Dynamic Application Security Testing (DAST) Tools

TrustRadius Top Rated for 2024

Top Rated Products

(1-2 of 2)

1
GitLab

GitLab DevSecOps platform enables software innovation by aiming to empower development, security, and operations teams to build better software, faster. With GitLab, teams can create, deliver, and manage code quickly and continuously instead of managing disparate tools and scripts.…

2
Veracode

Veracode is a software security firm that identifies flaws and vulnerabilities across the software development lifecycle. Veracode’s Software Security Platform uses advanced AI algorithms trained on vast datasets of code, for more precise identification and rectification of security…

All Products

(1-25 of 41)

1
Veracode

Veracode is a software security firm that identifies flaws and vulnerabilities across the software development lifecycle. Veracode’s Software Security Platform uses advanced AI algorithms trained on vast datasets of code, for more precise identification and rectification of security…

2
GitLab

GitLab DevSecOps platform enables software innovation by aiming to empower development, security, and operations teams to build better software, faster. With GitLab, teams can create, deliver, and manage code quickly and continuously instead of managing disparate tools and scripts.…

3
PortSwigger Burp Suite

The Burp Suite, from UK-based alcohol-themed software company PortSwigger Web Security, is an application security and testing solution.

Explore recently added products

4
HCL AppScan

AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018. Appscan supports both dynamic (DAST) and static (SAST) application security testing.

5
Fortify by OpenText

An AppSec solution formerly from Micro Focus, spanning SCA, SAST and DAST that supports the breadth and management of any application portfolio, used to secure code. Features API discovery and testing for any application, throughout the software lifecycle.

6
Onapsis

Onapsis, headquartered in Boston, offers application security software to enterprises in the form of the Onapsis Security Platform for SAP and the Onapsis Security Platform for Oracle E-Business Suite.

7
Checkmarx

Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software delivered via the Checkmarx Software Security Platform. Individual modules and capabilities include Checkmarx Static Application Security Testing, Checkmarx Software Composition…

8
Acunetix by Invicti

AcuSensor from Maltese company Acunetix is application security and testing software.

9
Invicti

Invicti enables organizations in every industry to continuously scan and secure all of their web applications and APIs. Invicti provides a comprehensive view of an organization’s entire web application portfolio, and automation and integrations enable customers to achieve broad coverage…

10
Trustwave App Scanner (discontinued)

Chicago-based Trustwave offers the App Scanner suite of products, based on the "Hailstorm" technology acquired with the company Cenzic (March, 2014) for application security and testing. Trustwave App Scanner was dynamic application security testing (DAST) software that identifies…

11
Indusface Web Application Scanning

Indusface Web Application Scanner provides an application security audit to detect a range of high-risk Vulnerabilities, Malware, and Critical CVEs.

12
Mobile Security Framework (MobSF)

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with…

13
Intruder

Intruder, from Intruder Systems in London, is a cloud-based vulnerability scanner that finds cyber security weaknesses in digital infrastructure, to avoid costly data breaches.

14
Pentest-Tools.com

Pentest-Tools.com helps security teams run the key steps of a penetration test, without expert hacking skills. Headquartered in Europe (Bucharest, Romania), Pentest-Tools.com makes offensive cybersecurity tools and proprietary vulnerability scanner software for penetration testers…

15
Rapid7 AppSpider

AppSpider, from Boston-based Rapid7, is an application security and testing offering based on technology acquired from NT OBJECTives (their similarly named software NTOSpider, acquired with the company during April, 2015).

16
Sn1per Professional

Sn1per Professional is an offensive security platform that provides a comprehensive view of internal and external attack surface and offers an asset risk scoring system to prioritize, reduce, and manage risk. Sn1per Professional is used to discover the attack surface and continuously…

17
DerScanner
0 reviews

DerScanner is an application security tool used to identify vulnerabilities and backdoors using various analysis methods (SAST, DAST, SCA) and integrate with other tools for embedding in SSDLC. DerScanner supports static analysis that can check apps written in 36 programing languages.…

18
Probely
0 reviews

Probely is a cloud-based automated application security testing solution designed to empower Security and DevOps teams working together on a DevSecOps approach, built to reduce risk across web applications and RESTful APIs. Probely empowers Security and DevOps or Development teams…

19
Crashtest Security

The Crashtest Security Suite is a web application and API vulnerability scanner. The software provides fully automated security testing for the whole web application portfolio. The vendor describes their solution as detailed, accurate and easy to implement.

20
StackHawk
0 reviews

StackHawk is a solution designed to make it simple for developers to find, triage, and fix application security bugs, from the company of the same name headquartered in Denver. Scan an application for AppSec bugs in the code, triage and fix with provided documentation, and automate…

21
Mister Scanner

Mister Scanner is presented as an un-complicated vulnerability scanner, by the small company of the same name in Bengaluru, providing XSS, SQL Injection, CSRF, and 3100+ Other Tests of websites and web applications.

22
BlueClosure
0 reviews

BlueClosure, from Italy-based Minded Security, offers realtime dynamic data tainting protection, that can analyse any codebase written with JavaScript frameworks like Angular.js, jQuery, Meteor.js, React.js, etc.

23
Mobix
0 reviews

Mobix is a SaaS mobile application testing platform that reduces application analysis costs and time, making tests creation and finding vulnerabilities effortless. Mobix's unique characteristics include: Non-invasive tool, which augments existing SDLC (Software Development Life…

24
Hdiv Detection (IAST)

Hdiv Detection, from Hdiv Security in San Sebastián, detects security bugs in the source code before they are exploited, using a runtime dataflow technique to report the file and line number of the vulnerability. Security issues are reported to security teams in real-time, according…

25
Beyond Security beSTORM

Beyond Security offers beSTORM, a tool used to discover code weaknesses and certify the security strength of any product without access to source code. The vendor states users can test any protocol or hardware with beSTORM, even those used in IoT, process control, automotive and…

Learn More About Dynamic Application Security Testing (DAST) Tools

What are Dynamic Application Security Testing (DAST) Tools?

Dynamic application security testing (DAST) tools are used by web application developers and IT security professionals to identify external security vulnerabilities. These automated black-box testing tools simulate threats and attacks that could be initiated by hackers and other bad-actors. A DAST tool can scan an application independently from its underlying technology, internal architecture, design, and programming language.

The tools conduct penetration testing when the application is running and typically test the HTTP and HTML interfaces of web applications. The tools can simulate attacks such as SQL injection, cross-site scripting or create customized threats specific to an application, and its product or service.

They can trace penetrations and exploits to their sources. This dynamic testing occurs throughout the lifecycle of an application as new threats and vulnerabilities evolve. DAST tools are also known as web scanners.

DAST vs. Static and Interactive Application Security Testing

DAST tools simulate external threats when the application is running and identify the source of the vulnerability. It is closely related to Static Application Security Testing (SAST) and Interactive Application Security Testing (IAST) tools, but test applications using different methods.

Static Application Security Testing (SAST), white-box tools, are used when the application is at rest It complements DAST by evaluating the internal vulnerabilities of a web application, using code analyzers to identify potential vulnerabilities that might be exploited. It analyzes the entire code base.

Interactive Application Security Testing (IAST) analyzes an application's internal code as specific functionality is being tested while it is up and running. It is able to pinpoint the vulnerable code.

These tools work together and are used in tandem to provide more comprehensive security testing.


Dynamic Application Security Testing (DAST) Tools Features

Leading Dynamic Application Security Testing Tools should have most or all of the following features:

  • Test applications in their operational state
  • Perform external black-box security tests
  • Crawler, asset discovery and monitoring
  • Vulnerability detection
  • Trace penetrations and exploits to their sources
  • Testing automation, continuous testing
  • Manual testing
  • Compliance testing
  • Issue tracking, reporting and analytics
  • SDLC integration

Dynamic Application Security Testing (DAST) Tools Comparison

Considerations when purchasing dynamic application security testing tools include:

  • Coverage: DAST tools are only one component of establishing web application security. DAST tools should be used as a part of a comprehensive security testing stack rather than a stand-alone solution. Working with other tools such as SAST will provide more comprehensive coverage. Some vendors offer products and services that combine those functions.

  • SDLC Integration: How well and easily can each tool integrate with the organization’s existing software development life cycle? Consider current QA processes and tools, and whether each DAST option would interfere with or complement existing systems in the SDLC.

Start a DAST tools comparison here


Pricing Information

Pricing can be based upon the number of users, the number of scans, the size of the application and the features offered. Costs range from $50 to over $400 a month per user. On premise installations begin at $2,000. Vendor quotes are recommended for enterprise level products. Some vendors offer limited testing services for free as an introduction to their product.


Related Categories

Frequently Asked Questions

What do Dynamic Application Security Testing (DAST) Tools do?

Dynamic application security testing (DAST) tools simulate threats and attacks against web applications to identify external security vulnerabilities. Penetration testing takes place when the application is running in its production state. The tools can trace the exploits back to their sources.

What are the benefits of using Dynamic Application Security Testing (DAST) Tools?

Dynamic Application Security Testing tools' benefits include:

  • Cost savings and risk reduction
  • Helps prevent exploitation of eCommerce applications
  • When used in the software development lifecycle saves time and money
  • Consistent security monitoring
  • Continuous, automated scanning for new attacks and vulnerabilities
  • Simulates realistic threats and attacks
  • Discovers vulnerabilities not found in source code
  • Flexibility, scalability
  • Customizable testing options
  • Evaluates how traffic and usage impacts vulnerabilities
  • Assists with compliance and regulatory reporting


How much do Dynamic Application Security Testing (DAST) Tools cost?

Pricing by user ranges from $50 to over $400 a month. Other pricing models consider the number of scans, the size of the application or features offered. Vendor quotes are recommended for enterprise level products. Some vendors offer limited testing services for free as an introduction to their product.