# Best Dynamic Application Security Testing (DAST) Software

*By [Lauren Worth](https://research.g2.com/insights/author/lauren-worth)*


Dynamic application security testing (DAST) tools automate security tests for a variety of real-world threats. These tools typically test HTTP and HTML interfaces of web applications. DAST is a black-box testing method, meaning it is performed from the outside. Companies use these tools to identify vulnerabilities in their applications from an external perspective to better simulate threats most easily accessed by hackers outside their organization. There are similarities between DAST tools and other application security and vulnerability management solutions, but most other technologies perform internal tests and code analysis instead of focusing on black-box testing.

[SAST vs DAST](https://research.g2.com/blog/sast-vs-dast) — Learn the difference

To qualify for inclusion in the Dynamic Application Security Testing (DAST) category, a product must:

- Test applications in their operational state
- Perform external black-box security tests
- Trace penetrations and exploits to their sources





## Top Dynamic Application Security Testing (DAST) Software at a Glance
| # | Product | Rating | Best For | What Users Say |
|---|---------|--------|----------|----------------|
| 1 | [Aikido Security](https://www.g2.com/products/aikido-security/reviews) | 4.6/5.0 (145 reviews) | Low-noise DAST with unified AppSec scanning | "[Effortless Security Testing with Comprehensive Coverage](https://www.g2.com/survey_responses/aikido-security-review-12747129)" |
| 2 | [Astra Pentest](https://www.g2.com/products/astra-pentest/reviews) | 4.6/5.0 (201 reviews) | Validated DAST with human-verified remediation workflows | "[Smooth Onboarding, Responsive Support, and Strong Pentest Lifecycle Controls](https://www.g2.com/survey_responses/astra-pentest-review-13001206)" |
| 3 | [Burp Suite](https://www.g2.com/products/burp-suite/reviews) | 4.8/5.0 (126 reviews) | Proxy-intercept DAST with manual exploit depth | "[Complete Control Over Web Requests with Burp Suite](https://www.g2.com/survey_responses/burp-suite-review-12677559)" |
| 4 | [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews) | 4.5/5.0 (289 reviews) | Credentialed network vulnerability scanning with remediation guidance | "[Self-Contained Nessus Scanning with Full Control in Offline Environments](https://www.g2.com/survey_responses/tenable-nessus-review-12937668)" |
| 5 | [Qodex.ai](https://www.g2.com/products/qodex-ai/reviews) | 4.9/5.0 (60 reviews) | AI-automated API security testing with self-healing | "[Effortless AI Testing Automation That Accelerates Development](https://www.g2.com/survey_responses/qodex-ai-review-12088697)" |
| 6 | [GitLab](https://www.g2.com/products/gitlab/reviews) | 4.5/5.0 (881 reviews) | Pipeline-embedded DAST with unified DevSecOps | "[GitLab’s All-in-One DevOps Platform with CI/CD and Security Scanning](https://www.g2.com/survey_responses/gitlab-review-12864830)" |
| 7 | [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) | 4.6/5.0 (66 reviews) | Proof-based DAST with CI/CD integration | "[Scalable Enterprise Security: Deep Endpoint Coverage via Invicti](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-12742667)" |
| 8 | [Harness Platform](https://www.g2.com/products/harness-platform/reviews) | 4.6/5.0 (300 reviews) | — | "[Best tool for cost optimization and Repository](https://www.g2.com/survey_responses/harness-platform-review-11543262)" |
| 9 | [Intruder](https://www.g2.com/products/intruder/reviews) | 4.8/5.0 (206 reviews) | Continuous external attack surface scanning with auto-remediation | "[Intruder: Insightful Vulnerability Management Platform That Strengthens Security Operation](https://www.g2.com/survey_responses/intruder-review-12395645)" |
| 10 | [Pynt - API Security Testing](https://www.g2.com/products/pynt-api-security-testing/reviews) | 4.8/5.0 (44 reviews) | API-first DAST with CI/CD-native discovery | "[Comprehensive Review of Pynt Tool](https://www.g2.com/survey_responses/pynt-api-security-testing-review-10046930)" |

---
## What Are the Most Common Questions About Dynamic Application Security Testing (DAST) Software?
*AI-generated · Last updated: May 26, 2026*
### Which DAST tool offers the most comprehensive testing coverage?
Based on G2 reviews, Aikido Security stands out in this category because reviewers consistently describe broad coverage across application and related security testing workflows. According to verified users, it combines DAST with capabilities such as SAST, SCA, container scanning, cloud and infrastructure visibility, and vulnerability management in one place. G2 reviewers mention that this wider coverage helps teams reduce tool sprawl, centralize findings, and speed remediation. Reviewers also repeatedly call out straightforward setup, repository integrations, and developer-friendly workflows. While some users note that certain advanced enterprise controls are still maturing, recent feedback most often highlights Aikido Security for comprehensive, all-in-one testing breadth.


### What best DAST solutions for continuous security integration?
Based on G2 reviews, buyers looking for continuous security integration often prioritize products that fit naturally into development pipelines, automate recurring scans, and reduce operational overhead. G2 reviewers mention that Aikido Security is commonly used inside DevSecOps workflows with repository integrations and automatic scanning, while Invicti is frequently praised for CI/CD integrations and proof-based testing in ongoing web application programs. According to verified users, GitLab is also valued when teams want security checks embedded directly into broader development and deployment workflows. Across recent reviews, the common buying themes are automation, clear reporting, faster remediation, and easier adoption by both security and engineering teams.

**Here are some of the top-rated products on G2:**

- [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – used for automated security scanning inside developer and repository workflows with minimal setup
- [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) – chosen for ongoing web app scanning with CI/CD integrations and proof-based validation
- [GitLab](https://www.g2.com/products/gitlab/reviews) – fits teams that want security checks embedded into pipelines, merge requests, and delivery workflows


### What best tools for combining DAST with SAST?
Based on G2 reviews, teams that want DAST and SAST together often favor platforms that reduce tool switching and present findings in one workflow. According to verified users, Aikido Security is repeatedly described as an all-in-one platform that brings together DAST, SAST, SCA, and other security checks, which helps smaller teams and fast-moving engineering groups centralize remediation. G2 reviewers mention that Invicti is also used for combining DAST with SAST and SCA in a more unified process, especially for organizations managing larger portfolios. GitLab reviews similarly point to built-in security scanning within pipelines, making it useful for teams that want code and application testing closer to delivery processes.

**Here are some of the top-rated products on G2:**

- [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – suited for teams wanting DAST, SAST, and related scanning in one developer-friendly platform
- [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) – useful for organizations seeking DAST plus SAST and SCA within a centralized workflow
- [GitLab](https://www.g2.com/products/gitlab/reviews) – helps embed multiple application security checks into CI/CD and merge request processes


### Which DAST software integrates with CI/CD pipelines?
Based on G2 reviews, Invicti is the strongest fit for this question because reviewers frequently highlight its integrations with CI/CD tools and automated testing workflows. According to verified users, it connects with tools such as Jenkins, GitLab, and Jira, and helps teams move security checks earlier into delivery cycles. G2 reviewers mention that its automation, proof-based validation, and reporting make it easier for development and security teams to focus on real issues instead of manually sorting through excessive noise. Recent feedback also notes that setup can require tuning for more complex environments, but the integration story appears consistently in the review data and is a key reason teams adopt it.


### Which is the best DAST tool for web application security?
Based on G2 reviews, Burp Suite is the clearest answer for web application security use cases. According to verified users, it is widely valued for intercepting, modifying, and replaying web requests, which helps security teams uncover issues in application logic, authentication flows, and input handling. G2 reviewers mention Repeater, Proxy, Intruder, and the broader extension ecosystem as major strengths for deep hands-on testing. Recent reviews also describe Burp Suite as especially effective for web, API, and mobile dynamic testing, with strong support for both manual and automated workflows. Some users note pricing and resource usage concerns, but reviewers consistently position it as a leading tool for web application testing depth.


### What top DAST solutions for cloud-native applications?
Based on G2 reviews, cloud-native buyers tend to favor products that can scan applications while also fitting modern DevSecOps and infrastructure-heavy workflows. G2 reviewers mention that Aikido Security is used across repositories, cloud environments, and container-related security checks, which makes it appealing for teams trying to consolidate tooling. According to verified users, Intruder is also used to monitor vulnerabilities across both cloud resources and applications from a single view. GitLab reviews similarly point to integrated pipelines, automation, and built-in security checks that support cloud-native development practices. Across the recent review set, buyers emphasize ease of setup, workflow integration, and the ability to reduce noise while keeping developers moving quickly.

**Here are some of the top-rated products on G2:**

- [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – works well for teams combining application scans with repository, container, and cloud-focused workflows
- [Intruder](https://www.g2.com/products/intruder/reviews) – fits organizations that want vulnerability visibility across cloud infrastructure and applications in one place
- [GitLab](https://www.g2.com/products/gitlab/reviews) – supports cloud-native delivery with integrated pipelines, automation, and embedded security checks


### What best tools for detecting runtime security issues?
Based on G2 reviews, buyers discussing runtime or live-application risk tend to value products that validate findings in running environments and reduce noisy results. According to verified users, Aikido Security is noted for helping teams connect code and external application risk, and one reviewer specifically highlighted its in-app protection capability for mitigating issues in legacy applications. G2 reviewers also describe Veracode Dynamic Analysis as useful for finding runtime vulnerabilities that static tools can miss, while Burp Suite is frequently used to inspect and manipulate live traffic during testing. The strongest common themes in recent feedback are actionable findings, clearer prioritization, and support for testing realistic application behavior.

**Here are some of the top-rated products on G2:**

- [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – useful for teams wanting live application visibility alongside broader application security workflows
- [Veracode Dynamic Analysis](https://www.g2.com/products/veracode-dynamic-analysis/reviews) – highlighted for identifying runtime vulnerabilities that static tools may miss
- [Burp Suite](https://www.g2.com/products/burp-suite/reviews) – strong for analyzing live web traffic and validating exploitable issues during active testing


### What top platforms for automated application vulnerability testing?
Based on G2 reviews, automated application vulnerability testing buyers often look for products that are easy to deploy, fast to scan, and clear in how they present findings. G2 reviewers mention that Intruder is valued for automated scanning, continuous updates, and low operational overhead, while Aikido Security is praised for automatic scans, developer-friendly workflows, and centralized issue management. According to verified users, Invicti also stands out for proof-based scanning and automation that supports earlier detection in development processes. Across the recent review data, the products most often associated with automation success are the ones that balance broad visibility, manageable noise levels, and integrations that help teams remediate quickly.

**Here are some of the top-rated products on G2:**

- [Intruder](https://www.g2.com/products/intruder/reviews) – designed for automated scanning, continuous monitoring, and straightforward remediation tracking
- [Aikido Security](https://www.g2.com/products/aikido-security/reviews) – automates security scanning and helps developers prioritize and resolve issues faster
- [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) – supports automated web application scanning with validated findings and detailed reporting


### What top-rated DAST platforms for enterprise applications?
Based on G2 reviews, enterprise buyers generally look for scalable scanning, centralized reporting, and support for more complex environments. According to verified users, Invicti is often chosen for larger application portfolios because of endpoint discovery, CI/CD integrations, proof-based validation, and reporting suited to both technical and executive audiences. G2 reviewers also point to Burp Suite for deep testing depth in professional security teams and to GitLab when enterprises want security controls embedded into a broader DevSecOps platform. Recent reviews suggest the best enterprise fit depends on whether the priority is scalable automated scanning, practitioner-led testing depth, or consolidating security within software delivery operations.

**Here are some of the top-rated products on G2:**

- [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) – well suited for enterprise portfolios needing scalable scanning and centralized reporting
- [Burp Suite](https://www.g2.com/products/burp-suite/reviews) – fits enterprise security teams that need deep manual and automated web testing capability
- [GitLab](https://www.g2.com/products/gitlab/reviews) – useful for enterprises embedding security and compliance checks into a unified DevSecOps workflow


### Which DAST tool offers AI-driven vulnerability detection?
Based on G2 reviews, Aikido Security is the strongest grounded answer because multiple reviewers reference AI-related capabilities alongside its broader application security workflow. According to verified users, the platform offers AI-generated pull request fixes and GitHub-related AI features that help teams move from detection to remediation faster. G2 reviewers mention that its developer-friendly design, automated scanning, and prioritization reduce noise and help smaller teams stay productive. Reviewers also note some AI limitations, including cases where GitHub AI suggestions were not always accurate, but the recent review data still shows more direct AI-driven workflow mentions for Aikido Security than for most other products in this category.




## How Many Dynamic Application Security Testing (DAST) Software Products Does G2 Track?
**Total Products under this Category:** 94

### Category Stats (Jul 2026)
- **Average Rating**: 4.56/5 The average rating of products in this category, based on all submitted ratings
- **Top Trending Product**: Checkmarx (+1.22%) - Among all products in this category, Checkmarx recorded the largest rating increase compared to last month
*Last updated: July 03, 2026*


## How Does G2 Rank Dynamic Application Security Testing (DAST) Software Products?

**Why You Can Trust G2's Software Rankings:**

- 30 Analysts and Data Experts
- 3,900+ Authentic Reviews
- 94+ Products
- Unbiased Rankings

G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category.


## Which Dynamic Application Security Testing (DAST) Software Is Best for Your Use Case?

- **Leader:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
- **Highest Performer:** [Astra Pentest](https://www.g2.com/products/astra-pentest/reviews)
- **Easiest to Use:** [Qodex.ai](https://www.g2.com/products/qodex-ai/reviews)
- **Top Trending:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
- **Best Free Software:** [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews)


---

**Sponsored**

### Aikido Security

Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido helps teams of any size ship secure software faster, automate protection, and simulate real-world attacks with AI-driven precision. The platform’s proprietary AI cuts noise by 95%, delivers one-click fixes, and saves developers 10+ hours per week. Aikido Intel proactively uncovers vulnerabilities in open source packages before disclosure, helping secure more than 50,000 organizations worldwide, including Revolut, Niantic, Visma, Montblanc, and GoCardless.



[Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&amp;secure%5Bad_slot%5D=category_product_list&amp;secure%5Bcategory_id%5D=1521&amp;secure%5Bchosen_at%5D=2026-07-03T21%3A19%3A05Z&amp;secure%5Bdisplayable_resource_id%5D=1521&amp;secure%5Bdisplayable_resource_type%5D=Category&amp;secure%5Bmedium%5D=sponsored&amp;secure%5Bplacement_reason%5D=page_category&amp;secure%5Bplacement_resource_ids%5D%5B%5D=1521&amp;secure%5Bprioritized%5D=false&amp;secure%5Bproduct_id%5D=1259627&amp;secure%5Bresource_id%5D=1521&amp;secure%5Bresource_type%5D=Category&amp;secure%5Bsource_type%5D=category_page&amp;secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fdynamic-application-security-testing-dast%3Fopen_modal_url%3D%252Fproducts%252Frezilion%252Fwishlists%253Fhost_path%253D%25252Fcategories%25252Fdynamic-application-security-testing-dast%2526source%253Dcategory&amp;secure%5Btoken%5D=799dba7436a0278870c925b39cd504d9a2580869aa01e0f18e5a3d273dc281d0&amp;secure%5Burl%5D=https%3A%2F%2Fwww.aikido.dev%2Fattack%2Fsurface-monitoring-dast%3Futm_source%3Dg2%26utm_campaign%3Dg2-promoted-listing-dast%26utm_medium%3Dcpc&amp;secure%5Burl_type%5D=custom_url)

---

## What Are the Top-Rated Dynamic Application Security Testing (DAST) Software Products in 2026?
### 1. [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido helps teams of any size ship secure software faster, automate protection, and simulate real-world attacks with AI-driven precision. The platform’s proprietary AI cuts noise by 95%, delivers one-click fixes, and saves developers 10+ hours per week. Aikido Intel proactively uncovers vulnerabilities in open source packages before disclosure, helping secure more than 50,000 organizations worldwide, including Revolut, Niantic, Visma, Montblanc, and GoCardless.


**Average Rating:** 4.6/5.0
**Total Reviews:** 145
**How Do G2 Users Rate Aikido Security?**

- **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.3/10 (Category avg: 8.6/10)
- **Detection Rate:** 10.0/10 (Category avg: 8.7/10)
- **Test Automation:** 10.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind Aikido Security?**

- **Seller:** [Aikido Security](https://www.g2.com/sellers/aikido-security)
- **Company Website:** https://aikido.dev
- **Year Founded:** 2022
- **HQ Location:** Ghent, Belgium
- **Twitter:** @AikidoSecurity (11,770 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/aikido-security/ (241 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** CTO, Founder
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 70% Small-Business, 18% Mid-Market


#### What Are Aikido Security's Pros and Cons?

**Pros:**

- Ease of Use (78 reviews)
- Security (55 reviews)
- Features (52 reviews)
- Easy Integrations (47 reviews)
- Easy Setup (47 reviews)

**Cons:**

- Missing Features (19 reviews)
- Expensive (17 reviews)
- Limited Features (16 reviews)
- Pricing Issues (15 reviews)
- Lacking Features (14 reviews)


### What Do G2 Reviewers Say About Aikido Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of Aikido Security, benefiting from its clear insights and seamless integration.
- Users commend Aikido Security for its **intuitive interface** , streamlining the identification and management of security issues effectively.
- Users value Aikido Security for its **user-friendly dashboard and meaningful free tier features** that enhance security workflows.
- Users value the **easy integrations** with GitLab, enhancing day-to-day workflows and security management effortlessly.
- Users laud the **easy setup** of Aikido Security, facilitating seamless integration into existing workflows and enhancing security practices.

**Cons:**

- Users feel a need for **missing features** like code quality checks and advanced integrations for a better experience.
- Users find the **pricing overly high** , especially for startups, despite acknowledging its value.
- Users find Aikido Security&#39;s **limited features** restrict customization and reporting capabilities for complex enterprise needs.
- Users find **pricing issues** with Aikido Security, especially the high entry fees for startups and limited trial duration.
- Users find Aikido Security **lacking features** like local PR annotations and deeper analysis tools crucial for development.

#### What Are Recent G2 Reviews of Aikido Security?

**"[Effortless Security Testing with Comprehensive Coverage](https://www.g2.com/survey_responses/aikido-security-review-12747129)"**

**Rating:** 4.0/5.0 stars
*— Dylan E.*

[Read full review](https://www.g2.com/survey_responses/aikido-security-review-12747129)

---

**"[AI Code Reviews That Catch Vulnerabilities and Logic Bugs Across Multiple Repos](https://www.g2.com/survey_responses/aikido-security-review-13024655)"**

**Rating:** 5.0/5.0 stars
*— Jonathon K.*

[Read full review](https://www.g2.com/survey_responses/aikido-security-review-13024655)

---



### 2. [Astra Pentest](https://www.g2.com/products/astra-pentest/reviews)
Astra Security is a leading continuous penetration testing platform that combines AI-powered autonomous pentesting with certified expert-led assessments. Powered by Attack AI, trained on 6.8M+ security findings and insights from 5,000+ real-world pentests. Astra deploys intelligent agents that continuously discover, validate, prioritize, and help remediate vulnerabilities at scale. While AI handles speed and scale, Astra’s certified security experts focus on what automation alone cannot: complex business logic flaws, multi-step attack chains, advanced exploit paths, and emerging AI/LLM-specific threats. Built for modern engineering teams, Astra integrates directly into CI/CD workflows, enabling continuous security validation between releases instead of relying on outdated annual pentests. The platform delivers comprehensive Autonomous Pentest powered by AI agents, DAST vulnerability scanner and human-driven pentests across web apps, AI/LLMs, mobile apps, APIs, cloud infrastructure. Astra is CREST-accredited, CERT-IN empaneled, and a PCI ASV-certified vendor. Our team also led the development of the OWASP APTS framework, helping shape the industry standard for continuous security testing. Today, 1,500+ organizations across 70+ countries trust Astra Security, including Ford, Loom, CompTIA, Hitachi, HackerRank, and OLX.


**Average Rating:** 4.6/5.0
**Total Reviews:** 201
**How Do G2 Users Rate Astra Pentest?**

- **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.3/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.9/10 (Category avg: 8.7/10)
- **Test Automation:** 8.8/10 (Category avg: 8.7/10)

**Who Is the Company Behind Astra Pentest?**

- **Seller:** [ASTRA IT, Inc.](https://www.g2.com/sellers/astra-it-inc)
- **Company Website:** https://www.getastra.com/
- **Year Founded:** 2018
- **HQ Location:** New Delhi, IN
- **Twitter:** @getastra (694 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/getastra/ (130 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** CTO, CEO
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 65% Small-Business, 29% Mid-Market


#### What Are Astra Pentest's Pros and Cons?

**Pros:**

- Customer Support (63 reviews)
- Vulnerability Detection (51 reviews)
- Ease of Use (50 reviews)
- Pentesting Efficiency (42 reviews)
- Vulnerability Identification (37 reviews)

**Cons:**

- Poor Customer Support (12 reviews)
- Poor Interface Design (10 reviews)
- Slow Performance (8 reviews)
- UX Improvement (7 reviews)
- Lack of Information (6 reviews)


### What Do G2 Reviewers Say About Astra Pentest?
*AI-generated summary from verified user reviews*

**Pros:**

- Users commend the **responsive customer support** of Astra Pentest, highlighting their flexibility and exceptional service throughout the process.
- Users value the **comprehensive vulnerability management features** of Astra Pentest, enhancing security tracking and prioritization.
- Users appreciate the **ease of use** of Astra Pentest, enjoying its straightforward implementation and user-friendly design.
- Users value the **quick and efficient penetration testing** provided by Astra Pentest, ensuring timely and successful outcomes.
- Users value the **thorough vulnerability identification** by Astra Pentest, enhancing security confidence and providing valuable solutions.

**Cons:**

- Users experience **poor customer support** with slow response times and a lack of assistance for vulnerability queries.
- Users criticize the **poor interface design** of Astra Pentest, finding it clunky and non-intuitive for effective use.
- Users experience **slow performance** with Astra Pentest, affecting the speed of testing results and overall efficiency.
- Users note that **UX improvement** is necessary due to confusing UI and occasional false positives during scans.
- Users note a **lack of information** in documentation, causing delays and uncertainty in obtaining crucial audit status updates.

#### What Are Recent G2 Reviews of Astra Pentest?

**"[Smooth Onboarding, Responsive Support, and Strong Pentest Lifecycle Controls](https://www.g2.com/survey_responses/astra-pentest-review-13001206)"**

**Rating:** 5.0/5.0 stars
*— Sivakumar S.*

[Read full review](https://www.g2.com/survey_responses/astra-pentest-review-13001206)

---

**"[Exceptional VAPT Solution with Prompt Support](https://www.g2.com/survey_responses/astra-pentest-review-9603864)"**

**Rating:** 5.0/5.0 stars
*— Nikhil Ajit S.*

[Read full review](https://www.g2.com/survey_responses/astra-pentest-review-9603864)

---


#### What Are G2 Users Discussing About Astra Pentest?

- [What is Astra Pentest used for?](https://www.g2.com/discussions/what-is-astra-pentest-used-for) - 2 comments

### 3. [Burp Suite](https://www.g2.com/products/burp-suite/reviews)
Burp Suite is a complete ecosystem for web application and API security testing, combining two products: Burp Suite DAST - a best-of-breed, precision DAST solution that automates runtime testing, and Burp Suite Professional - the industry-standard toolkit for manual penetration testing. Developed by PortSwigger, more than 85,000 security professionals rely on Burp Suite to find, verify, and understand vulnerabilities across complex modern web applications. Burp Suite DAST is PortSwigger’s enterprise dynamic application security testing (DAST) solution, purpose-built for continuous, automated scanning of web applications and APIs. Unlike many DAST solutions, which are part of a wider AST offering, Burp Suite DAST is not a bolt-on tool - instead it’s precision-built from over 20 years of dynamic testing experience. Burp Suite DAST reveals the runtime issues that static analysis tools miss, such as authentication flaws, configuration drift, and chained vulnerabilities. Built on the same proprietary scanning engine that powers Burp Suite Professional, it delivers precise, low-noise results that security teams trust. Key capabilities of Burp Suite DAST include: Continuous, automated scanning of web applications and APIs, integration with CI/CD pipelines and vulnerability management tools, flexible deployment across cloud, and on-premise environments, shared scanning logic and configurations between automated and manual testing, accurate, low-noise detection informed by PortSwigger Research. Burp Suite Professional complements DAST with deep manual testing capability. It’s the industry-standard toolkit for penetration testers, consultants, and AppSec engineers who need complete insight and flexibility when validating or exploring vulnerabilities. Findings discovered by DAST can be investigated and verified in Burp Suite Professional, ensuring every result is accurate, contextual, and actionable. Together, Burp Suite DAST and Burp Suite Professional create a unified ecosystem that delivers automation at breadth and manual depth where it counts. Burp Suite is built for AppSec teams who need scalable, trustworthy coverage across web and API environments, enabling a seamless handoff between automated and manual testing.


**Average Rating:** 4.8/5.0
**Total Reviews:** 126
**How Do G2 Users Rate Burp Suite?**

- **Has the product been a good partner in doing business?:** 9.7/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.3/10 (Category avg: 8.6/10)
- **Detection Rate:** 7.2/10 (Category avg: 8.7/10)
- **Test Automation:** 7.5/10 (Category avg: 8.7/10)

**Who Is the Company Behind Burp Suite?**

- **Seller:** [PortSwigger](https://www.g2.com/sellers/portswigger)
- **Company Website:** https://www.portswigger.net
- **Year Founded:** 2008
- **HQ Location:** Knutsford, GB
- **Twitter:** @Burp_Suite (138,186 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/portswigger-web-security/ (321 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Cyber Security Analyst
- **Top Industries:** Computer &amp; Network Security, Information Technology and Services
- **Company Size:** 41% Mid-Market, 31% Small-Business


#### What Are Burp Suite's Pros and Cons?

**Pros:**

- Ease of Use (12 reviews)
- User Interface (8 reviews)
- Testing Services (7 reviews)
- Features (5 reviews)
- Clear Interface (4 reviews)

**Cons:**

- Expensive (5 reviews)
- Slow Performance (5 reviews)
- High Learning Curve (2 reviews)
- Learning Curve (2 reviews)
- Limited Customization (2 reviews)


### What Do G2 Reviewers Say About Burp Suite?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of Burp Suite, enabling quick setup and effective security testing for all skill levels.
- Users appreciate the **user-friendly interface** of Burp Suite, making penetration testing easy for both beginners and experts.
- Users value the **deep automation and manual testing capabilities** of Burp Suite, enhancing their penetration testing experience.
- Users appreciate the **user-friendly interface and comprehensive features** of Burp Suite, enhancing both ease of use and effectiveness.
- Users find Burp Suite&#39;s **clear interface** incredibly user-friendly, making traffic interception and analysis effortless for beginners.

**Cons:**

- Users express concerns about the **expensive** pricing of Burp Suite, which can limit access to essential features.
- Users experience **slow performance** with Burp Suite, especially on systems with limited resources and during extensive scans.
- Users struggle with the **steep learning curve** of Burp Suite, making it challenging for beginners to navigate effectively.
- Users struggle with the **steep learning curve** of Burp Suite, making it challenging for beginners to effectively navigate the tool.
- Users find the **limited customization** in Burp Suite restricting, particularly impacting beginners&#39; ability to explore effectively.

#### What Are Recent G2 Reviews of Burp Suite?

**"[Complete Control Over Web Requests with Burp Suite](https://www.g2.com/survey_responses/burp-suite-review-12677559)"**

**Rating:** 5.0/5.0 stars
*— Arish B.*

[Read full review](https://www.g2.com/survey_responses/burp-suite-review-12677559)

---

**"[Burp Suite Pro: A Powerful, All-in-One Platform for Web App Pen Testing](https://www.g2.com/survey_responses/burp-suite-review-12818180)"**

**Rating:** 4.5/5.0 stars
*— Aryan S.*

[Read full review](https://www.g2.com/survey_responses/burp-suite-review-12818180)

---


#### What Are G2 Users Discussing About Burp Suite?

- [What are the benefits and challenges of using BurpSuite for web application security?](https://www.g2.com/discussions/what-are-the-benefits-and-challenges-of-using-burpsuite-for-web-application-security)
- [What is BurpSuite used for?](https://www.g2.com/discussions/burpsuite-what-is-burpsuite-used-for)
- [What types of vulnerabilities can Burp Suite detect?](https://www.g2.com/discussions/what-types-of-vulnerabilities-can-burp-suite-detect)
- [What is Burp Suite Professional?](https://www.g2.com/discussions/what-is-burp-suite-professional) - 1 comment
- [Is BurpSuite free?](https://www.g2.com/discussions/is-burpsuite-free) - 2 comments

### 4. [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews)
Built for security practitioners, by security professionals, Nessus products by Tenable are the de-facto industry standard for vulnerability assessment. Nessus performs point-in-time assessments to help security professionals quickly and easily identify and fix vulnerabilities, including software flaws, missing patches, malware, and misconfigurations - across a variety of operating systems, devices, and applications. With features such as pre-built policies and templates, customizable reporting, group “snooze” functionality, and real-time updates, Nessus is designed to make vulnerability assessment simple, easy, and intuitive. The result: less time and effort to assess, prioritize, and remediate issues.


**Average Rating:** 4.5/5.0
**Total Reviews:** 289
**How Do G2 Users Rate Tenable Nessus?**

- **Has the product been a good partner in doing business?:** 8.7/10 (Category avg: 9.2/10)

**Who Is the Company Behind Tenable Nessus?**

- **Seller:** [Tenable](https://www.g2.com/sellers/tenable)
- **Company Website:** https://www.tenable.com/
- **HQ Location:** Columbia, MD
- **Twitter:** @TenableSecurity (87,752 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/25452/ (2,350 employees on LinkedIn®)
- **Ownership:** NASDAQ: TENB

**Who Uses This Product?**
- **Who Uses This:** Security Engineer, Network Engineer
- **Top Industries:** Information Technology and Services, Computer &amp; Network Security
- **Company Size:** 40% Mid-Market, 34% Enterprise


#### What Are Tenable Nessus's Pros and Cons?

**Pros:**

- Vulnerability Identification (20 reviews)
- Vulnerability Detection (18 reviews)
- Ease of Use (16 reviews)
- Automated Scanning (15 reviews)
- Features (13 reviews)

**Cons:**

- Slow Scanning (7 reviews)
- Expensive (6 reviews)
- Limited Features (6 reviews)
- Complexity (5 reviews)
- False Positives (5 reviews)


### What Do G2 Reviewers Say About Tenable Nessus?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **vulnerability identification** capabilities of Tenable Nessus, ensuring effective management of security risks.
- Users value the **advanced vulnerability detection** capabilities of Tenable Nessus, enhancing security risk management effectively.
- Users appreciate the **ease of use** of Tenable Nessus, enjoying its simple setup and user-friendly interface.
- Users value the **automated scanning capabilities** of Tenable Nessus, enhancing asset security and vulnerability management.
- Users value the **better and complete asset scanning** of Nessus, along with its powerful reporting and automation features.

**Cons:**

- Users find the **slow scanning** process lengthy, potentially requiring 2-3 days and impacting production due to high resource consumption.
- Users find the **cost of running and maintaining Tenable Nessus** to be considerably high, impacting overall value.
- Users note several **limited features** in Nessus, such as constraints on users and lack of mobile app testing.
- Users highlight the **complexity** in licensing and the steep learning curve for advanced features in Tenable Nessus.
- Users report encountering **false positives** with Nessus, resulting in extra workload for security teams.

#### What Are Recent G2 Reviews of Tenable Nessus?

**"[Self-Contained Nessus Scanning with Full Control in Offline Environments](https://www.g2.com/survey_responses/tenable-nessus-review-12937668)"**

**Rating:** 4.0/5.0 stars
*— Verified User in Higher Education*

[Read full review](https://www.g2.com/survey_responses/tenable-nessus-review-12937668)

---

**"[Reliable and Efficient Vulnerability Management Tool](https://www.g2.com/survey_responses/tenable-nessus-review-12989192)"**

**Rating:** 5.0/5.0 stars
*— Mohsin H.*

[Read full review](https://www.g2.com/survey_responses/tenable-nessus-review-12989192)

---


#### What Are G2 Users Discussing About Tenable Nessus?

- [What is Nessus used for?](https://www.g2.com/discussions/what-is-nessus-used-for) - 1 comment
- [What types of vulnerabilities are scanned by Nessus?](https://www.g2.com/discussions/what-types-of-vulnerabilities-are-scanned-by-nessus)
- [Is there a free version of Nessus?](https://www.g2.com/discussions/is-there-a-free-version-of-nessus) - 2 comments
- [What is an advantage of using Nessus?](https://www.g2.com/discussions/what-is-an-advantage-of-using-nessus)
- [What does Nessus scan for?](https://www.g2.com/discussions/what-does-nessus-scan-for) - 1 comment

### 5. [Qodex.ai](https://www.g2.com/products/qodex-ai/reviews)
Qodex is a continuous testing platform that runs your test scenarios against your real app on every pull request and deploy, then shows you exactly what broke with the failing request, response, and screenshot.


**Average Rating:** 4.9/5.0
**Total Reviews:** 60
**How Do G2 Users Rate Qodex.ai?**

- **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.3/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.3/10 (Category avg: 8.7/10)
- **Test Automation:** 10.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind Qodex.ai?**

- **Seller:** [QodexAI](https://www.g2.com/sellers/qodexai)
- **Company Website:** https://www.qodex.ai/
- **Year Founded:** 2023
- **HQ Location:** San Francisco, California
- **LinkedIn® Page:** https://linkedin.com/company/qodexai (13 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 75% Small-Business, 20% Mid-Market


#### What Are Qodex.ai's Pros and Cons?

**Pros:**

- Ease of Use (23 reviews)
- Automation (17 reviews)
- Testing (17 reviews)
- Testing Efficiency (17 reviews)
- Helpful (13 reviews)

**Cons:**

- Slow Loading (6 reviews)
- Poor Documentation (5 reviews)
- Slow Performance (5 reviews)
- Bug Issues (4 reviews)
- Bugs (4 reviews)


### What Do G2 Reviewers Say About Qodex.ai?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** with Qodex.ai, simplifying test case writing for both technical and non-technical teams.
- Users appreciate the **automation capabilities** of Qodex.ai, significantly reducing testing time and ensuring reliability.
- Users value the **ease of writing test cases** in plain English, significantly streamlining their testing processes.
- Users value the **testing efficiency** of Qodex.ai, significantly reducing shipment time and simplifying bug detection.
- Users find Qodex.ai&#39;s **helpful customer support** indispensable, making the integration process smooth and efficient.

**Cons:**

- Users note that the **slow loading** times of the UI and chatbot detract from the overall experience.
- Users find the **poor documentation** of Qodex.ai limits their ability to utilize advanced features effectively.
- Users note that the **slow performance** of Qodex.ai&#39;s UI and chatbot can hinder their experience.
- Users report **bug issues** such as repeated test cases, need for better flagging, and improved accuracy.
- Users experience **issues with repeated test cases** and suggest improvements for bug classification and accuracy.

#### What Are Recent G2 Reviews of Qodex.ai?

**"[Effortless AI Testing Automation That Accelerates Development](https://www.g2.com/survey_responses/qodex-ai-review-12088697)"**

**Rating:** 4.5/5.0 stars
*— Abhilash S.*

[Read full review](https://www.g2.com/survey_responses/qodex-ai-review-12088697)

---

**"[Effortless Automation and Insightful AI Testing with Qodex.ai](https://www.g2.com/survey_responses/qodex-ai-review-12065938)"**

**Rating:** 4.5/5.0 stars
*— Anshuk K.*

[Read full review](https://www.g2.com/survey_responses/qodex-ai-review-12065938)

---



### 6. [GitLab](https://www.g2.com/products/gitlab/reviews)
GitLab is the most comprehensive AI-Powered DevSecOps platform that enables software innovation by empowering development, security, and operations teams to build better software, faster. With GitLab, teams can create, deliver, and manage code quickly and continuously instead of managing disparate tools and scripts. GitLab helps your teams across the complete DevSecOps lifecycle, from developing, securing, and deploying software. What makes us truly different? - Flexibility: Consume as a service or manage your own deployment - Cloud-Agnostic: Deploy anywhere with no vendor lock-in - No rip and replace: Scale to a platform approach at your own pace


**Average Rating:** 4.5/5.0
**Total Reviews:** 881
**How Do G2 Users Rate GitLab?**

- **Has the product been a good partner in doing business?:** 8.8/10 (Category avg: 9.2/10)
- **API / Integrations:** 9.2/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.0/10 (Category avg: 8.7/10)
- **Test Automation:** 9.1/10 (Category avg: 8.7/10)

**Who Is the Company Behind GitLab?**

- **Seller:** [GitLab Inc.](https://www.g2.com/sellers/gitlab-inc)
- **Company Website:** https://about.gitlab.com/
- **Year Founded:** 2014
- **HQ Location:** San Francisco, California
- **Twitter:** @gitlab (171,534 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/5101804/ (3,473 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer, Senior Software Engineer
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 37% Mid-Market, 36% Small-Business


#### What Are GitLab's Pros and Cons?

**Pros:**

- Ease of Use (40 reviews)
- Features (39 reviews)
- CI (33 reviews)
- Integrations (32 reviews)
- CD Integration (31 reviews)

**Cons:**

- Complexity (20 reviews)
- Difficult Learning (18 reviews)
- Confusing Interface (15 reviews)
- Complex User Interface (14 reviews)
- Learning Curve (13 reviews)


### What Do G2 Reviewers Say About GitLab?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of GitLab, enjoying its seamless CI/CD integration and efficient pipeline management.
- Users value the **single platform integration** of GitLab, streamlining workflows by combining essential DevOps tools seamlessly.
- Users praise GitLab for its **powerful and easy CI/CD integration** , enhancing automation from code to deployment.
- Users appreciate the **seamless integrations** of GitLab, enabling efficient workflows without the need for multiple tools.
- Users appreciate the **seamless CI/CD integration** in GitLab, simplifying automation and enhancing the development workflow.

**Cons:**

- Users find the **complexity of GitLab&#39;s structure and management** challenging, particularly for newcomers and in diverse environments.
- Users find the **difficult learning** curve challenging, especially for newcomers unfamiliar with the system&#39;s complexities.
- Users find the **confusing interface** of GitLab overwhelming, making it difficult to locate and utilize features effectively.
- Users find the **complex user interface** challenging to navigate, requiring significant effort to understand its functionalities.
- Users often find the **learning curve steep** , making it challenging for newcomers to adapt to GitLab&#39;s features.

#### What Are Recent G2 Reviews of GitLab?

**"[GitLab’s All-in-One DevOps Platform with CI/CD and Security Scanning](https://www.g2.com/survey_responses/gitlab-review-12864830)"**

**Rating:** 5.0/5.0 stars
*— mani s.*

[Read full review](https://www.g2.com/survey_responses/gitlab-review-12864830)

---

**"[User-Friendly Gitlab with Powerful APIs for Smooth Integrations](https://www.g2.com/survey_responses/gitlab-review-12778582)"**

**Rating:** 4.5/5.0 stars
*— Prasanth N.*

[Read full review](https://www.g2.com/survey_responses/gitlab-review-12778582)

---


#### What Are G2 Users Discussing About GitLab?

- [What is GitLab used for?](https://www.g2.com/discussions/what-is-gitlab-used-for) - 2 comments
- [Why GitLab is better than Jenkins?](https://www.g2.com/discussions/why-gitlab-is-better-than-jenkins) - 1 comment
- [Is GitLab paid?](https://www.g2.com/discussions/is-gitlab-paid) - 5 comments, 2 upvotes
- [Is GitLab free software?](https://www.g2.com/discussions/is-gitlab-free-software) - 4 comments, 1 upvote
- [What can GitLab do?](https://www.g2.com/discussions/what-can-gitlab-do) - 2 comments

### 7. [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews)
Invicti (formerly known as Netsparker) is an enterprise application and API security testing platform that helps organizations secure thousands of web applications and APIs at scale while dramatically reducing the risk of attack. Combining advanced DAST and IAST capabilities in a single platform, Invicti enables security teams to continuously identify, prioritize, and remediate vulnerabilities across complex modern environments with confidence and automation. With Invicti, security teams can: - Automate application security testing workflows and save hundreds of hours every month - Discover and secure all web applications and APIs, including forgotten, unmanaged, and shadow assets - Deliver actionable, developer-friendly feedback that helps teams remediate vulnerabilities faster and build more secure code over time - Reduce false positives with proof-based scanning technology that validates exploitable vulnerabilities - Scale application security programs across large enterprises without slowing development teams - Integrate security seamlessly into existing DevSecOps and CI/CD workflows Built for organizations with the most demanding security requirements, Invicti empowers teams to confidently secure their entire attack surface with accuracy, scalability, and automation.


**Average Rating:** 4.6/5.0
**Total Reviews:** 66
**How Do G2 Users Rate Invicti (formerly Netsparker)?**

- **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.2/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.6/10 (Category avg: 8.7/10)
- **Test Automation:** 8.5/10 (Category avg: 8.7/10)

**Who Is the Company Behind Invicti (formerly Netsparker)?**

- **Seller:** [Invicti Security](https://www.g2.com/sellers/invicti-security-04cb0d3d-fd96-45b2-83dc-2038fc9dac92)
- **Company Website:** https://www.invicti.com/
- **Year Founded:** 2018
- **HQ Location:** Austin, Texas
- **Twitter:** @InvictiSecurity (2,557 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/invicti-security/people/ (335 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 46% Enterprise, 28% Mid-Market


#### What Are Invicti (formerly Netsparker)'s Pros and Cons?

**Pros:**

- Ease of Use (9 reviews)
- Scanning Technology (7 reviews)
- Features (6 reviews)
- Reporting Quality (6 reviews)
- Vulnerability Detection (6 reviews)

**Cons:**

- Poor Customer Support (3 reviews)
- Slow Performance (3 reviews)
- Slow Scanning (3 reviews)
- API Issues (2 reviews)
- Complex Setup (2 reviews)


### What Do G2 Reviewers Say About Invicti (formerly Netsparker)?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **ease of use** of Invicti, enabling quick setup and efficient security testing for all team members.
- Users value the **scanning technology** of Invicti for its user-friendliness and efficient vulnerability detection.
- Users praise Invicti&#39;s **accuracy and integration capabilities** , enhancing security testing and streamlining workflows in development.
- Users value the **well-formatted and comprehensive reports** from Invicti, facilitating smooth ISO certification processes.
- Users value the **effective vulnerability detection** by Invicti, appreciating its user-friendly interface and detailed reporting.

**Cons:**

- Users find **customer support lacking** , often experiencing slow response times and ineffective solutions to their issues.
- Users experience **slow performance** during scans and setup, affecting efficiency while using Invicti.
- Users experience **slow scanning** speeds and find API scanning capabilities lacking, impacting their overall effectiveness.
- Users experience **API issues** that hinder functionality, preventing effective use of Invicti for API scanning tasks.
- Users find the **complex setup** of Invicti challenging, especially with nested menus that hinder easy configuration.

#### What Are Recent G2 Reviews of Invicti (formerly Netsparker)?

**"[Scalable Enterprise Security: Deep Endpoint Coverage via Invicti](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-12742667)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Information Technology and Services*

[Read full review](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-12742667)

---

**"[Effortless Website Testing with Outstanding Support](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-11850923)"**

**Rating:** 4.5/5.0 stars
*— Chris M.*

[Read full review](https://www.g2.com/survey_responses/invicti-formerly-netsparker-review-11850923)

---


#### What Are G2 Users Discussing About Invicti (formerly Netsparker)?

- [What is Invicti (formerly Netsparker) used for?](https://www.g2.com/discussions/what-is-invicti-formerly-netsparker-used-for) - 1 comment
- [What type of vulnerabilities Netsparker can automatically confirm?](https://www.g2.com/discussions/invicti-formerly-netsparker-what-type-of-vulnerabilities-netsparker-can-automatically-confirm)
- [What type of vulnerabilities Netsparker can automatically confirm?](https://www.g2.com/discussions/what-type-of-vulnerabilities-netsparker-can-automatically-confirm)
- [How much does Netsparker cost?](https://www.g2.com/discussions/invicti-formerly-netsparker-how-much-does-netsparker-cost-a1ecffa4-a216-4bcc-affd-40dc140f3e27)
- [How much does Netsparker cost?](https://www.g2.com/discussions/invicti-formerly-netsparker-how-much-does-netsparker-cost)

### 8. [Harness Platform](https://www.g2.com/products/harness-platform/reviews)
Simplify your developer experience with the world&#39;s first AI-augmented software delivery platform. Upgrade your software delivery with Harness&#39; innovative CI/CD, Feature Flags, Infrastructure as Code Management, and Chaos Engineering tools. We are a software delivery platform that helps developers and infrastructure engineers build and ship code for cloud and on-premise projects. We automate the continuous integration and continuous delivery (CI/CD) process to help teams build faster, ship more frequently, and improve quality, efficiency, and governance. We help companies in four key areas: Number one, we accelerate innovation through DevOps modernization. We provide an approach for software delivery that automates processes, reduces manual interventions, consolidates tools, and accelerates time-to-market for new products, features, and fixes. Number two, we improve developer experience. We give you the ability to attract, retain, and onboard high-caliber engineering talent while fostering a culture of continuous innovation and improvement. Number three, we secure software delivery. We give you the ability to integrate security into every phase of the SDLC. And last but not least is, we optimize cloud costs. We give you the ability to eliminate waste and to ensure that appropriate cloud resources are allocated at the right place at the right time.


**Average Rating:** 4.6/5.0
**Total Reviews:** 300
**How Do G2 Users Rate Harness Platform?**

- **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10)

**Who Is the Company Behind Harness Platform?**

- **Seller:** [Harness](https://www.g2.com/sellers/harness-25016f40-e80f-4417-bea8-39412055d17a)
- **Company Website:** https://harness.io/
- **Year Founded:** 2018
- **HQ Location:** San Francisco
- **Twitter:** @HarnessWealth (1,389 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/harnessinc/ (1,701 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Software Engineer, DevOps Engineer
- **Top Industries:** Computer Software, Financial Services
- **Company Size:** 43% Enterprise, 38% Mid-Market


#### What Are Harness Platform's Pros and Cons?

**Pros:**

- Ease of Use (114 reviews)
- Features (73 reviews)
- Feature Flags (49 reviews)
- Easy Setup (40 reviews)
- Easy Integrations (31 reviews)

**Cons:**

- Missing Features (23 reviews)
- Limitations (20 reviews)
- Limited Features (20 reviews)
- Learning Curve (17 reviews)
- Poor UI (16 reviews)


### What Do G2 Reviewers Say About Harness Platform?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of Harness Platform, finding it simple to implement and configure for projects.
- Users value the **ease of use and extensive targeting options** offered by the Harness Platform for projects.
- Users praise the **user-friendly interface** of Harness Platform, simplifying feature flag management for all team members.
- Users highlight the **easy setup** process of Harness Platform, leading to quick implementation and significant cost savings.
- Users appreciate the **easy integrations** with SSO, simplifying access and enhancing the overall user experience.

**Cons:**

- Users note a **lack of multiple filtering options** and features that could enhance flexibility and ease of use.
- Users face **limitations in configuration management** on Harness Platform, leading to workarounds and confusion in processes.
- Users are frustrated by the **limited features** of Harness Platform, impacting flexibility and ease of use.
- Users find that the **steep learning curve** of the Harness Platform can be overwhelming, especially for beginners.
- Users find the **poor UI** of Harness Platform complex and challenging, impacting overall user experience.

#### What Are Recent G2 Reviews of Harness Platform?

**"[Harness - World of automation](https://www.g2.com/survey_responses/harness-platform-review-11792426)"**

**Rating:** 4.5/5.0 stars
*— Sunil A.*

[Read full review](https://www.g2.com/survey_responses/harness-platform-review-11792426)

---

**"[Best tool for cost optimization and Repository](https://www.g2.com/survey_responses/harness-platform-review-11543262)"**

**Rating:** 5.0/5.0 stars
*— Satendra V.*

[Read full review](https://www.g2.com/survey_responses/harness-platform-review-11543262)

---


#### What Are G2 Users Discussing About Harness Platform?

- [What is Harness Continuous Delivery used for?](https://www.g2.com/discussions/what-is-harness-continuous-delivery-used-for) - 1 comment
- [What is Propelo used for?](https://www.g2.com/discussions/what-is-propelo-used-for)
- [What is Harness Cloud Cost Management used for?](https://www.g2.com/discussions/what-is-harness-cloud-cost-management-used-for)
- [What is the difference between harness and Jenkins?](https://www.g2.com/discussions/what-is-the-difference-between-harness-and-jenkins) - 1 comment
- [What is streaming Split IO?](https://www.g2.com/discussions/what-is-streaming-split-io) - 1 comment

### 9. [Intruder](https://www.g2.com/products/intruder/reviews)
Intruder is an exposure management platform for scaling to mid-market businesses. Over 3000 companies - across all industries - use Intruder to find critical exposures, respond faster and prevent breaches. Unifying Attack Surface Management, Vulnerability Management and Cloud security into one powerful, easy to use platform, Intruder simplifies the complex task of securing an ever-expanding attack surface. Recognizing no two business are alike, Intruder provides real-time, accurate scanning combined with intelligent risk prioritization, ensuring businesses focus on the exposures that are most relevant to them. And our proactive approach limits the window of risk, continuously monitoring for new threats while eliminating the noise that slows teams down. Whether you&#39;re an IT Manager, in DevOps or a CISO, Intruder&#39;s easy setup and context-driven approach will free you up to focus on exposures that cause real breaches, not just technical vulnerabilities. Keeping you one step ahead of attackers.


**Average Rating:** 4.8/5.0
**Total Reviews:** 206
**How Do G2 Users Rate Intruder?**

- **Has the product been a good partner in doing business?:** 9.7/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.9/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.5/10 (Category avg: 8.7/10)
- **Test Automation:** 8.8/10 (Category avg: 8.7/10)

**Who Is the Company Behind Intruder?**

- **Seller:** [Intruder](https://www.g2.com/sellers/intruder)
- **Company Website:** https://www.intruder.io
- **Year Founded:** 2015
- **HQ Location:** London
- **Twitter:** @intruder_io (979 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/6443623/ (84 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** CTO, Director
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 57% Small-Business, 36% Mid-Market


#### What Are Intruder's Pros and Cons?

**Pros:**

- Ease of Use (41 reviews)
- Vulnerability Detection (30 reviews)
- Customer Support (25 reviews)
- User Interface (24 reviews)
- Vulnerability Identification (24 reviews)

**Cons:**

- Expensive (9 reviews)
- Slow Scanning (8 reviews)
- Licensing Issues (7 reviews)
- False Positives (6 reviews)
- Limited Features (6 reviews)


### What Do G2 Reviewers Say About Intruder?
*AI-generated summary from verified user reviews*

**Pros:**

- Users find Intruder&#39;s **ease of use** remarkable, enabling quick setup and effective scanning of vulnerabilities.
- Users value the **ease of configuring vulnerability detection** , ensuring timely identification of security issues across cloud resources.
- Users praise Intruder&#39;s **exceptional customer support** , highlighting quick responses and friendly assistance during security management tasks.
- Users commend Intruder&#39;s **intuitive interface** , praising its seamless integration and simplicity in managing complex security tasks.
- Users commend the **effortless vulnerability identification** of Intruder, making cybersecurity management seamless and efficient.

**Cons:**

- Users find the product **expensive** , expressing a desire for more flexible pricing options to improve value.
- Users experience **slow scanning** with Intruder, leading to missed vulnerabilities and challenges in testing integration.
- Users struggle with **licensing issues** , finding the model complex and not intuitive, affecting overall understanding.
- Users experience **false positives** with Intruder, which may lead to confusion over vulnerability prioritization and management.
- Users find the **limited features** of Intruder restrictive, especially around license clarity and advanced reporting options.

#### What Are Recent G2 Reviews of Intruder?

**"[Intruder: Insightful Vulnerability Management Platform That Strengthens Security Operation](https://www.g2.com/survey_responses/intruder-review-12395645)"**

**Rating:** 4.5/5.0 stars
*— HALADU A.*

[Read full review](https://www.g2.com/survey_responses/intruder-review-12395645)

---

**"[Outstanding Experience with No Drawbacks](https://www.g2.com/survey_responses/intruder-review-12097237)"**

**Rating:** 5.0/5.0 stars
*— Nic H.*

[Read full review](https://www.g2.com/survey_responses/intruder-review-12097237)

---


#### What Are G2 Users Discussing About Intruder?

- [Who developed intruder?](https://www.g2.com/discussions/who-developed-intruder)
- [What is an intruder in cyber security?](https://www.g2.com/discussions/what-is-an-intruder-in-cyber-security)
- [Is intruder IO safe?](https://www.g2.com/discussions/is-intruder-io-safe) - 1 comment
- [What is intruder software?](https://www.g2.com/discussions/what-is-intruder-software) - 1 comment

### 10. [Pynt - API Security Testing](https://www.g2.com/products/pynt-api-security-testing/reviews)
Pynt is an innovative API Security Testing platform exposing verified API threats through simulated attacks. Hundreds of companies rely on Pynt to continuously monitor, classify and attack poorly secured APIs, before hackers do.


**Average Rating:** 4.8/5.0
**Total Reviews:** 44
**How Do G2 Users Rate Pynt - API Security Testing?**

- **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.2/10)
- **API / Integrations:** 9.5/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.3/10 (Category avg: 8.7/10)
- **Test Automation:** 9.2/10 (Category avg: 8.7/10)

**Who Is the Company Behind Pynt - API Security Testing?**

- **Seller:** [Pynt](https://www.g2.com/sellers/pynt)
- **Year Founded:** 2022
- **HQ Location:** Tel Aviv, IL
- **Twitter:** @pynt_io (361 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/pynt (16 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Computer &amp; Network Security
- **Company Size:** 57% Small-Business, 23% Enterprise


#### What Are Pynt - API Security Testing's Pros and Cons?

**Pros:**

- Vulnerability Detection (20 reviews)
- Security (19 reviews)
- API Management (17 reviews)
- Easy Integrations (17 reviews)
- Automation (15 reviews)

**Cons:**

- Complex Setup (12 reviews)
- Setup Complexity (7 reviews)
- Limited Features (4 reviews)
- Poor Interface Design (4 reviews)
- UX Improvement (4 reviews)


### What Do G2 Reviewers Say About Pynt - API Security Testing?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **flawless execution of vulnerability detection** in Pynt, enhancing security with minimal effort.
- Users value the **seamless integration** and automated vulnerability detection of Pynt for enhanced API security.
- Users value the **seamless integration** of Pynt in their workflows, ensuring efficient API security management and testing.
- Users find **easy integrations** with tools like Postman and Burp Suite, simplifying their API security testing process.
- Users appreciate the **automation capabilities** of Pynt, enabling seamless API security testing within existing development workflows.

**Cons:**

- Users find the **complex setup** of Pynt challenging initially, requiring time and the right understanding for smooth deployment.
- Users find the **setup complexity** challenging, especially for beginners, requiring improvements for a more user-friendly experience.
- Users find Pynt&#39;s **limited features** challenging, particularly in reporting and onboarding, affecting usability across teams.
- Users find the **poor interface design** hinders usability and suggests improvements for a better experience.
- Users note that the **user interface lacks usability** , indicating a need for significant improvements to enhance their experience.

#### What Are Recent G2 Reviews of Pynt - API Security Testing?

**"[Comprehensive Review of Pynt Tool](https://www.g2.com/survey_responses/pynt-api-security-testing-review-10046930)"**

**Rating:** 5.0/5.0 stars
*— Vijayaraghavan (Vijay) V.*

[Read full review](https://www.g2.com/survey_responses/pynt-api-security-testing-review-10046930)

---

**"[Performance and Usability Review of pynt G2](https://www.g2.com/survey_responses/pynt-api-security-testing-review-11135423)"**

**Rating:** 5.0/5.0 stars
*— Devanggiri G.*

[Read full review](https://www.g2.com/survey_responses/pynt-api-security-testing-review-11135423)

---



### 11. [BugDazz API Scanner](https://www.g2.com/products/bugdazz-api-scanner/reviews)
BugDazz API Security Scanner by SecureLayer7 is a comprehensive tool designed to automatically detect vulnerabilities, misconfigurations, and security gaps in API endpoints, aiding security teams in protecting digital assets against increasing API-related threats and potential exploits. It offers real-time scanning capabilities, enabling the automatic detection of vulnerabilities as they arise. It supports authentication and access control management, allowing for the management of API controls within a single platform. BugDazz assists in achieving compliance by accelerating the generation of reports for standards such as PCI DSS and HIPAA. It integrates seamlessly with existing CI/CD pipelines, facilitating the acceleration of product rollouts. The scanner goes beyond standard OWASP Top 10 vulnerabilities, providing comprehensive protection against critical API security risks.


**Average Rating:** 4.9/5.0
**Total Reviews:** 11
**How Do G2 Users Rate BugDazz API Scanner?**

- **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.2/10)
- **API / Integrations:** 10.0/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.3/10 (Category avg: 8.7/10)
- **Test Automation:** 10.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind BugDazz API Scanner?**

- **Seller:** [SecureLayer7](https://www.g2.com/sellers/securelayer7)
- **Year Founded:** 2012
- **HQ Location:** Pune, Maharshtra
- **Twitter:** @SecureLayer7 (2,522 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/securelayer7/ (127 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 91% Small-Business, 9% Mid-Market


#### What Are BugDazz API Scanner's Pros and Cons?

**Pros:**

- Accuracy of Results (4 reviews)
- CD Integration (4 reviews)
- CI (4 reviews)
- Ease of Use (4 reviews)
- Scanning Technology (4 reviews)

**Cons:**

- Poor Documentation (2 reviews)
- Difficult Learning Curve (1 reviews)
- Lack of Guidance (1 reviews)
- Lack of Information (1 reviews)
- Learning Curve (1 reviews)


### What Do G2 Reviewers Say About BugDazz API Scanner?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **accuracy of results** from BugDazz API Scanner, facilitating clearer, more productive team discussions.
- Users value the **seamless CD integration** of BugDazz, enhancing workflow efficiency and enabling fast, accurate scans.
- Users appreciate the **s seamless integration with CI/CD workflows** , enhancing efficiency and collaboration across security and engineering teams.
- Users commend the **ease of use** of BugDazz API Scanner, facilitating smooth integration into existing workflows and rapid adoption.
- Users value the **effective scanning technology** of BugDazz API Scanner for fast, accurate results in CI/CD workflows.

**Cons:**

- Users find the **poor documentation** a barrier, especially for infrastructure-specific guidance and Jenkins integration clarity.
- Users report a **difficult learning curve** with BugDazz API Scanner, needing time to effectively tune scans for testing.
- Users feel there is a **lack of guidance** in the documentation, particularly for infrastructure-specific scenarios.
- Users feel the **lack of infrastructure-specific guidance** in the BugDazz API Scanner documentation hinders effective use.
- Users note a **learning curve** with BugDazz API Scanner, requiring time to master tuning scans for various scenarios.

#### What Are Recent G2 Reviews of BugDazz API Scanner?

**"[Good tool for security teams](https://www.g2.com/survey_responses/bugdazz-api-scanner-review-12300254)"**

**Rating:** 4.5/5.0 stars
*— Khaja moinuddin F.*

[Read full review](https://www.g2.com/survey_responses/bugdazz-api-scanner-review-12300254)

---

**"[Effective scanner and fits well into our release workflow](https://www.g2.com/survey_responses/bugdazz-api-scanner-review-12381013)"**

**Rating:** 4.5/5.0 stars
*— Kabilesh kumar K.*

[Read full review](https://www.g2.com/survey_responses/bugdazz-api-scanner-review-12381013)

---



### 12. [Cobalt](https://www.g2.com/products/cobalt-io-cobalt/reviews)
Cobalt is the pioneer in pentesting as a service (PTaaS) and a leader in human-led, AI-powered offensive security services. We are focused on combining talent and technology with speed, scalability, and expertise. Thousands of customers and hundreds of partners rely on the Cobalt Offensive Security Platform, along with 500+ trusted security experts, to find and fix vulnerabilities across their environments. By enabling faster pentest launches, real-time collaboration with pentesters, and seamless integration with remediation workflows, we help organizations identify critical issues and accelerate risk mitigation so they can operate fearlessly and innovate securely.


**Average Rating:** 4.5/5.0
**Total Reviews:** 176
**How Do G2 Users Rate Cobalt?**

- **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.6/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.6/10 (Category avg: 8.7/10)
- **Test Automation:** 8.9/10 (Category avg: 8.7/10)

**Who Is the Company Behind Cobalt?**

- **Seller:** [Cobalt](https://www.g2.com/sellers/cobalt-33275b9c-c870-4949-8fd5-a68eb12f96bb)
- **Company Website:** https://cobalt.io/
- **Year Founded:** 2013
- **HQ Location:** San Francisco, California
- **Twitter:** @cobalt_io (8,462 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/cobalt_io/ (557 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** Security Engineer, CTO
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 51% Mid-Market, 23% Small-Business


#### What Are Cobalt's Pros and Cons?

**Pros:**

- Pentesting Efficiency (50 reviews)
- Customer Support (40 reviews)
- Ease of Use (39 reviews)
- Communication (31 reviews)
- Reporting Quality (28 reviews)

**Cons:**

- Expensive (14 reviews)
- Limited Scope (8 reviews)
- Lack of Detail (7 reviews)
- Pricing Issues (6 reviews)
- Inaccuracy (5 reviews)


### What Do G2 Reviewers Say About Cobalt?
*AI-generated summary from verified user reviews*

**Pros:**

- Users praise Cobalt for its **immediate reporting and seamless pentesting efficiency** , ensuring a stress-free experience overall.
- Users value Cobalt&#39;s **exceptional customer support** , which significantly enhances their application security experience and confidence.
- Users appreciate the **ease of use** of Cobalt, enjoying seamless pentesting with immediate reports and excellent support.
- Users value the **constant communication** and transparency provided by Cobalt, enhancing their overall experience and collaboration.
- Users value the **immediate reporting quality** of Cobalt, appreciating its seamless and thorough pentest management.

**Cons:**

- Users find Cobalt to be **expensive** , particularly for smaller organizations with limited budgets and needs.
- Users find the **limited scope** of Cobalt&#39;s testing ineffective, resulting in superficial assessments and overlooked vulnerabilities.
- Users note a **lack of detail** in instructions, leading to confusion and requiring more guidance from the Cobalt team.
- Users find Cobalt&#39;s **pricing issues** confusing, suggesting a need for review and clearer integration costs.
- Users experience **inaccuracy** in Cobalt audits, with inconsistent scoping and variable quality in testing reports.

#### What Are Recent G2 Reviews of Cobalt?

**"[Flexible Scheduling and Clear, Consistent Pen Test Communication](https://www.g2.com/survey_responses/cobalt-review-12678239)"**

**Rating:** 4.0/5.0 stars
*— Chris A.*

[Read full review](https://www.g2.com/survey_responses/cobalt-review-12678239)

---

**"[Collaborative, Real-World Pentesting with Actionable Findings](https://www.g2.com/survey_responses/cobalt-review-12683090)"**

**Rating:** 5.0/5.0 stars
*— Arpit G.*

[Read full review](https://www.g2.com/survey_responses/cobalt-review-12683090)

---


#### What Are G2 Users Discussing About Cobalt?

- [How do you use Cobalt?](https://www.g2.com/discussions/how-do-you-use-cobalt)
- [What is cobalt database?](https://www.g2.com/discussions/what-is-cobalt-database)
- [What is a cobalt developer?](https://www.g2.com/discussions/what-is-a-cobalt-developer)
- [Is cobalt an operating system?](https://www.g2.com/discussions/is-cobalt-an-operating-system)

### 13. [Acunetix by Invicti](https://www.g2.com/products/acunetix-by-invicti/reviews)
Acunetix (by Invicti) is an automated application security testing tool that enables small security teams to tackle huge application security challenges. With fast scanning, comprehensive results, and intelligent automation, Acunetix helps organizations to reduce risk across all types of web applications, websites, and APIs. With Acunetix, security teams can: - Save time and resources by automating manual security processes - Work more seamlessly with developers, or embrace DevSecOps by integrating directly into development tools - Feel confident that every web application has been crawled entirely thanks to DAST + IAST scanning and intelligent crawling technology - Finally, make web application and API security a priority and not just an add-on with a solution that is dedicated to application and API security 100% of the time You can depend on Acunetix to meet your organization’s needs today and face the challenges of modern web technology together tomorrow.


**Average Rating:** 4.1/5.0
**Total Reviews:** 100
**How Do G2 Users Rate Acunetix by Invicti?**

- **Has the product been a good partner in doing business?:** 8.2/10 (Category avg: 9.2/10)
- **API / Integrations:** 7.9/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.7/10 (Category avg: 8.7/10)
- **Test Automation:** 8.1/10 (Category avg: 8.7/10)

**Who Is the Company Behind Acunetix by Invicti?**

- **Seller:** [Invicti Security](https://www.g2.com/sellers/invicti-security-04cb0d3d-fd96-45b2-83dc-2038fc9dac92)
- **Company Website:** https://www.invicti.com/
- **Year Founded:** 2018
- **HQ Location:** Austin, Texas
- **Twitter:** @InvictiSecurity (2,557 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/invicti-security/people/ (335 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 40% Enterprise, 34% Mid-Market


#### What Are Acunetix by Invicti's Pros and Cons?

**Pros:**

- Vulnerability Detection (7 reviews)
- Ease of Use (6 reviews)
- Security (5 reviews)
- Vulnerability Identification (5 reviews)
- Accuracy of Results (4 reviews)

**Cons:**

- Expensive (4 reviews)
- Complexity (3 reviews)
- Complex Setup (3 reviews)
- Slow Scanning (3 reviews)
- Difficult Customization (2 reviews)


### What Do G2 Reviewers Say About Acunetix by Invicti?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **accurate and fast vulnerability detection** of Acunetix, enabling efficient security management with minimal false positives.
- Users praise the **ease of use** in Acunetix, appreciating its quick setup and integration into workflows.
- Users highlight the **effective vulnerability detection** of Acunetix, enhancing overall web application security and efficiency.
- Users value the **effective vulnerability identification** of Acunetix, enhancing security and simplifying remediation processes.
- Users commend Acunetix for its **impressive accuracy in vulnerability detection** , greatly enhancing web application security.

**Cons:**

- Users find the **pricing structure expensive** , making it less accessible for smaller teams or projects.
- Users find the **complexity** of setup and scans in Acunetix can be overwhelming and resource-intensive, impacting workflow.
- Users find the **complex setup** of Acunetix challenging, especially for beginners and during deep scans of large applications.
- Users experience **slow scanning** with Acunetix, particularly with large applications, affecting overall efficiency and workflow.
- Users find **difficult customization** in Acunetix, requiring technical know-how and patience for effective integration and setup.

#### What Are Recent G2 Reviews of Acunetix by Invicti?

**"[Effortless Vulnerability Detection That Fits Seamlessly into DevSecOps](https://www.g2.com/survey_responses/acunetix-by-invicti-review-11909125)"**

**Rating:** 5.0/5.0 stars
*— Ranit D.*

[Read full review](https://www.g2.com/survey_responses/acunetix-by-invicti-review-11909125)

---

**"[Powerful Security Scanning Made Easy with Acunetix](https://www.g2.com/survey_responses/acunetix-by-invicti-review-11964967)"**

**Rating:** 5.0/5.0 stars
*— Deepesh V.*

[Read full review](https://www.g2.com/survey_responses/acunetix-by-invicti-review-11964967)

---


#### What Are G2 Users Discussing About Acunetix by Invicti?

- [How has Acunetix supported your web security efforts, and what features do you rely on most?](https://www.g2.com/discussions/how-has-acunetix-supported-your-web-security-efforts-and-what-features-do-you-rely-on-most)
- [What is Acunetix by Invicti used for?](https://www.g2.com/discussions/what-is-acunetix-by-invicti-used-for)

### 14. [Edgescan](https://www.g2.com/products/edgescan/reviews)
What Is Edgescan? Edgescan is a cybersecurity company that helps organizations proactively identify, validate, and prioritize vulnerabilities across their applications, API’s and digital landscape. The company specializes in continuous vulnerability assessment, automated penetration testing, Attack Surface Management and Penetration Testing as a Service (PTaaS). Edgescan combines advanced automation with certified security experts, including professionals holding credentials such as CREST and OSCP, to deliver highly accurate and actionable security testing. This hybrid approach allows organizations to move beyond traditional point-in-time penetration tests and operate a continuous proactive cybersecurity program. The Edgescan platform is designed primarily for web application and API security, enabling organizations to continuously assess their attack surface and identify vulnerabilities throughout the development lifecycle but also delivers “full stack” coverage to detect host layer CVE’s. With a client retention rate of over 90%, Edgescan has built long-term partnerships by delivering measurable improvements in security efficiency, risk visibility, and vulnerability management. Key Features and Capabilities of Edgescan Automated Penetration Testing Edgescan uses intelligent automation to continuously assess applications, APIs, hosts, and cloud environments for vulnerabilities. This enables frequent, scalable security testing across modern and distributed architectures. Human‑Validated Testing Findings are reviewed and manually validated by certified security experts to eliminate false positives and provide deeper insight into real‑world exploitability. Each result is accurate, contextual, and actionable. Penetration Testing as a Service (PTaaS) Edgescan’s PTaaS model extends beyond automated testing by allowing expert testers to focus on vulnerabilities that require human analysis, including: • Business logic flaws • Authentication and authorization weaknesses • Context-dependent exposures • Complex attack chains and privilege escalation paths Cyber Analytics and AI‑Assisted Validation AI-driven analysis enhances detection, verifies exploitability, and increases accuracy. This reduces noise and gives security teams a clearer picture of genuine threats. Integrated Threat Intelligence Edgescan correlates vulnerabilities with real-world threat intelligence, including known exploits and ransomware activity to help organizations prioritize the most dangerous exposures first. Risk‑Based Prioritization Findings are prioritized based on exploitability, severity, threat context, and business impact, ensuring teams focus on the issues that matter most. Primary Value: What Edgescan Solves for Clients Edgescan enables organizations to shift from reactive vulnerability management to a continuous, proactive security model. Traditional scanners and periodic penetration tests frequently produce large volumes of unvalidated findings. This creates noise and forces security teams to spend hours determining which issues are real and critical. Edgescan solves this by combining: Automation for continuous testing Human expertise for validation and complex analysis Cyber analytics and AI for accuracy and prioritization Key Benefits Significant efficiency gains: reducing thousands of hours spent on manual validation. Higher accuracy, thanks to expert‑validated findings and reduced false positives. Clear prioritization, using threat intelligence and ransomware insights to highlight the highest‑risk exposures. Continuous security improvement, enabling rapid detection, faster remediation, and scalable vulnerability management. By unifying automation, human expertise, AI, and threat intelligence, Edgescan empowers organizations to maintain a continuous cybersecurity program that strengthens overall security posture while dramatically reducing operational burden.


**Average Rating:** 4.7/5.0
**Total Reviews:** 51
**How Do G2 Users Rate Edgescan?**

- **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.0/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.2/10 (Category avg: 8.7/10)
- **Test Automation:** 9.3/10 (Category avg: 8.7/10)

**Who Is the Company Behind Edgescan?**

- **Seller:** [Edgescan](https://www.g2.com/sellers/edgescan)
- **Company Website:** https://www.edgescan.com
- **Year Founded:** 2017
- **HQ Location:** Dublin, Dublin
- **Twitter:** @edgescan (2,256 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/2928425/ (88 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 32% Mid-Market, 32% Enterprise


#### What Are Edgescan's Pros and Cons?

**Pros:**

- Ease of Use (25 reviews)
- Vulnerability Detection (24 reviews)
- Customer Support (19 reviews)
- Vulnerability Identification (19 reviews)
- Features (18 reviews)

**Cons:**

- Complex UI (5 reviews)
- Limited Customization (5 reviews)
- Poor Interface Design (5 reviews)
- Slow Performance (5 reviews)
- UX Improvement (5 reviews)


### What Do G2 Reviewers Say About Edgescan?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** with Edgescan, benefiting from seamless setup, integration, and effective reporting dashboards.
- Users praise Edgescan for its **validated, near false positive free vulnerability scanning** , enhancing security with effective scanning solutions.
- Users appreciate Edgescan&#39;s **responsive customer support** , ensuring smooth transitions and quick answers throughout the experience.
- Users value the **validated vulnerability scanning** by Edgescan for its accuracy and ease of integration.
- Users appreciate the **continuous improvement and user-friendly features** of Edgescan, enhancing their overall experience.

**Cons:**

- Users find the **UI complex and non-intuitive** , making navigation and access to settings challenging at times.
- Users find the **limited customization** of Edgescan frustrating, especially with infrequent host configuration updates.
- Users find the **poor interface design** of Edgescan frustrating, impacting usability and ease of access to information.
- Users often experience **slow performance** with scan results taking longer than expected, impacting overall efficiency.
- Users find the **UI to be outdated and user-unfriendly** , complicating data access and support requests within Edgescan.

#### What Are Recent G2 Reviews of Edgescan?

**"[Edgescan: Easy Setup, Clear Insights, and Expert Security Support](https://www.g2.com/survey_responses/edgescan-review-12224347)"**

**Rating:** 5.0/5.0 stars
*— Matt W.*

[Read full review](https://www.g2.com/survey_responses/edgescan-review-12224347)

---

**"[Edgescan Is Amazing!](https://www.g2.com/survey_responses/edgescan-review-11014532)"**

**Rating:** 5.0/5.0 stars
*— Greg S.*

[Read full review](https://www.g2.com/survey_responses/edgescan-review-11014532)

---


#### What Are G2 Users Discussing About Edgescan?

- [What is edgescan used for?](https://www.g2.com/discussions/what-is-edgescan-used-for) - 1 comment

### 15. [Jit](https://www.g2.com/products/jit/reviews)
Jit is redefining application security by introducing the first Agentic AppSec Platform, seamlessly blending human expertise with AI-driven automation. Designed for modern development teams, Jit empowers organizations to proactively manage security risks across the entire software development lifecycle.​ AI-Powered Agents Jit&#39;s AI Agents, such as SERA (Security Evaluation and Remediation Agent) and COTA (Communication, Ops, and Ticketing Agent), collaborate with your teams to automate vulnerability triage, risk assessment, and remediation processes, significantly reducing manual workloads. ​ Comprehensive Security Scanning Achieve full-stack security coverage with integrated scanners for SAST, DAST, SCA, IaC, CSPM, and more. Jit&#39;s platform ensures continuous monitoring and immediate feedback on code changes, facilitating rapid identification and resolution of security issues. ​ Developer-Centric Experience With integrations into popular IDEs and CI/CD pipelines, Jit provides developers with contextual security insights directly within their workflows, promoting a shift-left approach without disrupting productivity. ​ Agentic AI for AppSec Teams Risk-Based Prioritization Utilizing the Model Context Protocol (MCP), Jit evaluates vulnerabilities in the context of runtime environments, business impact, and compliance requirements, enabling teams to focus on the most critical risks. ​ Seamless Integrations Jit integrates with a wide array of tools, including GitHub, GitLab, AWS, Azure, GCP, Jira, Slack, and more, ensuring that security processes are embedded within your existing technology stack. ​


**Average Rating:** 4.5/5.0
**Total Reviews:** 43
**How Do G2 Users Rate Jit?**

- **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.7/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.0/10 (Category avg: 8.7/10)
- **Test Automation:** 8.5/10 (Category avg: 8.7/10)

**Who Is the Company Behind Jit?**

- **Seller:** [jit](https://www.g2.com/sellers/jit)
- **Year Founded:** 2021
- **HQ Location:** Boston, MA
- **Twitter:** @jit_io (522 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/jit/ (150 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Financial Services
- **Company Size:** 44% Mid-Market, 42% Small-Business


#### What Are Jit's Pros and Cons?

**Pros:**

- Security (10 reviews)
- Ease of Use (7 reviews)
- Easy Integrations (7 reviews)
- Efficiency (7 reviews)
- Automation (6 reviews)

**Cons:**

- Integration Issues (4 reviews)
- Limited Features (4 reviews)
- Limited Integration (4 reviews)
- Poor Documentation (4 reviews)
- Complexity (3 reviews)


### What Do G2 Reviewers Say About Jit?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **seamless integration of security** in Jit, enhancing efficiency and consistency in their workflows.
- Users praise the **ease of use** of Jit, noting its lightweight setup and seamless integration into development workflows.
- Users value the **easy integrations** of Jit, streamlining security within existing workflows effortlessly.
- Users value the **efficiency** of Jit, which reduces waste and streamlines processes for better productivity.
- Users value the **automation of security controls** , streamlining workflows and enhancing consistency without overwhelming teams.

**Cons:**

- Users face **integration issues** with Jit, as coverage for all enterprise environments and tools is limited.
- Users note the **limited features** in Jit, wishing for more customization and in-depth analytics options.
- Users note **limited integration** options with Jit, wishing for broader support across various enterprise environments.
- Users find the **documentation lacking** , especially for advanced configurations, complicating the setup process and understanding.
- Users find the **configuration complexity** daunting, particularly for newcomers and when integrating with other services.

#### What Are Recent G2 Reviews of Jit?

**"[Exploring jit a personal review](https://www.g2.com/survey_responses/jit-review-11751139)"**

**Rating:** 4.0/5.0 stars
*— Mohamed A.*

[Read full review](https://www.g2.com/survey_responses/jit-review-11751139)

---

**"[Helpful Tool for Integrating Security in Mobile App Development](https://www.g2.com/survey_responses/jit-review-11750234)"**

**Rating:** 4.0/5.0 stars
*— Ali A.*

[Read full review](https://www.g2.com/survey_responses/jit-review-11750234)

---



### 16. [Akto API Security Platform](https://www.g2.com/products/akto-api-security-platform/reviews)
Akto is a trusted platform for application security and product security teams to build an enterprise-grade API security program throughout their DevSecOps pipeline. Our industry-leading suite of — API discovery, API security posture management, sensitive data exposure, and API security testing solutions enables organizations to gain visibility in their API security posture. 1,000+ Application Security teams globally trust Akto for their API security needs. Akto use cases: 1. API Discovery 2. API Security Testing in CI/CD 3. API Security Posture Management 4. Authentication and Authorization Testing 5. Sensitive data Exposure 6. Shift left in DevSecOps


**Average Rating:** 4.5/5.0
**Total Reviews:** 54
**How Do G2 Users Rate Akto API Security Platform?**

- **Has the product been a good partner in doing business?:** 9.1/10 (Category avg: 9.2/10)
- **API / Integrations:** 9.0/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.1/10 (Category avg: 8.7/10)
- **Test Automation:** 8.8/10 (Category avg: 8.7/10)

**Who Is the Company Behind Akto API Security Platform?**

- **Seller:** [Akto.io](https://www.g2.com/sellers/akto-io)
- **Company Website:** https://www.akto.io
- **Year Founded:** 2022
- **HQ Location:** San Francisco, California
- **Twitter:** @Aktodotio (1,357 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/akto-io/ (29 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Financial Services, Information Technology and Services
- **Company Size:** 44% Mid-Market, 40% Small-Business


#### What Are Akto API Security Platform's Pros and Cons?

**Pros:**

- Security (11 reviews)
- Cybersecurity (8 reviews)
- Ease of Use (8 reviews)
- API Management (7 reviews)
- Automation Testing (7 reviews)

**Cons:**

- Complex Setup (7 reviews)
- Setup Complexity (6 reviews)
- API Management (4 reviews)
- Complexity (4 reviews)
- Difficult Configuration (4 reviews)


### What Do G2 Reviewers Say About Akto API Security Platform?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **automated security testing** of Akto API Security Platform, enhancing their API security processes significantly.
- Users praise Akto for its **autonomous AI agents** that enhance API security and integrate seamlessly into workflows.
- Users value the **ease of use** of Akto API Security Platform, appreciating its intuitive dashboard and seamless integrations.
- Users value the **easy integration and efficiency** of Akto for seamless API security testing within CI/CD pipelines.
- Users appreciate the **ease of automation testing** with Akto, which integrates seamlessly into CI/CD pipelines for efficient security.

**Cons:**

- Users find the **complex initial setup** and lack of detailed documentation challenging, impacting their onboarding experience.
- Users find the **setup complexity** of Akto API Security Platform challenging, especially for teams new to the tool.
- Users find the **learning curve steep** , especially for new users unfamiliar with API security concepts and configurations.
- Users find the **complexity** of Akto overwhelming, especially for newcomers needing to grasp API security concepts.
- Users find the **difficult configuration** of Akto challenging, requiring time to grasp API security concepts and effective checks.

#### What Are Recent G2 Reviews of Akto API Security Platform?

**"[Easy to Implement, Clear API Security Visibility, and Responsive Support](https://www.g2.com/survey_responses/akto-api-security-platform-review-12272742)"**

**Rating:** 4.5/5.0 stars
*— Verified User in Information Technology and Services*

[Read full review](https://www.g2.com/survey_responses/akto-api-security-platform-review-12272742)

---

**"[Easy to Use API Security Tool That Helps Save Time](https://www.g2.com/survey_responses/akto-api-security-platform-review-11240428)"**

**Rating:** 4.5/5.0 stars
*— ashish d.*

[Read full review](https://www.g2.com/survey_responses/akto-api-security-platform-review-11240428)

---



### 17. [Bright Security](https://www.g2.com/products/bright-security/reviews)
Bright Security’s dev-centric DAST platform empowers both developers and AppSec professionals with enterprise-grade security testing capabilities for web applications, APIs, and GenAI and LLM applications. Bright knows how to deliver the right tests, at the right time in the SDLC, in developers and AppSec tools and stacks of choice with minimal false positives and alert fatigue.


**Average Rating:** 4.7/5.0
**Total Reviews:** 29
**How Do G2 Users Rate Bright Security?**

- **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.3/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.2/10 (Category avg: 8.7/10)
- **Test Automation:** 8.9/10 (Category avg: 8.7/10)

**Who Is the Company Behind Bright Security?**

- **Seller:** [Bright Security ](https://www.g2.com/sellers/bright-security)
- **Year Founded:** 2018
- **HQ Location:** San Rafael
- **Twitter:** @BrightAppSec (1,511 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/brightappsec (111 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer &amp; Network Security, Information Technology and Services
- **Company Size:** 52% Enterprise, 34% Mid-Market


#### What Are Bright Security's Pros and Cons?

**Pros:**

- Accuracy of Results (4 reviews)
- Automated Scanning (4 reviews)
- Ease of Use (4 reviews)
- Detection (3 reviews)
- Easy Integrations (3 reviews)

**Cons:**

- Learning Curve (3 reviews)
- Complex Setup (2 reviews)
- Setup Complexity (2 reviews)
- Complexity (1 reviews)
- Confusing Interface (1 reviews)


### What Do G2 Reviewers Say About Bright Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **accuracy of results** from Bright Security, focusing on real issues with minimal noise during development.
- Users value the **automated scanning** of Bright Security, enhancing security seamlessly within their development processes.
- Users value the **ease of use** of Bright Security, appreciating its intuitive design and seamless integration into workflows.
- Users love the **seamless integration** of Bright Security into workflows, enhancing efficiency without compromising security during development.
- Users value the **easy integrations** of Bright Security, enhancing their CI/CD workflows without compromising deployment speed.

**Cons:**

- Users find the **learning curve challenging** , especially with initial setup and navigating the dense UI of Bright Security.
- Users find the **initial setup complex** , especially with the learning curve for configuring scan profiles and features.
- Users find the **initial setup complex** , causing delays due to a learning curve with configuration and customization.
- Users find the **complexity of initial setup** challenging, especially when navigating advanced features and scan configurations.
- Users find the **confusing interface** of Bright Security overwhelming, making it difficult to locate important settings easily.

#### What Are Recent G2 Reviews of Bright Security?

**"[Modern, Insightful, and Seamlessly Fits Our Workflow](https://www.g2.com/survey_responses/bright-security-review-12164035)"**

**Rating:** 4.5/5.0 stars
*— Gauri K.*

[Read full review](https://www.g2.com/survey_responses/bright-security-review-12164035)

---

**"[Reliable and Developer-Friendly Security Solution](https://www.g2.com/survey_responses/bright-security-review-12157897)"**

**Rating:** 4.5/5.0 stars
*— John S.*

[Read full review](https://www.g2.com/survey_responses/bright-security-review-12157897)

---



### 18. [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews)
Veracode helps companies that innovate through software deliver secure code on time. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline,empower developers to fix security defects, and scales your program through best practices to achieve your desired outcomes. Veracode covers your all your AppSec needs in one solution through a combination of five analysis types available for 24 programming languages, 77 frameworks, and application types as varied as microservices, mainframe and mobile apps.


**Average Rating:** 3.8/5.0
**Total Reviews:** 25
**How Do G2 Users Rate Veracode Application Security Platform?**

- **Has the product been a good partner in doing business?:** 7.9/10 (Category avg: 9.2/10)
- **API / Integrations:** 7.9/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.0/10 (Category avg: 8.7/10)
- **Test Automation:** 9.0/10 (Category avg: 8.7/10)

**Who Is the Company Behind Veracode Application Security Platform?**

- **Seller:** [VERACODE](https://www.g2.com/sellers/veracode)
- **Year Founded:** 2006
- **HQ Location:** Burlington, MA
- **Twitter:** @Veracode (21,950 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/27845/ (505 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services
- **Company Size:** 69% Enterprise, 31% Mid-Market


#### What Are Veracode Application Security Platform's Pros and Cons?

**Pros:**

- Accuracy of Findings (2 reviews)
- Detailed Information (2 reviews)
- Scanning Efficiency (2 reviews)
- Security (2 reviews)
- Vulnerability Detection (2 reviews)

**Cons:**

- Lack of Information (2 reviews)
- Poor Customer Support (2 reviews)
- Complexity (1 reviews)
- Confusing Interface (1 reviews)
- Cost Issues (1 reviews)


### What Do G2 Reviewers Say About Veracode Application Security Platform?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **accuracy of findings** from Veracode, providing clear reports with corrections and suggestions for improvement.
- Users value the **single entry point for application security** , enabling detailed insights and effective security scanning.
- Users value the **scanning efficiency** of Veracode, enabling precise reports and seamless integration into CI/CD pipelines.
- Users value the **robust security features** of Veracode, effectively addressing vulnerabilities and ensuring high security standards.
- Users value the **effective vulnerability detection** in Veracode, enhancing security with comprehensive code analysis and integration capabilities.

**Cons:**

- Users experience **a lack of information** due to mismatches in documentation, pressure from sales, and unclear upload statuses.
- Users express frustration over **poor customer support** , citing issues with communication and service reliability.
- Users find the **overly complex license model** challenging, contributing to frustration and misalignment with expectations.
- Users find the **confusing interface** of Veracode to be challenging, especially during unsuccessful uploads without immediate notifications.
- Users are concerned about the **cost issues** related to complex licensing and justifying customer success investments.

#### What Are Recent G2 Reviews of Veracode Application Security Platform?

**"[Streamlined Security, Effortless Integration](https://www.g2.com/survey_responses/veracode-application-security-platform-review-11757799)"**

**Rating:** 5.0/5.0 stars
*— Bhanu Prakash M.*

[Read full review](https://www.g2.com/survey_responses/veracode-application-security-platform-review-11757799)

---

**"[Clear, Unified View of Application Capabilities](https://www.g2.com/survey_responses/veracode-application-security-platform-review-12910910)"**

**Rating:** 4.5/5.0 stars
*— Christopher S.*

[Read full review](https://www.g2.com/survey_responses/veracode-application-security-platform-review-12910910)

---


#### What Are G2 Users Discussing About Veracode Application Security Platform?

- [What is difference between veracode and SonarQube?](https://www.g2.com/discussions/what-is-difference-between-veracode-and-sonarqube)
- [What is veracode software composition analysis?](https://www.g2.com/discussions/what-is-veracode-software-composition-analysis)
- [What is veracode used for?](https://www.g2.com/discussions/what-is-veracode-used-for)
- [What is the veracode application security platform?](https://www.g2.com/discussions/what-is-the-veracode-application-security-platform)

### 19. [Veracode Dynamic Analysis](https://www.g2.com/products/veracode-dynamic-analysis/reviews)
Veracode Dynamic Analysis helps companies scan their web applications for exploitable vulnerabilities at scale. With an ability to test thousands of applications simultaneously and a less than 1% false positive rate coupled with comprehensive remediation guidance, customers are able to rapidly reduce their risk of a breach across their web applications.The solution integrates with Veracode Discovery, which maps your web attack surface, to scan inventoried sites


**Average Rating:** 4.3/5.0
**Total Reviews:** 14
**How Do G2 Users Rate Veracode Dynamic Analysis?**

- **Has the product been a good partner in doing business?:** 7.3/10 (Category avg: 9.2/10)
- **API / Integrations:** 9.4/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.2/10 (Category avg: 8.7/10)
- **Test Automation:** 9.4/10 (Category avg: 8.7/10)

**Who Is the Company Behind Veracode Dynamic Analysis?**

- **Seller:** [VERACODE](https://www.g2.com/sellers/veracode)
- **Year Founded:** 2006
- **HQ Location:** Burlington, MA
- **Twitter:** @Veracode (21,950 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/27845/ (505 employees on LinkedIn®)

**Who Uses This Product?**
- **Company Size:** 75% Enterprise, 19% Mid-Market



#### What Are Recent G2 Reviews of Veracode Dynamic Analysis?

**"[Dynamic Analysis Security Testing (DAST)](https://www.g2.com/survey_responses/veracode-dynamic-analysis-review-5100493)"**

**Rating:** 4.0/5.0 stars
*— Syed Ubaid A.*

[Read full review](https://www.g2.com/survey_responses/veracode-dynamic-analysis-review-5100493)

---

**"[Very Low False Positives and Actionable Results](https://www.g2.com/survey_responses/veracode-dynamic-analysis-review-12516427)"**

**Rating:** 4.5/5.0 stars
*— Tarun K.*

[Read full review](https://www.g2.com/survey_responses/veracode-dynamic-analysis-review-12516427)

---



### 20. [HCL AppScan](https://www.g2.com/products/hcl-appscan/reviews)
HCL AppScan is a comprehensive suite of market-leading application security testing solutions (SAST, DAST, IAST, SCA, API), available on-premises and on-cloud. These powerful DevSecOps tools pinpoint application vulnerabilities, allowing for quick remediation in every phase of the software development lifecycle. Fast and Accurate Scanning for Secure DevOps Developers and DevOps teams can quickly and accurately scan code, applications, and APIs for security vulnerabilities while applications are being developed. This allows companies to fix issues at the earliest stages of the software development lifecycle, when it is least costly to the business. Focus on the Fix Continuous monitoring with IAST, along with auto issue correlation with DAST and SAST scan results allows DevOps teams to group and prioritize findings for faster, more streamlined remediation. Enterprise Management for Security Teams Centralized, easy-to-use dashboards provide visibility and oversight of all security scanning and remediation, and allow users to set scan parameters and compliance policies.


**Average Rating:** 4.1/5.0
**Total Reviews:** 74
**How Do G2 Users Rate HCL AppScan?**

- **Has the product been a good partner in doing business?:** 8.8/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.1/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.2/10 (Category avg: 8.7/10)
- **Test Automation:** 7.9/10 (Category avg: 8.7/10)

**Who Is the Company Behind HCL AppScan?**

- **Seller:** [HCL Technologies](https://www.g2.com/sellers/hcl-technologies)
- **Year Founded:** 1999
- **HQ Location:** Noida, Uttar Pradesh
- **Twitter:** @hcltech (425,043 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/1756/ (246,058 employees on LinkedIn®)
- **Ownership:** NSE - National Stock Exchange of India

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer &amp; Network Security
- **Company Size:** 54% Enterprise, 28% Small-Business



#### What Are Recent G2 Reviews of HCL AppScan?

**"[Easy to setup and powerful application security](https://www.g2.com/survey_responses/hcl-appscan-review-9387983)"**

**Rating:** 4.0/5.0 stars
*— chandramohan K.*

[Read full review](https://www.g2.com/survey_responses/hcl-appscan-review-9387983)

---

**"[A Testing Suite that packs quite a punch!](https://www.g2.com/survey_responses/hcl-appscan-review-9215302)"**

**Rating:** 5.0/5.0 stars
*— Pranav U.*

[Read full review](https://www.g2.com/survey_responses/hcl-appscan-review-9215302)

---


#### What Are G2 Users Discussing About HCL AppScan?

- [What is HCL AppScan used for?](https://www.g2.com/discussions/what-is-hcl-appscan-used-for)
- [What does HCL AppScan do?](https://www.g2.com/discussions/what-does-hcl-appscan-do)
- [Who owns AppScan?](https://www.g2.com/discussions/who-owns-appscan) - 1 comment
- [Is AppScan free?](https://www.g2.com/discussions/is-appscan-free) - 1 comment

### 21. [Indusface WAS](https://www.g2.com/products/indusface-was/reviews)
Indusface WAS (Web Application Scanner) provides comprehensive managed dynamic application security testing (DAST) solution. It is a zero-touch, non-intrusive cloud-based solution that provides daily monitoring for web applications, checking for systems and application vulnerabilities, and malware. Indusface WAS with its automated scans &amp; manual pentesting done by certified security experts ensures none of the OWASP Top10, business logic vulnerabilities, and malware go unnoticed. With zero false-positive guarantee and comprehensive reporting with remediation guidance, Indusface web app scanning ensures developers to quickly fix vulnerabilities seamlessly.


**Average Rating:** 4.6/5.0
**Total Reviews:** 63
**How Do G2 Users Rate Indusface WAS?**

- **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10)
- **API / Integrations:** 9.7/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.4/10 (Category avg: 8.7/10)
- **Test Automation:** 9.4/10 (Category avg: 8.7/10)

**Who Is the Company Behind Indusface WAS?**

- **Seller:** [Indusface](https://www.g2.com/sellers/indusface)
- **Year Founded:** 2012
- **HQ Location:** Vadodara
- **Twitter:** @Indusface (3,472 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/indusface/ (180 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Computer Software, Information Technology and Services
- **Company Size:** 52% Small-Business, 37% Mid-Market


#### What Are Indusface WAS's Pros and Cons?

**Pros:**

- Vulnerability Detection (19 reviews)
- Vulnerability Identification (16 reviews)
- Customer Support (6 reviews)
- Scanning Efficiency (6 reviews)
- Security (6 reviews)

**Cons:**

- Expensive (2 reviews)
- Confusing Interface (1 reviews)
- Lacking Features (1 reviews)
- Limited Scope (1 reviews)
- Poor Interface Design (1 reviews)


### What Do G2 Reviewers Say About Indusface WAS?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **effective vulnerability detection** and prioritization features of Indusface WAS for enhancing security management.
- Users value the **consistent and reliable vulnerability detection** of Indusface WAS, ensuring thorough security across deployments.
- Users praise the **excellent customer support** of Indusface WAS, ensuring timely assistance and effective issue resolution.
- Users value the **scanning efficiency** of Indusface WAS, as it provides thorough reports on various vulnerabilities.
- Users value the **comprehensive security scanning** of Indusface WAS, enhancing their accreditation and vulnerability management processes.

**Cons:**

- Users find the pricing of Indusface WAS to be **expensive** , particularly for staging and development environments.
- Users find the **interface confusing** , noting it could be more intuitive and visually appealing for better usability.
- Users find the **lack of features** in the free version limiting for staging and development environment scans.
- Users feel the **limited scope** of Indusface WAS hinders testing in development environments due to pricing constraints.
- Users find the **interface design outdated** and urge for a more intuitive and informative user experience.

#### What Are Recent G2 Reviews of Indusface WAS?

**"[Vulnerability and malware scanner in one](https://www.g2.com/survey_responses/indusface-was-review-11323529)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Insurance*

[Read full review](https://www.g2.com/survey_responses/indusface-was-review-11323529)

---

**"[Great support Given by shivani](https://www.g2.com/survey_responses/indusface-was-review-11074325)"**

**Rating:** 5.0/5.0 stars
*— Sai N.*

[Read full review](https://www.g2.com/survey_responses/indusface-was-review-11074325)

---


#### What Are G2 Users Discussing About Indusface WAS?

- [What is Indusface WAS used for?](https://www.g2.com/discussions/what-is-indusface-was-used-for)

### 22. [Pentest-Tools.com](https://www.g2.com/products/pentest-tools-com/reviews)
Discover what&#39;s possible. Prove what&#39;s real. With proprietary tech and key experts in offensive security. Pentest-Tools.com is built for actual security testing, not just detection. We provide the coverage, consolidation, and automation cybersecurity teams need to optimize vulnerability assessment workflows. And we ensure the depth, control, and customization on which professional pentesters count to increase engagement quality and profitability. ✔️ Comprehensive toolkit with real-world coverage ✔️ Validated findings rich with evidence ✔️ Automation options with granular control ✔️ Flexible, high-quality reporting ✔️ Workflow-friendly by design Optimize and scale penetration testing and vulnerability assessment workflows - without sacrificing accuracy, control, or manual testing depth. 🎯 Attack surface mapping and recon 🎯 Comprehensive vulnerability scanning 🎯 Vulnerability exploitation 🎯 Customizable pentest reporting and data exports 🎯 Continuous vulnerability monitoring In our company, we build what we use We launched Pentest-Tools.com in 2017 as a team of professional penetration testers - and we&#39;ve kept that mindset ever since. Our experts still drive product development today, focusing relentlessly on accuracy, speed, and control. Every new feature, detection, and workflow comes from real-world experience. We constantly improve the product with updated attack techniques, smarter automation, and validation that reflects how malicious hackers actually operate - so your team can deliver security work that&#39;s faster, more visible, and built on proof.


**Average Rating:** 4.8/5.0
**Total Reviews:** 100
**How Do G2 Users Rate Pentest-Tools.com?**

- **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10)
- **API / Integrations:** 7.3/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.2/10 (Category avg: 8.7/10)
- **Test Automation:** 8.3/10 (Category avg: 8.7/10)

**Who Is the Company Behind Pentest-Tools.com?**

- **Seller:** [Pentest-Tools.com](https://www.g2.com/sellers/pentest-tools-com)
- **Year Founded:** 2017
- **HQ Location:** Sectorul 1, Bucharest
- **Twitter:** @pentesttoolscom (4,062 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/33242531/ (63 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** CEO
- **Top Industries:** Computer &amp; Network Security, Information Technology and Services
- **Company Size:** 65% Small-Business, 20% Mid-Market


#### What Are Pentest-Tools.com's Pros and Cons?

**Pros:**

- Ease of Use (6 reviews)
- Automation (4 reviews)
- Customer Support (4 reviews)
- Pentesting Efficiency (4 reviews)
- Scheduling (4 reviews)

**Cons:**

- Difficult Customization (2 reviews)
- Limited Features (2 reviews)
- Slow Scanning (2 reviews)
- Bugs (1 reviews)
- Confusing Interface (1 reviews)


### What Do G2 Reviewers Say About Pentest-Tools.com?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **ease of use** of Pentest-Tools.com, allowing anyone to integrate it into their operations effortlessly.
- Users value the **automation** of Pentest-Tools.com, streamlining vulnerability management with user-friendly, efficient tools and reporting.
- Users praise the **quick and helpful customer support** of Pentest-Tools.com, enhancing their overall user experience.
- Users commend the **efficiency of Pentesting** , noting its fast processing and comprehensive vulnerability reports.
- Users appreciate the **efficient scheduling features** of Pentest-Tools.com, saving valuable time in their vulnerability management processes.

**Cons:**

- Users express frustration with **difficult customization** of reports, noting lack of editing options and templates limits flexibility.
- Users express frustration over **limited report customization** and unexpected changes to asset management, impacting efficiency.
- Users find that the **slow scanning** process can hinder efficiency, adding frustration to the testing experience.
- Users find the **bugs in findings** require extra manual work, which can be annoying for developers.
- Users find the **interface confusing** , making navigation between scans, assets, and reports less intuitive than desired.

#### What Are Recent G2 Reviews of Pentest-Tools.com?

**"[Cost-Effective, Accurate, and Fast—Easy Setup and Smooth Integrations](https://www.g2.com/survey_responses/pentest-tools-com-review-13059643)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Insurance*

[Read full review](https://www.g2.com/survey_responses/pentest-tools-com-review-13059643)

---

**"[why i would recommend pen-test tools.com to small teams](https://www.g2.com/survey_responses/pentest-tools-com-review-11787083)"**

**Rating:** 4.0/5.0 stars
*— Omar B.*

[Read full review](https://www.g2.com/survey_responses/pentest-tools-com-review-11787083)

---


#### What Are G2 Users Discussing About Pentest-Tools.com?

- [What is Pentest-Tools.com used for?](https://www.g2.com/discussions/what-is-pentest-tools-com-used-for)
- [How do you perform a VAPT?](https://www.g2.com/discussions/how-do-you-perform-a-vapt) - 1 comment
- [What are the security testing tools?](https://www.g2.com/discussions/what-are-the-security-testing-tools) - 1 comment
- [What are VAPT tools?](https://www.g2.com/discussions/what-are-vapt-tools) - 1 comment
- [What is Pentest tool?](https://www.g2.com/discussions/what-is-pentest-tool) - 1 comment

### 23. [Beagle Security](https://www.g2.com/products/beagle-security/reviews)
Beagle Security helps you identify vulnerabilities in your web applications, APIs, GraphQL and remediate them with actionable insights before hackers harm you in any manner. With Beagle Security, you can integrate automated penetration testing into your CI/CD pipeline to identify security issues earlier in your development lifecycle and ship safer web applications. Major features: - Checks your web apps &amp; APIs for 3000+ test cases to find security loopholes - OWASP &amp; SANS standards - Recommendations to address security issues - Security test complex web apps with login - Compliance reports (GDPR, HIPAA &amp; PCI DSS) - Test scheduling - DevSecOps integrations - API integration - Team access - Integrations with popular tools like Slack, Jira, Asana, Trello &amp; 100+ other tools


**Average Rating:** 4.7/5.0
**Total Reviews:** 85
**How Do G2 Users Rate Beagle Security?**

- **Has the product been a good partner in doing business?:** 9.5/10 (Category avg: 9.2/10)
- **API / Integrations:** 7.9/10 (Category avg: 8.6/10)
- **Detection Rate:** 9.2/10 (Category avg: 8.7/10)
- **Test Automation:** 9.7/10 (Category avg: 8.7/10)

**Who Is the Company Behind Beagle Security?**

- **Seller:** [Beagle Security](https://www.g2.com/sellers/beagle-security)
- **Year Founded:** 2020
- **HQ Location:** San Francisco, US
- **Twitter:** @beaglesecure (206 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/beaglesecurity/ (50 employees on LinkedIn®)

**Who Uses This Product?**
- **Who Uses This:** CEO, Director
- **Top Industries:** Marketing and Advertising, Information Technology and Services
- **Company Size:** 91% Small-Business, 7% Mid-Market


#### What Are Beagle Security's Pros and Cons?

**Pros:**

- Reporting Quality (1 reviews)
- Setup Ease (1 reviews)



### What Do G2 Reviewers Say About Beagle Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users praise the **attractive reporting** of Beagle Security, finding it easy to configure and comprehensive.
- Users find the **setup ease** of Beagle Security highly beneficial, appreciating its intuitive configuration and reporting features.


#### What Are Recent G2 Reviews of Beagle Security?

**"[Comprehensive Security Testing with Actionable Insights](https://www.g2.com/survey_responses/beagle-security-review-12619693)"**

**Rating:** 5.0/5.0 stars
*— Nkosinathi T.*

[Read full review](https://www.g2.com/survey_responses/beagle-security-review-12619693)

---

**"[Very thorough service that gives us good Ci/CD assurance between Pen Tests](https://www.g2.com/survey_responses/beagle-security-review-11354043)"**

**Rating:** 5.0/5.0 stars
*— Matt B.*

[Read full review](https://www.g2.com/survey_responses/beagle-security-review-11354043)

---


#### What Are G2 Users Discussing About Beagle Security?

- [How has Beagle Security enhanced your web security, and what features would you like to see added?](https://www.g2.com/discussions/how-has-beagle-security-enhanced-your-web-security-and-what-features-would-you-like-to-see-added)
- [What is Beagle Security used for?](https://www.g2.com/discussions/what-is-beagle-security-used-for) - 1 comment

### 24. [Contrast Security](https://www.g2.com/products/contrast-security-contrast-security/reviews)
Contrast Security is the global leader in Application Detection and Response (ADR), empowering organizations to see and stop attacks on applications and APIs in real time. Contrast embeds patented threat sensors directly into the software, delivering unmatched visibility and protection. With continuous, real-time defense, Contrast uncovers hidden application layer risks that traditional solutions miss. Contrast’s powerful Runtime Security technology equips developers, AppSec teams and SecOps with one platform that proactively protects and defends applications and APIs against evolving threats.


**Average Rating:** 4.5/5.0
**Total Reviews:** 49
**How Do G2 Users Rate Contrast Security?**

- **Has the product been a good partner in doing business?:** 9.0/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.7/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.2/10 (Category avg: 8.7/10)
- **Test Automation:** 8.3/10 (Category avg: 8.7/10)

**Who Is the Company Behind Contrast Security?**

- **Seller:** [Contrast Security](https://www.g2.com/sellers/contrast-security)
- **Company Website:** https://contrastsecurity.com
- **Year Founded:** 2014
- **HQ Location:** Pleasanton, CA
- **Twitter:** @contrastsec (5,468 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/contrast-security/ (196 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Insurance, Information Technology and Services
- **Company Size:** 67% Enterprise, 20% Mid-Market


#### What Are Contrast Security's Pros and Cons?

**Pros:**

- Accuracy of Findings (2 reviews)
- Accuracy of Results (2 reviews)
- Vulnerability Detection (2 reviews)
- Automated Scanning (1 reviews)
- Automation (1 reviews)

**Cons:**

- Complex Setup (1 reviews)
- Difficult Setup (1 reviews)
- Performance Issues (1 reviews)
- Problematic Updates (1 reviews)
- Setup Complexity (1 reviews)


### What Do G2 Reviewers Say About Contrast Security?
*AI-generated summary from verified user reviews*

**Pros:**

- Users value the **accuracy of findings** from Contrast Security, ensuring greater precision in identifying vulnerabilities.
- Users value the **accuracy of results** from Contrast Security, benefiting from precise vulnerability monitoring and analysis.
- Users commend the **real-time vulnerability detection** of Contrast Security, appreciating its quick feedback and agile support.
- Users commend the **real-time vulnerability detection** of Contrast Security, appreciating its quick turnaround and excellent support.
- Users value the **real-time security testing** and excellent support from Contrast Security, enhancing their overall security posture.

**Cons:**

- Users experienced **performance issues** with Contrast Security, particularly with Java applications, but found support helpful in resolving them.

#### What Are Recent G2 Reviews of Contrast Security?

**"[Shift-Smart with Contrast](https://www.g2.com/survey_responses/contrast-security-review-8492224)"**

**Rating:** 5.0/5.0 stars
*— Kiran S.*

[Read full review](https://www.g2.com/survey_responses/contrast-security-review-8492224)

---

**"[Contrast Security makes application security simple](https://www.g2.com/survey_responses/contrast-security-review-8516563)"**

**Rating:** 5.0/5.0 stars
*— Verified User in Higher Education*

[Read full review](https://www.g2.com/survey_responses/contrast-security-review-8516563)

---


#### What Are G2 Users Discussing About Contrast Security?

- [What is contrast protect?](https://www.g2.com/discussions/what-is-contrast-protect)
- [Is Contrast security SaaS?](https://www.g2.com/discussions/is-contrast-security-saas)
- [What is Contrast security tool?](https://www.g2.com/discussions/what-is-contrast-security-tool)
- [What does contrast security do?](https://www.g2.com/discussions/what-does-contrast-security-do)

### 25. [StackHawk](https://www.g2.com/products/stackhawk/reviews)
StackHawk is reimagining AppSec for AI-driven development, where applications are built faster than traditional AppSec tools can keep up. Our AppSec Intelligence Platform combines scalable runtime testing with complete attack surface discovery from source code. We integrate directly into development workflows and provide context-aware remediations to developers, enabling teams to find and fix exploitable vulnerabilities before they reach production. With real-time visibility and centralized program intelligence, AppSec teams can prioritize testing and fixing what matters. Companies like British Airways, ITV, and Norstella trust StackHawk to evaluate application risk, prove program value, and scale testing coverage to match development velocity.


**Average Rating:** 4.6/5.0
**Total Reviews:** 67
**How Do G2 Users Rate StackHawk?**

- **Has the product been a good partner in doing business?:** 9.1/10 (Category avg: 9.2/10)
- **API / Integrations:** 8.8/10 (Category avg: 8.6/10)
- **Detection Rate:** 8.1/10 (Category avg: 8.7/10)
- **Test Automation:** 8.8/10 (Category avg: 8.7/10)

**Who Is the Company Behind StackHawk?**

- **Seller:** [StackHawk](https://www.g2.com/sellers/stackhawk)
- **Company Website:** https://stackhawk.com
- **Year Founded:** 2019
- **HQ Location:** Denver, CO
- **Twitter:** @StackHawk (1,137 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/40780406/ (34 employees on LinkedIn®)

**Who Uses This Product?**
- **Top Industries:** Information Technology and Services, Computer Software
- **Company Size:** 46% Small-Business, 35% Mid-Market


#### What Are StackHawk's Pros and Cons?

**Pros:**

- Easy Integrations (10 reviews)
- Customer Support (9 reviews)
- Ease of Use (9 reviews)
- Integrations (7 reviews)
- Scanning Efficiency (5 reviews)

**Cons:**

- Setup Complexity (5 reviews)
- Complex Setup (4 reviews)
- High Learning Curve (3 reviews)
- Lacking Features (3 reviews)
- Limited Scope (3 reviews)


### What Do G2 Reviewers Say About StackHawk?
*AI-generated summary from verified user reviews*

**Pros:**

- Users appreciate the **easy integrations** with major CI tools, streamlining their automated testing processes effectively.
- Users commend the **excellent customer support** from StackHawk, always ready to assist with any inquiries.
- Users value the **ease of use** of StackHawk, appreciating its intuitive interface and helpful customer support.
- Users appreciate the **easy integration** capabilities of StackHawk, enabling seamless connections with various CI tools.
- Users praise StackHawk for its **scanning efficiency** , allowing quick vulnerability identification without delaying deployments.

**Cons:**

- Users find the **setup complexity** of StackHawk frustrating, requiring extensive onboarding and configuration efforts.
- Users find the **complex setup** of StackHawk frustrating, requiring extensive configuration and leading to a steep learning curve.
- Users find the **high learning curve** of StackHawk challenging, especially due to its complex scripting requirements.
- Users note the **lack of automatic API endpoint collection** and poor management of vulnerabilities as significant drawbacks.
- Users find StackHawk has a **limited scope** due to restricted usage and lack of automation features.

#### What Are Recent G2 Reviews of StackHawk?

**"[StackHawk is a great DAST security tool](https://www.g2.com/survey_responses/stackhawk-review-10761348)"**

**Rating:** 5.0/5.0 stars
*— David M.*

[Read full review](https://www.g2.com/survey_responses/stackhawk-review-10761348)

---

**"[A Game-Changer for DevSecOps](https://www.g2.com/survey_responses/stackhawk-review-8847655)"**

**Rating:** 5.0/5.0 stars
*— Todd L.*

[Read full review](https://www.g2.com/survey_responses/stackhawk-review-8847655)

---


#### What Are G2 Users Discussing About StackHawk?

- [What is StackHawk used for?](https://www.g2.com/discussions/what-is-stackhawk-used-for)


## What Is Dynamic Application Security Testing (DAST) Software?

[DevSecOps Software](https://www.g2.com/categories/devsecops)

## What Software Categories Are Similar to Dynamic Application Security Testing (DAST) Software?

- [Vulnerability Scanner Software](https://www.g2.com/categories/vulnerability-scanner)
- [Penetration Testing Tools](https://www.g2.com/categories/penetration-testing-tools)
- [API Security Tools](https://www.g2.com/categories/api-security)


---

## How Do You Choose the Right Dynamic Application Security Testing (DAST) Software?

### What You Should Know About Dynamic Application Security Testing (DAST)﻿ Software

### What is Dynamic Application Security Testing (DAST) Software?

Dynamic application security testing (DAST) is one of the many technology groupings of security testing solutions. DAST is a form of black-box security testing, meaning it simulates realistic threats and attacks. This differs from other forms of testing such as static application security testing (SAST), a white-box testing methodology used to examine the source code of an application.

DAST includes a number of testing components that operate while an application is running. Security professionals simulate real-world functionality through testing the application for vulnerabilities and then evaluate the effects on application performance. The methodology is often used to find issues near the end of the software development lifecycle. These issues may be tougher to fix than early flaws and bugs are, but those flaws pose a larger threat to critical components of an application.

DAST can also be thought of as a methodology. It’s a different approach than traditional security testing because once a test is completed, there are still tests to be done. It involves periodic inspections as updates are pushed live or changes are made before release. While a penetration test or code scan might serve as a one-off test for specific vulnerabilities or bugs, dynamic testing can be performed continually throughout the lifecycle of an application.

Key Benefits of Dynamic Application Security Testing (DAST) Software

- Simulate realistic attacks and threats
- Discover vulnerabilities not found in source code
- Flexible and customizable testing options
- Comprehensive assessment and scalable testing

### Why Use Dynamic Application Security Testing (DAST) Software?

There are a number of testing solutions necessary for an all-encompassing approach to security testing and vulnerability discovery. Most start in the early stages of software development and help programmers discover bugs in the code and issues with the underlying framework or design. These tests require access to source code and are often used during development and quality assurance (QA) processes.

While early testing solutions approach testing from the standpoint of the developer, DAST approaches testing from the standpoint of a hacker. These tools simulate real threats to a functional, running application. Security professionals can simulate common attacks such as SQL injection and cross-site scripting or customize tests to threats specific to their product. These tools offer a highly customizable solution for testing during the later stages of development and while applications are deployed.

**Flexibility —** Users can schedule tests as they please or perform them continuously throughout an application’s or website’s lifecycle. Security professionals can modify environments to simulate their resources and infrastructure to ensure a realistic test and evaluation. They’re often scalable, as well, to see if increased traffic or usage would affect vulnerabilities and protection.

Industries with more specific threats may require more specific testing. Security professionals may identify a threat specific to the health care industry or financial sector and alter tests to simulate the threats most common to them. If performed correctly, these tools offer some of the most realistic and customizable solutions to the threats present in real-world situations.

**Comprehensiveness —** Threats are continuously evolving and expanding, making the ability to simulate multiple tests more necessary. DAST offers a versatile approach to testing, wherein security professionals can simulate and analyze each threat or attack type individually. These tests deliver comprehensive feedback and actionable insights that security and development teams use to remediate any issues, flaws, and vulnerabilities.

These tools will first perform an initial crawl, or examination, of applications and websites from a third-party perspective. They interact with applications using HTTP, allowing the tools to examine applications built with any programming language or on any framework. The tool will then test for misconfigurations, which expose a greater attack surface than internal vulnerabilities. Additional tests can be run, depending on the solution, but all the results and discoveries can be stored for actionable remediation.

**Continuous assessment —** Agile teams and other companies relying on frequent updates to applications should use DAST products with continuous assessment capabilities. SAST tools will provide more direct solutions for issues related to continuous integration processes, but DAST tools will provide a better view of how updates and changes will be seen from an outside perspective. Each new update may pose a new threat or unveil a new vulnerability; it is therefore crucial to continue testing even after applications have been completed and deployed.

Unlike SAST, DAST also requires less access to potentially sensitive source code within the application. DAST approaches the situation from an outside perspective as simulated threats attempt to gain access to vulnerable systems or sensitive information. This can make it easier to perform tests continuously without requiring individuals to access source code or other internal systems.

### What are the Common Features of Dynamic Application Security Testing (DAST) Software?

Standard functionality is included in most dynamic application security testing (DAST) solutions:

**Compliance testing —** Compliance testing gives users the ability to test for various requirements from regulatory bodies. This can help ensure information is stored securely and protected from hackers.

**Test automation —** Test automation is the feature powering continuous testing processes. This functionality operates by running prescripted tests as frequently as required without the need for hands-on or manual testing.

**Manual testing —** Manual testing gives the user complete control over individual tests. These features allow users to perform hands-on live simulations and penetration tests.

**Command-line tools —** The command-line interface (CLI) is the language interpreter of a computer. CLI capabilities will allow security testers to simulate threats directly from the terminal host system and input command sequences.

**Static code analysis —** Static code analysis and static security testing is used to test from the inside out. These tools help security professionals examine application source code for security flaws without executing it.

**Issue tracking —** Issue tracking helps security professionals and developers document flaws or vulnerabilities as they are discovered. Proper documentation will make it easier to organize the actionable insights provided by the DAST tool.

**Reporting and analytics —** Reporting capabilities are important to DAST tools because they provide the information necessary to remediate any recently discovered vulnerabilities. Reporting and analytics features can also give teams a better idea of how attacks may affect application availability and performance.

**Extensibility —** Many applications offer the ability to expand functionality through the use of integrations, APIs, and plugins. These extensible components provide the ability to extend the platform beyond its native feature set to include additional features and functionalities.

### Potential Issues with Dynamic Application Security Testing (DAST) Software

**Testing coverage —** While DAST technologies have come a long way, DAST tools alone are unable to discover the majority of vulnerabilities. This is why most experts suggest pairing them with SAST solutions. Combining the two can decrease the rate at which false positives occur. They can also be used to simplify the continuous testing process for agile teams. While no tool will detect every vulnerability, DAST may be less efficient than other testing tools if used alone.

**Late-stage issues —** DAST tools will require code to be compiled for each individual test because they rely on simulated functionality to test responses. This can be a roadblock for agile teams constantly integrating new code into an application. Reports are usually static and result from single tests. For agile teams, those reports can become outdated and lose value very quickly. This is just one more reason DAST tools should be used as a component of an all-encompassing security testing stack rather than a standalone solution.

**Testing capabilities —** Because DAST tools do not access an application&#39;s underlying source code, there are a number of flaws DAST tools will be unable to detect. For example, DAST tools are most effective at simulating reflection, or call-and-response, attacks where they can simulate an input and receive a response. They are not, however, highly effective in discovering smaller vulnerabilities or flaws in areas of the application that are rarely touched by users. These issues, as well as vulnerabilities in the original source code, will need to be addressed by additional security testing technologies.

### Software and Services Related to Dynamic Application Security Testing (DAST) Software

Most security software focuses on the vulnerabilities of networks and devices. Not all, but some, are used specifically for testing. But there are many different ways to tackle the topic, and using a combination of tools and testing methods is always more effective than relying on one tool alone. These are a few security tools used for various testing purposes.

[**Static application security testing (SAST) software**](https://www.g2.com/categories/static-application-security-testing-sast) **—** SAST tools are used to inspect the underlying source code of an application, making them the perfect complement to DAST tools. Using the tools in tandem is often referred to as interactive application security testing (IAST). This can help combine the black-box nature of DAST and the white-box nature of SAST to both find errors in source code as well as errors in functionality and third-party components of an application.

[**Vulnerability scanners**](https://www.g2.com/categories/vulnerability-scanner) **—** Some people use the term vulnerability scanner to describe DAST tools, but in reality DAST is just one component of most vulnerability scanners. DAST tools are application-specific, while vulnerability scanners typically provide a larger set of features for vulnerability management, risk assessment, and continuous testing.

[**Static code analysis software**](https://www.g2.com/categories/static-code-analysis) **—** Static code analysis tools are more similar to SAST than DAST, in that they’re used to evaluate an application’s source code. These tools are less directed towards security but may provide SAST capabilities. They’re typically used to scan code for a number of flaws that include bugs, security vulnerabilities, performance issues, and any other issue that may present itself if source code is not tested and optimized.



