Application Security Testing (AST) Reviews and Ratings

What are application security testing (AST) software?

Gartner defines the Application Security Testing (AST) market as the buyers and sellers of products and services designed to analyze and test applications for security vulnerabilities. Gartner identifies four main styles of AST: (1) Static AST (SAST) (2) Dynamic AST (DAST) (3) Interactive AST (IAST) (4) Mobile AST. The above technology approaches can be delivered as a tool or as a subscription service. Many vendors offer both options to reflect enterprise requirements for a product and service.

Products In Application Security Testing (AST) Market

"Long time customer, familiar with current capabilities and new features, value the product"

We've been a customer for four years, great suite of product options, and amazing service/support. Whenever we have a problem or a question, vendor has been available for us via meeting. Consult us when changes are made to their platform before making them. Turnover of Veracode personnel has not impact their ability to execute.

Read reviews

"Great product, and great company!"

We are a new Checkmarx customer, but our experience so far has been nothing but positive. Cx has been very helpful during the POC, and they haven't let us down once we decided to buy the product, CxSAST. They are quick to anwser and are very knowledgeable. They supported us before the installation & deployment, to properly plan the required resources (for an on-prem installation), during the installation (which they do with the customer), and after, once everything is installed, to address whatever problem we had. They also offer have the Professional Services team that are there to help address needs that are specific to each organization.

Read reviews

"Excellent security skills and capabilities through use of Burpsuite!"

Very useful tool for security testing of Applications and APIs, overall effective and easily operable features of the application for faster scanning with automation and also manual testing by payloads and passive test analysis.

Read reviews

"Great product that meets our needs, excellent customer success and support teams"

Does what we need in providing independent scanning of our application for our internal usage (development and operations), distribution to our customers, for audits, and for regulatory compliance.

Read reviews

"Improved security and risk management, Easy configuring and detailed reports."

This has been very useful application for vulnerability reporting and tracking for web applications, mostly internal applications. The scan results are very useful and so far has been reported quite a number of issues and vulnerabilities in the application. Overall security of the system has been improved.

Read reviews

"One of the good solutions for web developers"

With Acunetix, we can scan our products for vulnerabilities with every release. It has an extensive scan module and scheduler. In last versions were improved software composition analysis.

Read reviews

"Very useful and interesting, I am impressed."

This is a very useful tool, pleasure to work with. We're still experimenting but have already integrated CS Agents into CI/CD and started to gather the data and follow up routinely. There're many findings right away, although some minor, but I would not call those false-positives or not-a-problem - everything reported is quite informative, useful, definitely helps improve our product and dev process in the nearest future. Contrast provides an excellent support and guidance to our team. I'd like to personally thank their sales representatives for their great work!

Read reviews

"Netsparker, a best DAST tool for beginners to Expert"

The deployment and integration are very easy and do not require heavy infrastructure. It can be installed like any other software even on your laptop. User-friendly tool, In-depth knowledge is not required, it can be handled and operated by less technical. The Proof based report makes it less false positive, which is the very best about the Netsparker tool predefined scan policies and templates for ease in scanning and takes EXCELLENT support team, First time when I was new to Netsparker, their support team help me a lot to understand its functionality. Netsparker includes numerous vulnerability points to test and work on. Netsparker has a selection of workflows and integration tools.

Read reviews

"The reliable security partner with less maintenance"

We have been using this product for the past year, I am now confident of the product's capabilities. We are completely relying on it for risk management and improving the compliance of our system.

Read reviews

"Best IDE support ever in a SAST solution that you can get in market today"

Fortify Static code analyzer and its plugins are really outstanding compared to other solution. Fortify easily integrates into Visual Studio, code, eclipse, intelliJ and Android Studio. Fortify offers security assistant which scans the code in realtime when we write. Its a cool feature that every developer would appreciate. Fortify's also integrate with Github to run commit based scans which helps automation greatly. One major feature that every SAST tool should have is to provide analysis trace of vulnerabilities. Fortify provides an outstanding analysis trace of vulnerabilities throughout the code base for every identified issue. Fortify software security centre has been a central platform that allows us to manage every issue identified by the scanner. It also allows use to collaborate with security team to share ideas and thoughts between us.

Read reviews

"AppScan is an invaluable part of our SDLC process for DAST and SAST scanning."

As part of our maturity in development, we like to include DAST/SAST testing for every release. AppScan has helped us find vulnerabilities which has changed our SDLC and development processes/training. We have found the tool to invaluable. Furthermore, the account and support teams have been extremely helpful and cooperative from sales through ongoing maintenance and support.

Read reviews

"Great DevOps platform with continuous integration and deployments."

Very reliable application for development and great experience in agile devops of the critical applications. Easier setup implementation and quick support for any related issues. Improved security from the development stage by various features and secure coding practices with project plannings.

Read reviews

"A technically excellent product that substantially improves our software"

Synopsys provides a technically excellent product that delivers in-depth analysis results in a way that developers can understand. They back that up with effective and professional tech support. We can usually resolve any problems using internal resources, but when we reach out to tech support we usually have solutions within 48 hours. Synopsys has been very willing to work with us on suitable licensing terms and has a history of implementing our suggestions for improvements. Improvements in the product are significant from release to release, with multiple new languages and support for new security standards like the SEI CERT rules in the past few years.

Read reviews

"Exceptional support team. Product is solid but needs to modernize."

Overall, it does what we need it to do. Not exceptional, but better than average. What I like most about Fortify is actually the support team. They are always friendly, very responsive, and eager to help however they can. The product itself does do what it needs to (scan code/apps, come back with list of potential security issues) and scans do run quicker than those of some competitors (we saw 10x reduction in average scan times coming from previous vendor). The web UI, API, and dashboards could use a good dose of modernization.

Read reviews

"Great for OS Library Scanning to mitigate security, operational and license risks"

One of the top product in the SCA space, and is easy to integrate with our CI Pipelines. Blackduck has sufficient and necessary training materials for the development team to quickly understand the tool, approach of scans and addressing false positives!

Read reviews

"GitHub Advanced Security: A quality solution that is integrated and automated"

The GitHub Advanced Security suite provides an excellent dependency/vulnerability scanning, secret scanning, and static analysis experience. Arguably, the best part is that it is fully integrated with the VCS you are already using, and automating the processes takes little to no effort.

Read reviews

"Rough Install but great Product overall and excellent customer service"

Klocwork has been great, especially the support team they always helped me quickly and efficiently. Getting Klocwork installed was the most time consuming. There is a step by step list that is provided, which definitely helped, but I think a video that can do a walk through of getting everything set up would have been more helpful and saved a lot of time. Overall, Klocwork is an amazing tool that is extremely easy to use (after set up) and saves a lot of time and money if you incorporate it into your projects in the beginning. I would definitely recommend this program to anyone in the software development industry.

Read reviews

"A highly customisable SaaS solution that suits business without big Cybersecurity team"

ImmuniWeb provides a highly customisable solution that monitors our asset 24/7 and the customer support replies very quick before and after sale. The sales process is smooth and the sales team synced with their tech team seamlessly and recommend the hybrid solution instead of the most expensive solution. And eventually the price is lower than we expected. Hope it support SAST and network pentesting in the future.

Read reviews

"High degree of Accuracy and Great findings "

We use the Webinspect dynamic scanner in our QA cycle for automating security scans. Its a tool that simulate real hacker scenarios to identify the weak points in the application code. Although it does not exploit the vulnerability which makes it a very good and reliable security scanner to use. It has the capability of scanning Web apps, APi both Rest and SOAP which is something that's best suited for our environment and our requirement. Simplicity in automation of scanning using selenium scripts allows us to automate the scanning during our test cycle. We use ALM and QC for integration testing.

Read reviews

"Great first year and looking forward to future!"

We've had a great year with WhiteHat. The company migrated from yearly testing to continuous DAST and SAST and release based mobile testing. We have seen immediate results from our efforts and are working towards point remediation. Our next step is to shift left and get SDLC integration and some maturity under our belt. Whitehat has been a great partner through it all. Having been through several AppSec programs our partnership with Whitehat has led to immediate results with the least amount of complexity.

Read reviews
Products 1 - 20