reviews:** 102
**How Do G2 Users Rate Pentest-Tools.com?**

- **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10)
- **API / Integrations:** 7.3/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.2/10 (Category avg: 8.7/10)
- **Test Automation:** 8.3/10 (Category avg: 8.7/10)

**Who Is the Company Behind Pentest-Tools.com?**

- **Seller:** [Pentest-Tools.com](https://www.g2.com/sellers/pentest-tools-com)
- **Year Founded:** 2017
- **HQ Location:** Sectorul 1, Bucharest
- **Twitter:** @pentesttoolscom (4,062 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/33242531/ (64 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** CEO
- **Top Industries:** Computer &amp; Network Security, Information Technology and Services
- **Company Size:** 65% Small-Business, 19% Mid-Market


#### What Are Pentest-Tools.com's Pros and Cons?

**Pros:**

- Ease of Use (6 reviews)
- Automation (4 reviews)
- Customer Support (4 reviews)
- Pentesting Efficiency (4 reviews)
- Scheduling (4 reviews)

**Cons:**

- Difficult Customization (2 reviews)
- Limited Features (2 reviews)
- Slow Scanning (2 reviews)
- Bugs (1 reviews)
- Confusing Interface (1 reviews)


### What Do G2 Reviewers Say About Pentest-Tools.com?
*AI-generated summary from verified user reviews*

**Pros:**

- Users highlight the **ease of use** of Pentest-Tools.com, making penetration testing accessible for everyone, regardless of experience.
- Users value the **automation features** of Pentest-Tools.com for simplifying scans and enhancing vulnerability management efficiency.
- Users commend the **quick and helpful customer support** of Pentest-Tools.com, enhancing their overall experience and efficiency.
- Users value the **efficiency in conducting penetration tests** with Pentest-Tools.com, simplifying vulnerability detection and reporting.
- Users appreciate the **easy scheduling** feature of Pentest-Tools.com, which significantly saves time during vulnerability assessments.

**Cons:**

- Users express frustration over **difficult customization** options in Pentest-Tools, limiting report flexibility and personalization.
- Users find the **limited features** of Pentest-Tools.com, like report customization, hinder their efficiency and flexibility.
- Users find the **slow scanning** times of Pentest-Tools.com frustrating, hindering their workflow and efficiency.
- Users find the **bugs require extra manual work** , which can be annoying when working with complex web apps.
- Users find the **interface confusing** , wishing for a more intuitive navigation between different tools and reports.

#### What Are Recent G2 Reviews of Pentest-Tools.com?

**"[why i would recommend pen-test tools.com to small teams](https://www.g2.com/survey_responses/pentest-tools-com-review-11787083)"**

**Rating:** 4.0/5.0 stars
*— Omar B.*

[Read full review](https://www.g2.com/survey_responses/pentest-tools-com-review-11787083)

---

**"[Cost-Effective, Accurate, and Fast—Easy Setup and Smooth Integrations](https://www.g2.com/survey_responses/pentest-tools-com-review-13059643)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Insurance*

[Read full review](https://www.g2.com/survey_responses/pentest-tools-com-review-13059643)

---


#### What Are G2 Users Discussing About Pentest-Tools.com?

- [What is Pentest-Tools.com used for?](https://www.g2.com/discussions/what-is-pentest-tools-com-used-for)
- [How do you perform a VAPT?](https://www.g2.com/discussions/how-do-you-perform-a-vapt) - 1 comment
- [What are the security testing tools?](https://www.g2.com/discussions/what-are-the-security-testing-tools) - 1 comment
- [What are VAPT tools?](https://www.g2.com/discussions/what-are-vapt-tools) - 1 comment
- [What is Pentest tool?](https://www.g2.com/discussions/what-is-pentest-tool) - 1 comment

### 24. [Beagle Security](https://www.g2.com/products/beagle-security/reviews)
Beagle Security helps you identify vulnerabilities in your web applications, APIs, GraphQL and remediate them with actionable insights before hackers harm you in any manner. With Beagle Security, you can integrate automated penetration testing into your CI/CD pipeline to identify security issues earlier in your development lifecycle and ship safer web applications. Major features: - Checks your web apps &amp; APIs for 3000+ test cases to find security loopholes - OWASP &amp; SANS standards - Recommendations to address security issues - Security test complex web apps with login - Compliance reports (GDPR, HIPAA &amp; PCI DSS) - Test scheduling - DevSecOps integrations - API integration - Team access - Integrations with popular tools like Slack, Jira, Asana, Trello &amp; 100+ other tools


**Average Rating:** 4.7/5.0
**Total Reviews:** 85
**How Do G2 Users Rate Beagle Security?**

- **Has the product been a good partner in doing business?:** 9.5/10 (Category avg: 9.2/10)
- **API / Integrations:** 7.9/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.2/10 (Category avg: 8.7/10)
- **Test Automation:** 9.7/10 (Category avg: 8.7/10)

**Who Is the Company Behind Beagle Security?**

- **Seller:** [Beagle Security](https://www.g2.com/sellers/beagle-security)
- **Year Founded:** 2020
- **HQ Location:** San Francisco, US
- **Twitter:** @beaglesecure (206 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/beaglesecurity/ (50 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** CEO, Director
- **Top Industries:** Marketing and Advertising, Information Technology and Services
- **Company Size:** 91% Small-Business, 7% Mid-Market


#### What Are Beagle Security's Pros and Cons?

**Pros:**

- Reporting Quality (1 reviews)
- Setup Ease (1 reviews)



### What Do G2 Reviewers Say About Beagle Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users commend the **attractive reporting** of Beagle Security, highlighting its ease of configuration and comprehensive insights.
- Users find the **setup ease** of Beagle Security to be user-friendly with attractive reporting features.


#### What Are Recent G2 Reviews of Beagle Security?

**"[Comprehensive Security Testing with Actionable Insights](https://www.g2.com/survey_responses/beagle-security-review-12619693)"**

**Rating:** 5.0/5.0 stars
*— Nkosinathi T.*

[Read full review](https://www.g2.com/survey_responses/beagle-security-review-12619693)

---

**"[Very thorough service that gives us good Ci/CD assurance between Pen Tests](https://www.g2.com/survey_responses/beagle-security-review-11354043)"**

**Rating:** 5.0/5.0 stars
*— Matt B.*

[Read full review](https://www.g2.com/survey_responses/beagle-security-review-11354043)

---


#### What Are G2 Users Discussing About Beagle Security?

- [How has Beagle Security enhanced your web security, and what features would you like to see added?](https://www.g2.com/discussions/how-has-beagle-security-enhanced-your-web-security-and-what-features-would-you-like-to-see-added)
- [What is Beagle Security used for?](https://www.g2.com/discussions/what-is-beagle-security-used-for) - 1 comment

### 25. [Contrast Security](https://www.g2.com/products/contrast-security-contrast-security/reviews)
Contrast Security is the global leader in Application Detection and Response (ADR), empowering organizations to see and stop attacks on applications and APIs in real time. Contrast embeds patented threat sensors directly into the software, delivering unmatched visibility and protection. With continuous, real-time defense, Contrast uncovers hidden application layer risks that traditional solutions miss. Contrast’s powerful Runtime Security technology equips developers, AppSec teams and SecOps with one platform that proactively protects and defends applications and APIs against evolving threats.


**Average Rating:** 4.5/5.0
**Total Reviews:** 49
**How Do G2 Users Rate Contrast Security?**

- **Has the product been a good partner in doing business?:** 9.0/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.7/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.2/10 (Category avg: 8.7/10)
- **Test Automation:** 8.3/10 (Category avg: 8.7/10)

**Who Is the Company Behind Contrast Security?**

- **Seller:** [Contrast Security](https://www.g2.com/sellers/contrast-security)
- **Company Website:** https://contrastsecurity.com
- **Year Founded:** 2014
- **HQ Location:** Pleasanton, CA
- **Twitter:** @contrastsec (5,468 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/contrast-security/ (196 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Insurance, Information Technology and Services
- **Company Size:** 67% Enterprise, 20% Mid-Market


#### What Are Contrast Security's Pros and Cons?

**Pros:**

- Accuracy of Findings (2 reviews)
- Accuracy of Results (2 reviews)
- Vulnerability Detection (2 reviews)
- Automated Scanning (1 reviews)
- Automation (1 reviews)

**Cons:**

- Complex Setup (1 reviews)
- Difficult Setup (1 reviews)
- Performance Issues (1 reviews)
- Problematic Updates (1 reviews)
- Setup Complexity (1 reviews)


### What Do G2 Reviewers Say About Contrast Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **accuracy of findings** from Contrast Security, ensuring greater precision in identifying vulnerabilities.
- Users value the **accuracy of results** from Contrast Security, benefiting from precise vulnerability monitoring and analysis.
- Users commend the **real-time vulnerability detection** of Contrast Security, appreciating its quick feedback and agile support.
- Users commend the **real-time vulnerability detection** of Contrast Security, appreciating its quick turnaround and excellent support.
- Users value the **real-time security testing** and excellent support from Contrast Security, enhancing their overall security posture.

**Cons:**

- Users experienced **performance issues** with Contrast Security, particularly with Java applications, but found support helpful in resolving them.

#### What Are Recent G2 Reviews of Contrast Security?

**"[Contrast Security makes application security simple](https://www.g2.com/survey_responses/contrast-security-review-8516563)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Higher Education*

[Read full review](https://www.g2.com/survey_responses/contrast-security-review-8516563)

---

**"[Shift-Smart with Contrast](https://www.g2.com/survey_responses/contrast-security-review-8492224)"**

**Rating:** 5.0/5.0 stars
*— Kiran S.*

[Read full review](https://www.g2.com/survey_responses/contrast-security-review-8492224)

---


#### What Are G2 Users Discussing About Contrast Security?

- [What is contrast protect?](https://www.g2.com/discussions/what-is-contrast-protect)
- [Is Contrast security SaaS?](https://www.g2.com/discussions/is-contrast-security-saas)
- [What is Contrast security tool?](https://www.g2.com/discussions/what-is-contrast-security-tool)
- [What does contrast security do?](https://www.g2.com/discussions/what-does-contrast-security-do)


## What Is Dynamic Application Security Testing (DAST) Software?

[DevSecOps Software](https://www.g2.com/categories/devsecops)

## What Software Categories Are Similar to Dynamic Application Security Testing (DAST) Software?

- [Vulnerability Scanner Software](https://www.g2.com/categories/vulnerability-scanner)
- [Penetration Testing Tools](https://www.g2.com/categories/penetration-testing-tools)
- [API Security Tools](https://www.g2.com/categories/api-security)


---

## How Do You Choose the Right Dynamic Application Security Testing (DAST) Software?

### What You Should Know About Dynamic Application Security Testing (DAST)﻿ Software

### What is Dynamic Application Security Testing (DAST) Software?

Dynamic application security testing (DAST) is one of the many technology groupings of security testing solutions. DAST is a form of black-box security testing, meaning it simulates realistic threats and attacks. This differs from other forms of testing such as static application security testing (SAST), a white-box testing methodology used to examine the source code of an application.

DAST includes a number of testing components that operate while an application is running. Security professionals simulate real-world functionality through testing the application for vulnerabilities and then evaluate the effects on application performance. The methodology is often used to find issues near the end of the software development lifecycle. These issues may be tougher to fix than early flaws and bugs are, but those flaws pose a larger threat to critical components of an application.

DAST can also be thought of as a methodology. It’s a different approach than traditional security testing because once a test is completed, there are still tests to be done. It involves periodic inspections as updates are pushed live or changes are made before release. While a penetration test or code scan might serve as a one-off test for specific vulnerabilities or bugs, dynamic testing can be performed continually throughout the lifecycle of an application.

Key Benefits of Dynamic Application Security Testing (DAST) Software

- Simulate realistic attacks and threats
- Discover vulnerabilities not found in source code
- Flexible and customizable testing options
- Comprehensive assessment and scalable testing

### Why Use Dynamic Application Security Testing (DAST) Software?

There are a number of testing solutions necessary for an all-encompassing approach to security testing and vulnerability discovery. Most start in the early stages of software development and help programmers discover bugs in the code and issues with the underlying framework or design. These tests require access to source code and are often used during development and quality assurance (QA) processes.

While early testing solutions approach testing from the standpoint of the developer, DAST approaches testing from the standpoint of a hacker. These tools simulate real threats to a functional, running application. Security professionals can simulate common attacks such as SQL injection and cross-site scripting or customize tests to threats specific to their product. These tools offer a highly customizable solution for testing during the later stages of development and while applications are deployed.

**Flexibility —** Users can schedule tests as they please or perform them continuously throughout an application’s or website’s lifecycle. Security professionals can modify environments to simulate their resources and infrastructure to ensure a realistic test and evaluation. They’re often scalable, as well, to see if increased traffic or usage would affect vulnerabilities and protection.

Industries with more specific threats may require more specific testing. Security professionals may identify a threat specific to the health care industry or financial sector and alter tests to simulate the threats most common to them. If performed correctly, these tools offer some of the most realistic and customizable solutions to the threats present in real-world situations.

**Comprehensiveness —** Threats are continuously evolving and expanding, making the ability to simulate multiple tests more necessary. DAST offers a versatile approach to testing, wherein security professionals can simulate and analyze each threat or attack type individually. These tests deliver comprehensive feedback and actionable insights that security and development teams use to remediate any issues, flaws, and vulnerabilities.

These tools will first perform an initial crawl, or examination, of applications and websites from a third-party perspective. They interact with applications using HTTP, allowing the tools to examine applications built with any programming language or on any framework. The tool will then test for misconfigurations, which expose a greater attack surface than internal vulnerabilities. Additional tests can be run, depending on the solution, but all the results and discoveries can be stored for actionable remediation.

**Continuous assessment —** Agile teams and other companies relying on frequent updates to applications should use DAST products with continuous assessment capabilities. SAST tools will provide more direct solutions for issues related to continuous integration processes, but DAST tools will provide a better view of how updates and changes will be seen from an outside perspective. Each new update may pose a new threat or unveil a new vulnerability; it is therefore crucial to continue testing even after applications have been completed and deployed.

Unlike SAST, DAST also requires less access to potentially sensitive source code within the application. DAST approaches the situation from an outside perspective as simulated threats attempt to gain access to vulnerable systems or sensitive information. This can make it easier to perform tests continuously without requiring individuals to access source code or other internal systems.

### What are the Common Features of Dynamic Application Security Testing (DAST) Software?

Standard functionality is included in most dynamic application security testing (DAST) solutions:

**Compliance testing —** Compliance testing gives users the ability to test for various requirements from regulatory bodies. This can help ensure information is stored securely and protected from hackers.

**Test automation —** Test automation is the feature powering continuous testing processes. This functionality operates by running prescripted tests as frequently as required without the need for hands-on or manual testing.

**Manual testing —** Manual testing gives the user complete control over individual tests. These features allow users to perform hands-on live simulations and penetration tests.

**Command-line tools —** The command-line interface (CLI) is the language interpreter of a computer. CLI capabilities will allow security testers to simulate threats directly from the terminal host system and input command sequences.

**Static code analysis —** Static code analysis and static security testing is used to test from the inside out. These tools help security professionals examine application source code for security flaws without executing it.

**Issue tracking —** Issue tracking helps security professionals and developers document flaws or vulnerabilities as they are discovered. Proper documentation will make it easier to organize the actionable insights provided by the DAST tool.

**Reporting and analytics —** Reporting capabilities are important to DAST tools because they provide the information necessary to remediate any recently discovered vulnerabilities. Reporting and analytics features can also give teams a better idea of how attacks may affect application availability and performance.

**Extensibility —** Many applications offer the ability to expand functionality through the use of integrations, APIs, and plugins. These extensible components provide the ability to extend the platform beyond its native feature set to include additional features and functionalities.

### Potential Issues with Dynamic Application Security Testing (DAST) Software

**Testing coverage —** While DAST technologies have come a long way, DAST tools alone are unable to discover the majority of vulnerabilities. This is why most experts suggest pairing them with SAST solutions. Combining the two can decrease the rate at which false positives occur. They can also be used to simplify the continuous testing process for agile teams. While no tool will detect every vulnerability, DAST may be less efficient than other testing tools if used alone.

**Late-stage issues —** DAST tools will require code to be compiled for each individual test because they rely on simulated functionality to test responses. This can be a roadblock for agile teams constantly integrating new code into an application. Reports are usually static and result from single tests. For agile teams, those reports can become outdated and lose value very quickly. This is just one more reason DAST tools should be used as a component of an all-encompassing security testing stack rather than a standalone solution.

**Testing capabilities —** Because DAST tools do not access an application&#39;s underlying source code, there are a number of flaws DAST tools will be unable to detect. For example, DAST tools are most effective at simulating reflection, or call-and-response, attacks where they can simulate an input and receive a response. They are not, however, highly effective in discovering smaller vulnerabilities or flaws in areas of the application that are rarely touched by users. These issues, as well as vulnerabilities in the original source code, will need to be addressed by additional security testing technologies.

### Software and Services Related to Dynamic Application Security Testing (DAST) Software

Most security software focuses on the vulnerabilities of networks and devices. Not all, but some, are used specifically for testing. But there are many different ways to tackle the topic, and using a combination of tools and testing methods is always more effective than relying on one tool alone. These are a few security tools used for various testing purposes.

[**Static application security testing (SAST) software**](https://www.g2.com/categories/static-application-security-testing-sast) **—** SAST tools are used to inspect the underlying source code of an application, making them the perfect complement to DAST tools. Using the tools in tandem is often referred to as interactive application security testing (IAST). This can help combine the black-box nature of DAST and the white-box nature of SAST to both find errors in source code as well as errors in functionality and third-party components of an application.

[**Vulnerability scanners**](https://www.g2.com/categories/vulnerability-scanner) **—** Some people use the term vulnerability scanner to describe DAST tools, but in reality DAST is just one component of most vulnerability scanners. DAST tools are application-specific, while vulnerability scanners typically provide a larger set of features for vulnerability management, risk assessment, and continuous testing.

[**Static code analysis software**](https://www.g2.com/categories/static-code-analysis) **—** Static code analysis tools are more similar to SAST than DAST, in that they’re used to evaluate an application’s source code. These tools are less directed towards security but may provide SAST capabilities. They’re typically used to scan code for a number of flaws that include bugs, security vulnerabilities, performance issues, and any other issue that may present itself if source code is not tested and optimized.



