Top 8 Application Security Testing (AST) Tools
VeracodeCheckmarxPortSwigger Burp Suite ProfessionalMicro Focus Fortify on DemandGitLabOWASP ZapContrast Security AssessAcunetix by Invicti
There is a single area on the dashboard where you can get a full view of all of the tests and the results from everything. There is a nice, very simple graphic that shows you the types of vulnerabilities that were found, their severity, the scoring, and in what part of the code they were found. All the details are together in one place.
The solution is scalable, but other solutions are better.
The solution has good performance, it is able to compute in 10 to 15 minutes.
We use the solution for vulnerability assessment in respect of the application and the sites.
The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well.
There is not one feature we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do. We were working with a different solution called SolarCloud previously and it was limited. We are trying to find the right level of security for our needs.
GitLab integrates well with other platforms.
We like that we can have an all-encompassing product and don't have to implement different solutions.
It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display).
They offer free access to some other tools.
The solution is very accurate in identifying vulnerabilities. In cases where we are performing application assessment using Contrast Assess, and also using legacy application security testing tools, Contrast successfully identifies the same vulnerabilities that the other tools have identified but it also identifies significantly more. In addition, it has visibility into application components that other testing methodologies are unaware of.
There is a lot of documentation on their website which makes setting it up and using it quite simple.
Overall, it's a very good tool and a very good engine.
Advice From The CommunityRead answers to top Application Security Testing (AST) questions. 564,322 professionals have gotten help from our community of experts.
Hi peers, I believe many of you have already heard of the recent Log4j/Log4Shell vulnerability that allows attackers to perform remote code execution (RCE). What does it mean for an organization? How can you check you're vulnerable and mitigate/patch it now, if at all? Lastly, what impact do you see this can have in the near future? Thanks
I'm choosing an Application Security Testing platform. My use cases are as follows: SAST DAST Component Scanning Vulnerability auditing Mitigation What product/solution would you recommend and why?
Hi, Many companies wonder whether SAST or DAST is better for application security testing. What are the relative benefits of each methodology? Is it possible to make use of both?
What are the different types of tools that should be used together in DevSecOps? What are the specific tools that you like to use when working on your DevSecOps pipeline? What is essential, and what is a nice-to-have?