Top 8 Application Security Testing (AST) Tools
VeracodeCheckmarxPortSwigger Burp Suite ProfessionalMicro Focus Fortify on DemandGitLabOWASP ZapContrast Security AssessAcunetix by Invicti
The visibility into application status helps reduce risk exposure for our software. Today, any findings provided by the DAST are reviewed by the developers and we have internal processes in place to correct those findings before there can be a release. So it absolutely does prevent us from releasing weak code.
It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security.
We use the solution for vulnerability assessment in respect of the application and the sites.
The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well.
Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning.
We like that we can have an all-encompassing product and don't have to implement different solutions.
GitLab is very useful for pipelines, continuous integration, and continuous deployment. It is also stable.
It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display).
They offer free access to some other tools.
The solution is very accurate in identifying vulnerabilities. In cases where we are performing application assessment using Contrast Assess, and also using legacy application security testing tools, Contrast successfully identifies the same vulnerabilities that the other tools have identified but it also identifies significantly more. In addition, it has visibility into application components that other testing methodologies are unaware of.
There is a lot of documentation on their website which makes setting it up and using it quite simple.
Overall, it's a very good tool and a very good engine.
Advice From The CommunityRead answers to top Application Security Testing (AST) questions. 542,029 professionals have gotten help from our community of experts.
Hi, Many companies wonder whether SAST or DAST is better for application security testing. What are the relative benefits of each methodology? Is it possible to make use of both?
What are the different types of tools that should be used together in DevSecOps? What are the specific tools that you like to use when working on your DevSecOps pipeline? What is essential, and what is a nice-to-have?
I'm choosing an Application Security Testing platform. My use cases are as follows: SAST DAST Component Scanning Vulnerability auditing Mitigation What product/solution would you recommend and why?