Dynamic Application Security Testing (DAST) Tools

Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix…

GitLab DevSecOps platform enables software innovation by aiming to empower development, security, and operations teams to build better software, faster. With GitLab, teams can create, deliver, and manage code quickly and continuously instead of managing disparate tools and scripts.…

The Burp Suite, from UK-based alcohol-themed software company PortSwigger Web Security, is an application security and testing solution.

AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018. Appscan supports both dynamic (DAST) and static (SAST) application security testing.

An AppSec solution formerly from Micro Focus, spanning SCA, SAST and DAST that supports the breadth and management of any application portfolio, used to secure code. Features API discovery and testing for any application, throughout the software lifecycle.

Onapsis, headquartered in Boston, offers application security software to enterprises in the form of the Onapsis Security Platform for SAP and the Onapsis Security Platform for Oracle E-Business Suite.

Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software delivered via the Checkmarx Software Security Platform. Individual modules and capabilities include Checkmarx Static Application Security Testing, Checkmarx Software Composition…

AcuSensor from Maltese company Acunetix is application security and testing software.

AppSpider, from Boston-based Rapid7, is an application security and testing offering based on technology acquired from NT OBJECTives (their similarly named software NTOSpider, acquired with the company during April, 2015).

Invicti enables organizations in every industry to continuously scan and secure all of their web applications and APIs. Invicti provides a comprehensive view of an organization’s entire web application portfolio, and automation and integrations enable customers to achieve broad coverage…

Chicago-based Trustwave offers the App Scanner suite of products, based on the "Hailstorm" technology acquired with the company Cenzic (March, 2014) for application security and testing. Trustwave App Scanner was dynamic application security testing (DAST) software that identifies…

Indusface Web Application Scanner provides an application security audit to detect a range of high-risk Vulnerabilities, Malware, and Critical CVEs.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with…

Pentest-Tools.com allows users to discover and report vulnerabilities in websites and network infrastructures. They provide a set of integrated pentesting tools designed to enable users to perform easier, faster, and more effective pentest engagements. Quickly discover the attack…

Intruder, from Intruder Systems in London, is a cloud-based vulnerability scanner that finds cyber security weaknesses in digital infrastructure, to avoid costly data breaches.

Sn1per Professional is an offensive security platform that provides a comprehensive view of internal and external attack surface and offers an asset risk scoring system to prioritize, reduce, and manage risk. Sn1per Professional is used to discover the attack surface and continuously…

DerScanner is an application security tool used to identify vulnerabilities and backdoors using various analysis methods (SAST, DAST, SCA) and integrate with other tools for embedding in SSDLC. DerScanner supports static analysis that can check apps written in 36 programing languages.…

Probely is a cloud-based automated application security testing solution designed to empower Security and DevOps teams working together on a DevSecOps approach, built to reduce risk across web applications and RESTful APIs. Probely empowers Security and DevOps or Development teams…

The Crashtest Security Suite is a web application and API vulnerability scanner. The software provides fully automated security testing for the whole web application portfolio. The vendor describes their solution as detailed, accurate and easy to implement.

StackHawk is a solution designed to make it simple for developers to find, triage, and fix application security bugs, from the company of the same name headquartered in Denver. Scan an application for AppSec bugs in the code, triage and fix with provided documentation, and automate…

Mister Scanner is presented as an un-complicated vulnerability scanner, by the small company of the same name in Bengaluru, providing XSS, SQL Injection, CSRF, and 3100+ Other Tests of websites and web applications.

BlueClosure, from Italy-based Minded Security, offers realtime dynamic data tainting protection, that can analyse any codebase written with JavaScript frameworks like Angular.js, jQuery, Meteor.js, React.js, etc.

Mobix is a SaaS mobile application testing platform that reduces application analysis costs and time, making tests creation and finding vulnerabilities effortless. Mobix's unique characteristics include: Non-invasive tool, which augments existing SDLC (Software Development Life…

Appknox is an on-demand mobile application security platform designed to help Developers, Security Researchers, and Enterprises to build a safe and secure mobile ecosystem using a system plus human approach to outsmart hackers. The vendor states they have been successful in reducing…

Bright Security is an application & API security testing platform from the company of the same name in San Rafael, California. Bright Security integrates into the user's CI/CD pipeline and enable users to run DAST scans with every build, as well as identify known (7,000+ payloads)…