Dynamic Application Security Testing

AI-enhanced web app vulnerability scanner with zero false-positive SLA

ZeroThreat is a cloud-based DAST platform that provides automated penetration testing and vulnerability detection for web applications and APIs with AI-driven remediation guidance.

ImmuniWeb® On-Demand is a web application penetration testing platform that combines AI-powered automation with manual security testing to provide comprehensive vulnerability assessments and compliance reporting.

An automated security testing platform that performs AI-driven penetration testing and vulnerability assessment for web applications and APIs with compliance reporting capabilities.

Threatspy is an application security testing platform that enables developers and security teams to discover, analyze, prioritize, and remediate vulnerabilities in web applications and APIs through an automated end-to-end process.

A cloud-based DAST solution that discovers, inventories, and tests web applications and APIs for security vulnerabilities across diverse environments.

A Dynamic Application Security Testing (DAST) platform that provides automated security testing for web applications, APIs, and LLM-powered applications throughout the software development lifecycle.

An AI-powered application security platform that provides automated discovery, testing, and continuous monitoring of applications and APIs with minimal operational impact.

Application monitoring and security platform that provides runtime visibility, threat detection, and automated response capabilities for application-layer security

A DAST solution that performs automated security testing of APIs and web applications within development workflows and CI/CD pipelines.

WPMissionControl is a WordPress-focused security and uptime monitoring tool that offers continuous website checks, alerts, and malware cleanup services.

EvoMaster is an AI-driven tool that automatically generates system-level test cases for web APIs and enterprise applications using evolutionary algorithms and dynamic program analysis.

Akamai Client-Side Protection & Compliance is a security tool that monitors and protects against client-side threats on websites, aiding in PCI DSS v4.0 compliance.

Node.js Goof is a vulnerable Node.js demo application containing multiple security vulnerabilities for testing and educational purposes.

A tool to find XSS vulnerabilities in web applications

A tool to detect, manage and exploit Blind Cross-site scripting (XSS) vulnerabilities.

A fast and simple DOM based XSS vulnerability scanner

Dalfox is an open-source automated XSS scanner that provides customizable scanning profiles and detailed reporting for cross-site scripting vulnerability detection.

InQL is a Burp Suite extension for advanced GraphQL testing and vulnerability detection

DOMdig is a DOM XSS scanner that uses static analysis, dynamic analysis, and fuzz testing to detect and exploit Cross-Site Scripting vulnerabilities in Single Page Applications.

Femida is a Python automation tool that integrates with Burp Suite to detect blind XSS vulnerabilities in web applications through HTTP request analysis.

Jaeles is an automated web application testing tool that helps identify vulnerabilities and security issues through customizable testing scenarios.

A Burp Suite extension that automates XSS vulnerability detection and validation through custom payload generation and response analysis.

A better version of my xssfinder tool that scans for different types of XSS on a list of URLs.