DOMdig is a free Dynamic Application Security Testing tool. Security professionals most commonly compare it with Rexsser, Xss-Sql-Fuzz. All 48 alternatives are matched by shared capabilities, tags, and NIST CSF 2.0 coverage.
A closer look at the 8 most relevant alternatives and competitors to DOMdig, including their key features and shared capabilities.
A Burp Suite plugin that extracts keywords from HTTP responses using regex patterns and tests for reflected XSS vulnerabilities within the target scope.
A Burp Suite plugin for automatically adding XSS and SQL payload to fuzz
DAST tool for scanning web apps, microservices, and APIs for vulnerabilities
Black box fuzzer and DAST tool for testing application security
Dynamic application security testing tool for runtime vulnerability detection
DAST tool that scans live web apps to detect vulnerabilities in real-time
Web app vulnerability scanner with continuous scanning and authenticated testing
DAST scanner for Single Page Applications using headless browser technology
A Burp Suite plugin that extracts keywords from HTTP responses using regex patterns and tests for reflected XSS vulnerabilities within the target scope.
A Burp Suite plugin for automatically adding XSS and SQL payload to fuzz
DAST tool for scanning web apps, microservices, and APIs for vulnerabilities
Black box fuzzer and DAST tool for testing application security
Dynamic application security testing tool for runtime vulnerability detection
DAST tool that scans live web apps to detect vulnerabilities in real-time
Web app vulnerability scanner with continuous scanning and authenticated testing
DAST scanner for Single Page Applications using headless browser technology
DAST tool for detecting web app vulnerabilities like SQL injection and XSS
DAST tool for scanning web apps and APIs for OWASP Top 10 vulnerabilities
DAST scanner for web apps & APIs with automated vuln detection & remediation
DAST solution for mobile and web app security testing and vulnerability scanning
AI-driven automated security testing using fuzzing and symbolic execution
Custom blockchain fuzz testing service with bespoke harnesses & CI integration.
A tool to find XSS vulnerabilities in web applications
ConDroid is a concolic execution framework for Android applications that automates dynamic analysis by driving execution to specific code locations without manual interaction.
w3af is an open source web application security scanner that identifies over 200 types of vulnerabilities including XSS, SQL injection, and OS commanding in web applications.
DOMPurify is a fast XSS sanitizer for HTML, MathML, and SVG.
Introspy-Android is a dynamic analysis framework that hooks Android APIs at runtime to monitor application behavior and identify security vulnerabilities on rooted devices.
A Java based HTTP/HTTPS proxy for assessing web application vulnerability with various useful features.
Web-application vulnerability scanner with extensive coverage of security testing modules.
A web security tool that scans for vulnerabilities and known attacks.
A fast and simple DOM based XSS vulnerability scanner
Femida is a Python automation tool that integrates with Burp Suite to detect blind XSS vulnerabilities in web applications through HTTP request analysis.
Node.js Goof is a vulnerable Node.js demo application containing multiple security vulnerabilities for testing and educational purposes.
EvoMaster is an AI-driven tool that automatically generates system-level test cases for web APIs and enterprise applications using evolutionary algorithms and dynamic program analysis.
Managed web app security scanning service covering OWASP Top 10 vulnerabilities
AI-enhanced web app vulnerability scanner with zero false-positive SLA
DAST platform for API and web app security testing with business logic focus
AppSec platform with API discovery, CI/CD-native DAST, and risk oversight
Application monitoring and security platform that provides runtime visibility, threat detection, and automated response capabilities for application-layer security
DAST platform for web app & API vulnerability scanning with AI-enabled features
Cloud-based DAST solution for web app & API security with AI-powered scanning
AI-powered AppSec platform for DAST, IAST, API security with auto-remediation
An enterprise-scale dynamic application security testing (DAST) platform that provides automated vulnerability scanning and security assessment for web applications.
ImmuniWeb® On-Demand is a web application penetration testing platform that combines AI-powered automation with manual security testing to provide comprehensive vulnerability assessments and compliance reporting.
DAST tool for automated web app and API vulnerability scanning and testing
Enterprise DAST solution for runtime app and API security testing
AI-powered agent for automated security reviews and penetration testing
DAST scanner that identifies web app vulnerabilities and attack surfaces
Runtime application security library blocking zero-days & OWASP Top 10 attacks
AI-driven DAST tool for automated vulnerability testing of web applications
AI-powered DAST tool for business logic security testing of web apps and APIs
GraphQL-native DAST tool for security testing GraphQL applications
AI-powered DAST scanner for web app vulnerability detection with zero false positives
AI-powered AppSec platform for DAST, IAST, and API security testing
Common questions security professionals ask when evaluating alternatives and competitors to DOMdig.
The most popular alternatives to DOMdig include Rexsser, Xss-Sql-Fuzz, VulnSign Dynamic Application Security Testing, Fortra BeSTORM, and Mend DAST. These Dynamic Application Security Testing tools offer similar capabilities and are frequently compared by security professionals evaluating their options.
