Dynamic Application Security Testing (DAST) Tools

Best Dynamic Application Security Testing (DAST) Tools include:

Micro Focus Fortify on Demand.

Dynamic Application Security Testing (DAST) Tools Overview

Application Security Testing is a key element of ensuring that web applications remain secure. Various tools and managed services exist to provide continuous testing, besides application security platforms that include app testing as part of their functionality. Dynamic Application Security Tests (DAST) scans applications for vulnerabilities while they are running or in production, simulating real life conditions.

Dynamic Application Security Testing (DAST) Products

(1-18 of 18) Sorted by Most Reviews

47 ratings
32 reviews
Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix security defects.
14 ratings
4 reviews
Vulnerability management specialist Tenable offers their cloud application and container security platform Tenable.io, a vulnerability management tool that emphasizes visibility of web applications, automatic scanning, and a unified view of cloud infrastructure and possible inconsistencies indicatin…
4 ratings
2 reviews
Netsparker, from the UK company of the same name (formerly Mavituna Security, named for CEO Ferruh Mavituna), is an application security and testing platform.
Trustwave App Scanner (discontinued)
2 ratings
1 reviews
Chicago-based Trustwave offers the App Scanner suite of products, based on the "Hailstorm" technology acquired with the company Cenzic (March, 2014) for application security and testing. Trustwave App Scanner was dynamic application security testing (DAST) software that identifies vulnerabilities in…
9 ratings
1 reviews
Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software delivered via the Checkmarx Software Security Platform. Individual modules and capabilities include Checkmarx Static Application Security Testing, Checkmarx Software Composition Analysis, C…
6 ratings
1 reviews
AcuSensor from Maltese company Acunetix is application security and testing software.
Rapid7 AppSpider
3 ratings
1 reviews
AppSpider, from Boston-based Rapid7, is an application security and testing offering based on technology acquired from NT OBJECTives (their similarly named software NTOSpider, acquired with the company during April, 2015).
HCL AppScan (formerly from IBM)
4 ratings
1 reviews
AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018. Appscan supports both dynamic (DAST) and static (SAST) application security testing.
Micro Focus Fortify on Demand
6 ratings
1 reviews
Micro Focus Fortify on Demand (formerly HP Fortify on Demand) is an application security and testing platform acquired by Micro Focus from Hewlett-Packard Enterprise. The security as a service supplies dynamic (DAST) and static (SAST) application testing, as well as source code analysis powered by S…
Rapid7 InsightAppSec
Rapid7 offers InsightAppSec, a dynamic application security testing (DAST) solution, that automatically assess modern web apps and APIs with(according to the vendor) fewer false positives and missed vulnerabilities.
Beyond Security offers beSTORM, a tool used to discover code weaknesses and certify the security strength of any product without access to source code. The vendor states users can test any protocol or hardware with beSTORM, even those used in IoT, process control, automotive and aerospace.
BlueClosure, from Italy-based Minded Security, offers realtime dynamic data tainting protection, that can analyse any codebase written with JavaScript frameworks like Angular.js, jQuery, Meteor.js, React.js, etc.
Synopsys Seeker Interactive Application Security Testing
Synopsys Seeker is presented by the vendor as an IAST solution with active verification and sensitive-data tracking for web-based applications, which the vendor states is more accurate than traditional DAST solutions.
Data Theorem
Data Theorem headquartered in Palo Alto provides application security, with a mission to analyze and secure any modern application anytime, anywhere. The Data Theorem Analyzer Engine continuously scans APIs and mobile applications in search of security flaws and data privacy gaps, providing dynamic …
Crashtest Security
The Crashtest Security Suite is a web application and API vulnerability scanner. The software provides fully automated security testing for the whole web application portfolio. The vendor describes their solution as detailed, accurate and easy to implement.
Mobile Security Framework (MobSF)
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code …
Contrast Assess
Contrast Security headquartered in Los Altos provides Interactive Application Security Testing (IAST) via Contrast Assess, which works by deploying an intelligent agent that instruments the application with smart sensors to analyze code in real-time from within the application.
Micro Focus Fortify WebInspect
Micro Focus offers Fortify WebInspect, a DAST tool designed to allow users to find and fix exploitable web application vulnerabilities with automated dynamic application security testing.