Best Dynamic Application Security Testing (DAST) Tools include:
Dynamic Application Security Testing (DAST) Tools Overview
Application Security Testing is a key element of ensuring that web applications remain secure. Various tools and managed services exist to provide continuous testing, besides application security platforms that include app testing as part of their functionality. Dynamic Application Security Tests (DAST) scans applications for vulnerabilities while they are running or in production, simulating real life conditions.
Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix security defects.
Vulnerability management specialist Tenable offers their cloud application and container security platform Tenable.io, a vulnerability management tool that emphasizes visibility of web applications, automatic scanning, and a unified view of cloud infrastructure and possible inconsistencies indicatin…
Netsparker, from the UK company of the same name (formerly Mavituna Security, named for CEO Ferruh Mavituna), is an application security and testing platform.
Chicago-based Trustwave offers the App Scanner suite of products, based on the "Hailstorm" technology acquired with the company Cenzic (March, 2014) for application security and testing. Trustwave App Scanner was dynamic application security testing (DAST) software that identifies vulnerabilities in…
Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software delivered via the Checkmarx Software Security Platform. Individual modules and capabilities include Checkmarx Static Application Security Testing, Checkmarx Software Composition Analysis, C…
AcuSensor from Maltese company Acunetix is application security and testing software.
AppSpider, from Boston-based Rapid7, is an application security and testing offering based on technology acquired from NT OBJECTives (their similarly named software NTOSpider, acquired with the company during April, 2015).
AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018. Appscan supports both dynamic (DAST) and static (SAST) application security testing.
Micro Focus Fortify on Demand (formerly HP Fortify on Demand) is an application security and testing platform acquired by Micro Focus from Hewlett-Packard Enterprise. The security as a service supplies dynamic (DAST) and static (SAST) application testing, as well as source code analysis powered by S…
Rapid7 offers InsightAppSec, a dynamic application security testing (DAST) solution, that automatically assess modern web apps and APIs with(according to the vendor) fewer false positives and missed vulnerabilities.
Beyond Security offers beSTORM, a tool used to discover code weaknesses and certify the security strength of any product without access to source code. The vendor states users can test any protocol or hardware with beSTORM, even those used in IoT, process control, automotive and aerospace.
Synopsys Seeker is presented by the vendor as an IAST solution with active verification and sensitive-data tracking for web-based applications, which the vendor states is more accurate than traditional DAST solutions.
Data Theorem headquartered in Palo Alto provides application security, with a mission to analyze and secure any modern application anytime, anywhere. The Data Theorem Analyzer Engine continuously scans APIs and mobile applications in search of security flaws and data privacy gaps, providing dynamic …
The Crashtest Security Suite is a web application and API vulnerability scanner. The software provides fully automated security testing for the whole web application portfolio. The vendor describes their solution as detailed, accurate and easy to implement.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code …
Contrast Security headquartered in Los Altos provides Interactive Application Security Testing (IAST) via Contrast Assess, which works by deploying an intelligent agent that instruments the application with smart sensors to analyze code in real-time from within the application.
Micro Focus offers Fortify WebInspect, a DAST tool designed to allow users to find and fix exploitable web application vulnerabilities with automated dynamic application security testing.