17 Best DAST Tools [2022]

If you want to see the best DAST tools in one place, then you'll LOVE this guide.

I will list and review all popular web application vulnerability scanners and keep them updated.

And you can filter through the list to find the best DAST scanner for you.

Check it out:

DAST Tools

It has been in the market since 2005 and is still popular in the penetration testing community because it is fast and easy to use. You can quickly scan your websites and API's with a few clicks, and you don't need to be a cyber security engineer.

Cool features: You can install AcuSensor (IAST module) and tap into grey-box scanning. It supports Node.js, PHP, Java (+ Spring framework), and ASP.NET. Also, OpenVAS integration is available if you are interested in having network security scan results in the same report.

Platform Support: Cloud / On-premise (Windows, Linux, Mac)

Official Website: https://www.acunetix.com

AppCheck is a  popular DAST tool from the United Kingdom. It started as an internal tool in  SEC-1 (part of Claranet Group now), and now it has customers worldwide.

Official Website: https://appcheck-ng.com/

If you’re serious about penetration testing, you need to use Burp Suite. It has a free Burp Suite Community Edition license as well.

Cool features: Fully customizable scanning architecture, ideal for manual penetration testing, great extension marketplace (Bapp Store)

Platform Support: Windows, Linux, Mac

Official Website: https://portswigger.net/

A nifty application security scanning tool from Sweden. It is budget-friendly with a monthly subscription option for €80 per target.

Official Website:

WebInspect is a well-established application security scanning tool. It was acquired by Micro Focus in 2017.

*Gartner Magic Quadrant 2021 – Leaders

In 2019, IBM AppScan was acquired by HCL Technologies and re-branded to HCL AppScan. Therefore, it needs to be on your list if you are looking for one-for-all; SAST, DAST, IAST, SCA and Mobile security testing. 

*Gartner Magic Quadrant 2021 – Visionaries

It is the DAST part of Rapid7's security platform. It was founded in 2000 and listed in NASDAQ now. InsightAppSec lives up to its name.

An effortless web application scanner is the slogan of Intruder. User-friendly interface and has monthly payment option starting from €84 per target.

Official Website:

*Gartner Magic Quadrant 2021 – Niche Players

An application security scanner to manage web security in scale. Netsparker has more than 40 integrations, and you should check if you are looking for integration into SDLC.

Official Website: https://www.netsparker.com

It is the most popular open-source dynamic application scanner in the market, without a doubt. Also, there are some popular services built on ZAP, such as StackHawk and GitLab Ultimate.

Official Website: https://www.zaproxy.org/

An easy to use and CI/CD focused DAST tool from Portugal. It has a free option for basic scans (Security headers, Cookie flags and TLS) and a Starter plan of €39 per month. 

Official Website: https://probely.com/

Qualys is a robust web application security scanning tool. It is entirely cloud-based and has advantages if you are already a member of Qualys Cloud Platform.

*Gartner Magic Quadrant 2021 – Challengers

Sentinel Dynamic is a DAST tool combined with a manual testing service. WhiteHat Security was renamed as NTT Application Security recently.

Syhunt Dynamic is the DAST element of the Syhunt security scanning platform. It has been in the market since 2003, and its headquarter is in Rio de Janeiro, Brazil.

*Gartner Magic Quadrant 2021 – Leaders

Synopsys has acquired Tinfoil Security in 2020 and expand DAST capabilities with it.

Tenable is the web application security part of Nessus. It is a cloud-based end-to-end vulnerability management solution.

Veracode offers a complete application security platform, and it is famous for the SAST tool as well.

Anything I Missed?

So those are my favorite free DAST tools.

And now I’d like to hear from you:

Are there any tools that you love… but didn’t see on this list?

Or maybe you have a question.

Either way, let me know by leaving a comment below right now.

We will be happy to hear your thoughts

Leave a reply

AppSec Santa