Want to see who topped the 2019 Best Software Awards?

Best Dynamic Application Security Testing (DAST) Software

Dynamic application security testing (DAST) tools automate security tests for a variety of real-world threats. These tools typically test HTTP and HTML interfaces of web applications. DAST is a black-box testing method, meaning it is performed from the outside in. Companies use these tools to identify vulnerabilities in their applications from an external perspective, to better simulate threats most easily accessed by hackers outside their organization. There are similarities between DAST tools and other application security and vulnerability management solutions, but most of the other technologies perfom internal tests and code analysis instead of focusing on black-box testing.

To qualify for inclusion in the Dynamic Application Security Testing (DAST) category, a product must:

  • Test applications in their operational state
  • Perform external black-box security tests
  • Trace penetrations and exploits to their sources
Filters
Star Rating

Dynamic Application Security Testing (DAST) reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

Compare Dynamic Application Security Testing (DAST) Software
Results: 31
    G2 Crowd takes pride in showing unbiased ratings on user satisfaction. G2 Crowd does not allow for paid placement in any of our ratings.
    Sort By:

    Checkmarx is the Software Exposure Platform for the enterprise. Over 1,400 organizations around the globe rely on Checkmarx to measure and manage software risk at the speed of DevOps. Checkmarx serves five of the world’s top 10 software vendors, four of the top American banks, and many government organizations and Fortune 500 enterprises, including SAP, Samsung, and Salesforce.com. Learn more at Checkmarx.com or follow us on Twitter: @checkmarx.


    IBM Security AppScan Standard protects against web application attacks and expensive data breaches by automating application security vulnerability testing. Avoid security vulnerabilities Use automated dynamic security testing and advanced static analysis – “black box” and “white box” – to detect developing security issues. Empower accurate scanning Scan websites to identify embedded vulnerabilities. Simplify interpretation of scan results with scan-specific explanations of each issue. Get quick remediation Fix high-priority problems first with streamlined remediation. Make fixes quickly with the provided remediation steps – including code examples and a task list.


    Appknox is one of the enterprise level security assessment product that helps businesses and enterprises to detect, manage and fix security issues. Its been used by some of the top enterprises to secure more than 500 mobile apps on regular basis. Appknox is listed in one of the Gartner's top mobile app security testing vendors list. Working with more than 100 organizations globally Appknox has been focusing on niche area of mobile app security.


    Netsparker develops an industry leading automated web application security solution. Available as Windows software, online and on-premises service, the Netsparker scanner can automatically detect SQL Injection, Cross-site Scripting and other vulnerabilities in any type of modern HTML5, Single Page Application (SPA), Web 2.0 web application and web services, regardless of the technology they are built with. The Netsparker scanner does not just report the vulnerabilities, it also generates a proof of exploit confirming they are real and not false positives. Therefore you do not have to waste time manually verifying the scanner’s findings and can easily scale up web application security and scan thousands of websites within a matter of hours. Netsparker is trusted and used by world renowned companies such as Samsung, Ernst & Young, Skype, NASA, ISACA and ING Bank.


    Peach Fuzzer is an automated security testing platform that prevents zero-day attacks by findng vulnerabilities in hardware and software systems.


    Application security testing for the modern web


    Software security solutions from Micro Focus Fortify cover your entire software development lifecycle (SDLC) for mobile, third party and website security.


    WebInspect offers automated dynamic application security testing (DAST) and interactive application security testing (IAST) technologies that mimics real-world hacking techniques and attacks, provides comprehensive dynamic analysis of complex web applications and services, and crawls more of the attack surface to exposes exploits.


    Acunetix leads the market in automatic web security testing technology that accurately scans and audits all web applications, including HTML5, JavaScript and Single Page applications (SPAs). It offers a cost-effective entry into the web scanning market with a simple, scalable, and high availability solution, without compromising quality. Acunetix can report on a wide range of web vulnerabilities, including SQLi and XSS and provides the only technology on the market that can automatically detect out-of-band vulnerabilities. Acunetix also includes integrated vulnerability management features for enterprises to comprehensively manage, prioritise and control vulnerability threats – ordered by business criticality. Used by many Government, Military, Educational, Telecommunications, Banking, Finance, and E-Commerce sectors, including many Fortune 500 companies it is available on Windows, Linux and Online


    Fortify offers end-to-end application security solutions with the flexibility of testing on-premises and on-demand to cover the entire software development lifecycle.


    AppSpider is a dynamic application security testing (DAST) solution.


    Black Duck by Synopsys provides a comprehensive software composition analysis (SCA) solution for managing security, quality, and license compliance risk that comes from the use of open source and third-party code in applications and containers.


    CA Veracode Vendor Application Security Testing (VAST) provides a scalable program for managing third-party software risk. Build your program based on a decade’s worth of best practices to ensure success and see a simple pass or fail for each vendor application. Because CA Veracode scans binaries rather than source code, vendors will be more comfortable with the assessments because they don't have to disclose their intellectual property. With CA Veracode, you can scale your program without adding specialized headcount and manage the entire program on a single platform


    Code Dx’s automated application vulnerability correlation shaves weeks off that process so you can get right to fixing your code. Its vulnerability management lets you quickly prioritize vulnerabilities (to fix the most important ones first), track progress of their remediation, and observe how your code's security changes over time.


    Continuous security delivery fabric for modern enterprise infrastructure.


    Cymulate comprehensively identifies the security gaps in your infrastructure and provides actionable insights for proper remediation. Run safely from the internet, our battery of simulated attacks causes no interruption to your operation or business productivity.


    Entersoft is an award-winning Application security service provider with rifle focus on proactive security through security by design. Through our managed service offerings, we currently work with 300+ customers in FinTech, IoT, Blockchain, BFSI and Healthcare. We help our customers achieve a high Application security quotient and instill proactive app security culture in the developers, DNA.


    Manage, measure and integrate security for the entire software lifecycle.


    Indusface is an application security with amazon web services (AWS) and software-as-a-service (SaaS) options.


    Provides an end-to-end Application Security platform to bring you objective data so you can make informed decisions regarding the security, risk, cost, activity, quality, maintainability, efficiency and dependencies of your applications.


    Promon INSIGHT gives you crucial time to react to emerging threats. With the ability to silently report back to servers, hackers performing targeted attacks won't even be aware that they have been detected.


    reshift is a continuous application security testing platform that helps software development teams integrate security earlier in the software development life cycle. We make security easier to integrate than other solutions because of two things: 1. Integrations: We don't want to add more work for the developers and that's why we created an end to end solution that seamlessly works with the modern day development workflow. Simply log into Github, Bitbucket, or Gitlab to upload projects. reshift has a scanner included but works on top of your existing scanners. Finally, we also integrate with JIRA to make fixing bugs actionable. 2. False Positives: reshift is capable of automatically triaging false positives with our machine learning algorithm. With other tools false positives just create noise and make fixing bugs more time consuming and less desirable, with reshift everything is filtered based on the rules you set. The more you confirm, the more accurate the predictions get.


    SD Elements is an award-winning platform that translates policies to prescriptive, measurable procedures that are used by IT and Engineering teams to achieve their security and compliance objectives. SD Elements generates and tracks granular controls with a flexible rule- based engine and integrates those controls into ALMs and enterprise workflows used by development teams, including those leveraging DevOps. SD Elements also delivers Just-In-Time training to developers, providing concise, contextual guidance on how to implement controls right when they need it.


    Sqreen is an application security platform that provides extensive visibility and reaction capabilities to the threats targeting both legacy and modern cloud applications. Trusted by security teams, loved by developers, Sqreen improves the security standards of the world's leading organizations. Founded by former security experts at Apple, Sqreen protects hundreds of companies from startups to Fortune 500 companies.  Sqreen uses a combination of technologies including a Runtime Application Self-Protection (RASP) agent to offer deep real-time visibility and protection against security activities and attacks. It offers out-of-the-box security rules against common attacks (OWASP top 10 and more), 0-days and advanced business logic threats. Protections can be easily extendable with custom rules. Get started with Sqreen in just a couple of minutes. No configuration or maintenance required. Benefits of using Sqreen: - Real-time protection without false positives - Deep visibility into security activities: origin, payloads, location, stack traces, time, actors etc. - Protection against common attacks and advanced 0-day attacks - Advanced customization capabilities to cover specific business logic threats - Scalable and integrated into DevOps environments


    SWAT (the Secure Web Application Tactics) is a continuous vulnerability management solution. Its allows a full vulnerability coverage thanks to the association of vulnerability scanning tools and Outpost24 experienced security technicians. SWAT adjusts its scanning to new threats discovered and adapts to any changes in the application. All deployment and maintenance is performed by Outpost24 experts team. Companies can stay focused on their core activity, Outpost24 takes care of their web application security. Customer support is available 24/7. Know more > https://outpost24.com/swat


    Dynamic Application Security Testing (DAST) uses penetration testing while web applications are running to simulate an attack by a skilled and motivated attacker.


    Threatcare is a cybersecurity platform that allows organizations to simulate intrusions on their network to help improve their people's performance, their processes, and their product utilization.


    Veracode is the world's best automated, on-demand application security testing and code review solution.


    Using the Virtual Forge Security Suite, customers will improve their security and compliance by automating tasks involved in securing their SAP systems.


    Votiro Disarmer API can quickly bring our powerful CDR protection to any application with HTTP REST API. With a simple call to Votiro Disarmer, your files are automatically disarmed before reaching your internal file storage, with full functionality intact.


    WhiteHat Sentinel Dynamic is a software-as-a-service platform for dynamic application security testing (DAST).