AI Governance Tools AI Writing Assistants AutoML software Cloud GPU Providers Enterprise AI Agents Legal AI Software ML Model Monitoring Tools MLOps Platforms No code AI tool / software Serverless GPUs
Application Security Tools Dynamic Application Security Testing Tools Interactive Application Security Testing (IAST) Tools Software Composition Analysis (SCA) Tools Static Application Security Testing (SAST) Tools
Cloud Contact Center Solutions CRM Software Financial CRM Software Healthcare CRM Software Insurance CRM Software Retail CRM Software Social Customer Service Software
Customer Survey Software Data Annotation Services Data Collection Services Data Loss Prevention Software Data Security Posture Management (DSPM) Device Control Synthetic Data Generator
ITAM Software ITSM Software Microsegmentation Solutions Network Monitoring Tools Network Security Policy Management Tools RMM Software
AI Email Marketing Tools Antidetect Browsers for Social Media Email Marketing Platforms Email Marketing Analytics Solutions Email Servers Transactional Email Marketing Services
Accounts Payable AI Software AP Automation Software BPM Software Document Capture Software Intelligent Document Processing (IDP) Software Process Mining Software Process Modelling Software RPA Software
Instagram Scrapers Private Proxy Services Proxies for Web Data Residential Proxies for Web Data Scraping Tools for Linkedin Scraping Tools for Search Engines Social Media Scrapers TikTok Scrapers Web Scrapers Web Unblockers
Batch Scheduling Software Enterprise Job Scheduler Hybrid Cloud Job Scheduler Managed File Transfer Software Open Source Job Scheduler SAP Workload Automation Windows Job Scheduling Software Workload Automation Software
AGI Timing AI Bias AI Chip Makers AI Ethics AI in Email Marketing AI Usecases Datasets for ML Enterprise Generative AI Generative AI Applications Generative AI in Email Marketing Healthcare AI Use Cases LLM Evaluation Logistics AI Manufacturing AI Retrieval Augmented Generation Supply Chain AI
AP in ERP AP in Healthcare Blackbaud AP Automation Dynamics AP Automation NetSuite AP Automation Sage AP Automation
Dynamic Application Security Testing (DAST) DAST Pricing Penetration Testing Use Cases Software Testing Best Practices Vulnerability Management Automation
CRM AI CRM in Financial Services CRM in Retail CRM Pricing CRM Trends CRM Software Generative CRM No Code CRM Pharma CRM
Appen Alternatives Data Annotation Data Augmentation Data Augmentation Techniques Data Collection Methods DLP for LLMs Prolific Alternatives Proxy Prices Retail Audit Services Sentiment Analysis Datasets
Ecommerce Technology No Code RPA Open Source RPA Python RPA Python RPA Library Python RPA Tools RPA in Banking RPA Finance RPA Generative AI RPA In Procurement RPA Mac RPA Pricing RPA SAP RPA vs RDA RPA Web Scraping RPA Tools RPA Use Cases RPA Benefits UiPath Pricing
B2B Satisfaction Survey Healthcare Market Research Pollfish Alternatives Product Market Research Retail Market Research Survey Analysis Tools
Azure Scheduler Alternatives Control-M Alternatives Cron Alternatives JDE Scheduler & Its Alternatives Linux Job Scheduler & Its Alternatives SAP BTP Automation SAP Scheduler Alternative Task Scheduler Alternatives Visual Cron Alternatives
AGI Benchmark AI Agents AI Avatars AI Video Generators AI Search Engines Automatic Speech Recognition GPUs Hallucination Rates Image Recognition
AI Code Editors AI Coding Assistants AI Website Generators Design-to-Code Generators LLM Coding
Application security DLP
Handwriting recognition Invoice automation OCR Receipt automation
ITSM MFT RMM S3-Compatible Storage Serverless Functions
AI Blog Article Generators
Data Collection from Websites E-Commerce Scrapers Large-scale Web Data Collection Scraping Browsers SERP Scraper APIs Web Unblockers

DAST Tools

Author
Technical Reviewer
Researched by Altay Ataman
|
Technically reviewed by Adil Hafa
|
Last update: December 27, 2024

Dynamic application security testing (DAST) software helps businesses find vulnerabilities in web applications. +Show More

Dynamic application security testing (DAST) software helps businesses find vulnerabilities in web applications.

DAST tools are also known as black-box testing, which means tools don't have internal source code or application architecture; software uses the same methods that an attacker would use to find potential vulnerabilities.

Solutions need these capabilities to be classified as DAST software:

  • Detect vulnerabilities in web applications
  • Prioritize vulnerabilities
  • Reporting these vulnerabilities

Certain DAST software are focused on mobile apps but this is not a requirement to be part of this list.

If you’d like to learn about the ecosystem consisting of DAST Tools and others, feel free to check AIMultiple Cybersecurity.
How relevant, verifiable metrics drive AIMultiple’s rankings

AIMultiple uses relevant & verifiable metrics to evaluate vendors.

Metrics are selected based on typical enterprise procurement processes ensuring that market leaders, fast-growing challengers, feature-complete solutions and cost-effective solutions are ranked highly so they can be shortlisted.
Data regarding these metrics are collected from public sources as outlined in the “What are AIMultiple’s data sources?” section of this page.


There are 2 ways in which vendor metrics are processed to help prioritization:
1- Vendors are grouped within 4 metrics (customer satisfaction, market presence, growth and features) according to their performance in that metric.
2- Vendors that perform high in these metrics are ranked higher in the list.


The data used in each vendor’s ranking can be accessed by expanding the vendor’s row in the below list.
This page includes links to AIMultiple’s sponsors. Sponsored links are included in “Visit Website” buttons and ranked at the top of the list when results are sorted by “Sponsored”. Sponsors have no say over the ranking which is based on market data. Organic ranking can be seen by sorting by “AIMultiple” or other sorting approaches. For more on how AIMultiple works, please see the ethical standards that we follow and how we fund our research.

Software (31) Sources Market Leaders Insights Trends
Products Position Free Trial SIEM integrations Ticketing
Invicti logo

Invicti
Leader
Splunk
Built-in, Jira, ServiceNow
Visit
Website
Invicti is an automated application security testing solution. Enterprises secure thousands of websites and dramatically reduce the risk of attack thanks to Invicti's DAST + IAST scanning capabilities. Invicti automates web security organizations with complicated environments. Using Invicti, security teams can: - Automate security tasks - Gain visibility into all applications including lost, forgotten, or hidden apps - Automatically give developers rapid feedback that trains them to write more secure code with fewer vulnerabilities
Basis for Evaluation

We made these evaluations based on the following parameters;

Customer satisfaction
Average rating
4.56 / 5 based on ~200 reviews
Market presence
Company's number of employees
300-400 employees
Company's social media followers
20k-30k followers
Features
SIEM integrations
Splunk
Ticketing
Built-in
Jira
ServiceNow
OAuth 2.0 Integration
XSS Detection
SQL injection detection
GitLab logo

GitLab
Leader
-
Clickup, Jira, ServiceNow
GitLab is the most comprehensive AI-Powered DevSecOps platform that enables software innovation by empowering development, security, and operations teams to build better software, faster. With GitLab, teams can create, deliver, and manage code quickly and continuously instead of managing disparate tools and scripts. GitLab helps your teams across the complete DevSecOps lifecycle, from developing, securing, and deploying software. What makes us truly different? - Flexibility: Consume as a service or manage your own deployment - Cloud-Agnostic: Deploy anywhere with no vendor lock-in - No rip and replace: Scale to a platform approach at your own pace
Basis for Evaluation

We made these evaluations based on the following parameters;

Customer satisfaction
Average rating
4.36 / 5 based on 1k reviews
Market presence
Number of case studies
50-100 case studies
Company's number of employees
2k-3k employees
Company's social media followers
1m-2m followers
Features
Ticketing
Clickup
Jira
ServiceNow
OAuth 2.0 Integration
XSS Detection
SQL injection detection
Nessus logo

Nessus
Leader
IBM Security QRadar, MCafee ESM, RSA, Splunk
Built-in, Jira, ServiceNow
Built for security practitioners, by security professionals, Nessus products by Tenable are the de-facto industry standard for vulnerability assessment. Nessus performs point-in-time assessments to help security professionals quickly and easily identify and fix vulnerabilities, including software flaws, missing patches, malware, and misconfigurations - across a variety of operating systems, devices, and applications. With features such as pre-built policies and templates, customizable reporting, group “snooze” functionality, and real-time updates, Nessus is designed to make vulnerability assessment simple, easy, and intuitive. The result: less time and effort to assess, prioritize, and remediate issues.
Basis for Evaluation

We made these evaluations based on the following parameters;

Customer satisfaction
Average rating
4.60 / 5 based on ~400 reviews
Market presence
Company's number of employees
2k-3k employees
Company's social media followers
100k-1m followers
Total funding
$1-1bn
# of funding rounds
5
Latest funding date
July 29, 2020
Last funding amount
$250-500m
Features
SIEM integrations
IBM Security QRadar
MCafee ESM
RSA
Splunk
Ticketing
Built-in
Jira
ServiceNow
OAuth 2.0 Integration
XSS Detection
SQL injection detection
Company
Type of company
public
Founding year
2002
Burp Suite logo

Burp Suite
Leader
-
Built-in, Jira
PortSwigger Web Security is a global leader in the creation of software tools for the security testing of web applications. The software (Burp Suite) is well established as the de facto standard toolkit used by web security professionals. Burp Suite is used by more than 70,000 individuals at over 16,000 organisations, in over 160 countries. Used across the majority of industry sectors, in organisations both large and small. Burp Suite Professional is an advanced set of tools for finding and exploiting vulnerabilities in web applications - all within a single product. From a basic intercepting proxy to a cutting edge vulnerability scanner. Burp Suite can be used to test and report on a large number of vulnerabilities including SQLi, XSS and the whole OWASP top 10. PortSwigger pioneered out-of-band security testing (OAST) and Burp scanner was the first product to make OAST available out-of-the-box with zero configuration and to apply it to a wide range of vulnerability types. The Burp Suite Enterprise Edition enables businesses to secure their entire web portfolio with simple, scalable, scanning using the same cutting-edge Burp scanner technology. The Enterprise Edition performs recurring, scheduled scans across thousands of applications, with intuitive reporting dashboards, role-based access control and scan reports. It can provide out-of-the- box integration with ready made CI plugins, native Jira support and rich API's to enable security incorporation into existing software development processes.
Basis for Evaluation

We made these evaluations based on the following parameters;

Customer satisfaction
Average rating
4.70 / 5 based on ~100 reviews
Market presence
Company's number of employees
200-300 employees
Company's social media followers
100k-1m followers
Features
Ticketing
Built-in
Jira
OAuth 2.0 Integration
XSS Detection
SQL injection detection
Company
Type of company
private
Founding year
2008
InsightVM (Nexpose) logo

InsightVM (Nexpose)
Leader
MCAFEE ESM, SPLUNK
BUILT-IN, JIRA, SERVICENOW
InsightVM is Rapid7’s vulnerability risk management offering that advances security through cross-department clarity, a deeper understanding of risk, and measurable progress. By informing and aligning technical teams, security teams can remediate vulnerabilities and build Security into the core of the organization. With InsightVM, security teams can: Gain Clarity Into Risk and Across Teams Better understand the risk in your modern environment so you can work in lockstep with technical teams. Extend Security’s Influence Align traditionally siloed teams and drive impact with the shared view and common language of InsightVM. See Shared Progress Take a proactive approach to security with tracking and metrics that create accountability and recognize progress.
Basis for Evaluation

We made these evaluations based on the following parameters;

Customer satisfaction
Average rating
4.40 / 5 based on ~90 reviews
Market presence
Company's number of employees
3k-4k employees
Company's social media followers
100k-1m followers
Total funding
$250-500m
# of funding rounds
8
Latest funding date
June 26, 2024
Features
SIEM integrations
MCAFEE ESM
SPLUNK
Ticketing
BUILT-IN
JIRA
SERVICENOW
OAuth 2.0 Integration
XSS Detection
SQL injection detection
Company
Type of company
public
Founding year
2000
APPCHECK logo

APPCHECK
Challenger
-
-
-
Basis for Evaluation

We made these evaluations based on the following parameters;

Customer satisfaction
Average rating
4.60 / 5 based on ~60 reviews
Market presence
Company's number of employees
50-100 employees
Company's social media followers
5k-10k followers
Company
Type of company
private
Founding year
2009
Indusface WAS logo

Indusface WAS
Challenger
MCafee ESM, RSA, Splunk, Sumo Logic
-
Indusface WAS (Web Application Scanner) provides comprehensive managed dynamic application security testing (DAST) solution. It is a zero-touch, non-intrusive cloud-based solution that provides daily monitoring for web applications, checking for systems and application vulnerabilities, and malware. Indusface WAS with its automated scans & manual pentesting done by certified security experts ensures none of the OWASP Top10, business logic vulnerabilities, and malware go unnoticed. With zero false-positive guarantee and comprehensive reporting with remediation guidance, Indusface web app scanning ensures developers to quickly fix vulnerabilities seamlessly.
Basis for Evaluation

We made these evaluations based on the following parameters;

Customer satisfaction
Average rating
4.50 / 5 based on ~60 reviews
Market presence
Number of case studies
5-10 case studies
Company's number of employees
100-200 employees
Company's social media followers
10k-20k followers
Total funding
$5-10m
# of funding rounds
1
Latest funding date
April 23, 2020
Last funding amount
$5-10m
Features
SIEM integrations
MCafee ESM
RSA
Splunk
Sumo Logic
OAuth 2.0 Integration
XSS Detection
SQL injection detection
Company
Type of company
private
Founding year
2012
Veracode Application Security Platform logo

Veracode Application Security Platform
Challenger
-
Jira, ServiceNow
Veracode helps companies that innovate through software deliver secure code on time. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline,empower developers to fix security defects, and scales your program through best practices to achieve your desired outcomes. Veracode covers your all your AppSec needs in one solution through a combination of five analysis types available for 24 programming languages, 77 frameworks, and application types as varied as microservices, mainframe and mobile apps.
Basis for Evaluation

We made these evaluations based on the following parameters;

Customer satisfaction
Average rating
4.08 / 5 based on ~200 reviews
Market presence
Company's number of employees
400-1k employees
Company's social media followers
50k-100k followers
Total funding
$100-250m
# of funding rounds
7
Latest funding date
December 1, 2014
Features
Ticketing
Jira
ServiceNow
OAuth 2.0 Integration
XSS Detection
SQL injection detection
Company
Type of company
private
Founding year
2006
Appknox logo

Appknox
Challenger
-
JIRA
Basis for Evaluation

We made these evaluations based on the following parameters;

Customer satisfaction
Average rating
4.50 / 5 based on ~40 reviews
Market presence
Number of case studies
5-10 case studies
Company's number of employees
50-100 employees
Company's social media followers
5k-10k followers
Total funding
$1-1m
# of funding rounds
3
Latest funding date
August 16, 2016
Last funding amount
$1-1m
Features
Ticketing
JIRA
OAuth 2.0 Integration
XSS Detection
SQL injection detection
Company
Type of company
private
Founding year
2014
HCL AppScan logo

HCL AppScan
Challenger
IBM Security QRadar
Jira, ServiceNow
HCL AppScan is a comprehensive suite of market-leading application security testing solutions (SAST, DAST, IAST, SCA, API), available on-premises and on-cloud. These powerful DevSecOps tools pinpoint application vulnerabilities, allowing for quick remediation in every phase of the software development lifecycle. Fast and Accurate Scanning for Secure DevOps Developers and DevOps teams can quickly and accurately scan code, applications, and APIs for security vulnerabilities while applications are being developed. This allows companies to fix issues at the earliest stages of the software development lifecycle, when it is least costly to the business. Focus on the Fix Continuous monitoring with IAST, along with auto issue correlation with DAST and SAST scan results allows DevOps teams to group and prioritize findings for faster, more streamlined remediation. Enterprise Management for Security Teams Centralized, easy-to-use dashboards provide visibility and oversight of all security scanning and remediation, and allow users to set scan parameters and compliance policies.
Basis for Evaluation

We made these evaluations based on the following parameters;

Customer satisfaction
Average rating
3.95 / 5 based on ~80 reviews
Market presence
Company's number of employees
100k-1m employees
Company's social media followers
7m-8m followers
Features
SIEM integrations
IBM Security QRadar
Ticketing
Jira
ServiceNow
OAuth 2.0 Integration
XSS Detection
SQL injection detection

“-”: AIMultiple team has not yet verified that vendor provides the specified feature. AIMultiple team focuses on feature verification for top 10 vendors.

Sources

AIMultiple uses these data sources for ranking solutions and awarding badges in DAST tools:


27 vendor web domains
21 funding announcements
71 social media profiles
39 profiles on review platforms
22 search engine queries

DAST Leaders

According to the weighted combination of 4 metrics

GitLab logo
Nessus logo
Invicti logo
Burp Suite logo
InsightVM (Nexpose) logo

What are DAST
customer satisfaction leaders?

Taking into account the latest metrics outlined below, these are the current DAST customer satisfaction leaders:

GitLab logo
Nessus logo
Invicti logo
Burp Suite logo
Beagle Security logo

Which DAST solution provides the most customer satisfaction?

AIMultiple uses product and service reviews from multiple review platforms in determining customer satisfaction.

While deciding a product's level of customer satisfaction, AIMultiple takes into account its number of reviews, how reviewers rate it and the recency of reviews.

  • Number of reviews is important because it is easier to get a small number of high ratings than a high number of them.
  • Recency is important as products are always evolving.
  • Reviews older than 5 years are not taken into consideration
  • older than 12 months have reduced impact in average ratings in line with their date of publishing.

What are DAST
market leaders?

Taking into account the latest metrics outlined below, these are the current DAST market leaders:

GitLab logo
Nessus logo
Invicti logo
Burp Suite logo
Beagle Security logo

Which one has collected the most reviews?

AIMultiple uses multiple datapoints in identifying market leaders:

  • Product line revenue (when available)
  • Number of reviews
  • Number of case studies
  • Number and experience of employees
  • Social media presence and engagement
Out of these, number of reviews information is available for all products and is summarized in the graph:

GitLab
Nessus
Invicti
Veracode Application Security Platform
Beagle Security

What are DAST feature leaders?

Taking into account the latest metrics outlined below, these are the current rpa software feature leaders.

Nessus logo
InsightVM (Nexpose) logo
Indusface WAS logo
Invicti logo
GitLab logo

Which one offers the most features?

Nessus, InsightVM (Nexpose), Indusface WAS offer the most feature complete products.

See how features are counted.

Nessus
10 features
InsightVM (Nexpose)
8 features
Indusface WAS
7 features
Invicti
7 features
GitLab
6 features

What are the most mature DAST tools?

Which one has the most employees?

HCL Digital Experience logo
OpenText logo
Synopsys logo
Micro Focus logo
Rapid7 logo

Which DAST companies have the most employees?

214 employees work for a typical company in this solution category which is 191 more than the number of employees for a typical company in the average solution category.

In most cases, companies need at least 10 employees to serve other businesses with a proven tech product or service. 22 companies with >10 employees are offering dast tools. Top 3 products are developed by companies with a total of 200k employees. The largest company in this domain is HCL Digital Experience with more than 200,000 employees. HCL Digital Experience provides the DAST solution: HCL AppScan

HCL Digital Experience
OpenText
Synopsys
Micro Focus
Rapid7

Insights

What are the most common words describing DAST tools?

This data is collected from customer reviews for all DAST companies. The most positive word describing DAST tools is “Easy to use” that is used in 9% of the reviews. The most negative one is “Difficult” with which is used in 4% of all the DAST reviews.

What is the average customer size?

According to customer reviews, most common company size for DAST customers is 51-1,000 employees. Customers with 51-1,000 employees make up 38% of DAST customers. For an average Cybersecurity solution, customers with 51-1,000 employees make up 15% of total customers.

Customer Evaluation

These scores are the average scores collected from customer reviews for all DAST tools. DAST Tools are most positively evaluated in terms of "Overall" but falls behind in "Customer Service".

Overall
Customer Service
Ease of Use
Likelihood to Recommend
Value For Money

Where are DAST vendors' HQs located?

Trends

What is the level of interest in DAST tools?

This category was searched on average for 4.5k times per month on search engines in 2024. This number has decreased to 0 in 2025. If we compare with other cybersecurity solutions, a typical solution was searched 918 times in 2024 and this decreased to 0 in 2025.

Related Solutions