Dynamic Application Security Testing Tools
Dynamic Application Security Testing (DAST) tools for dynamic application security testing that identify vulnerabilities in running web applications and APIs through automated scanning.
Browse 92 dynamic application security testing tools
FEATURED
USE CASES
ImmuniWeb® On-Demand is a web application penetration testing platform that combines AI-powered automation with manual security testing to provide comprehensive vulnerability assessments and compliance reporting.
An enterprise-scale dynamic application security testing (DAST) platform that provides automated vulnerability scanning and security assessment for web applications.
Black box fuzzer and DAST tool for testing application security
DAST tool for scanning web apps, microservices, and APIs for vulnerabilities
AI-powered AppSec platform for DAST, IAST, API security with auto-remediation
Cloud-based DAST solution for web app & API security with AI-powered scanning
DAST platform for web app & API vulnerability scanning with AI-enabled features
Application monitoring and security platform that provides runtime visibility, threat detection, and automated response capabilities for application-layer security
AppSec platform with API discovery, CI/CD-native DAST, and risk oversight
DAST platform for API and web app security testing with business logic focus
EvoMaster is an AI-driven tool that automatically generates system-level test cases for web APIs and enterprise applications using evolutionary algorithms and dynamic program analysis.
Akamai Client-Side Protection & Compliance is a security tool that monitors and protects against client-side threats on websites, aiding in PCI DSS v4.0 compliance.
DAST solution for web apps and APIs with automated scanning capabilities
Node.js Goof is a vulnerable Node.js demo application containing multiple security vulnerabilities for testing and educational purposes.
Jaeles is an automated web application testing tool that helps identify vulnerabilities and security issues through customizable testing scenarios.
A tool to find XSS vulnerabilities in web applications
Track postMessage usage with this Chrome Extension
A Burp Suite plugin for automatically adding XSS and SQL payload to fuzz
A Burp Suite plugin that extracts keywords from HTTP responses using regex patterns and tests for reflected XSS vulnerabilities within the target scope.
Femida is a Python automation tool that integrates with Burp Suite to detect blind XSS vulnerabilities in web applications through HTTP request analysis.
DOMdig is a DOM XSS scanner that uses static analysis, dynamic analysis, and fuzz testing to detect and exploit Cross-Site Scripting vulnerabilities in Single Page Applications.
A fast and simple DOM based XSS vulnerability scanner
Articles About Dynamic Application Security Testing
Tool roundups, buying guides, and strategic analysis from the CybersecTools resource library.
Dynamic Application Security Testing Tools FAQ
Common questions about Dynamic Application Security Testing tools, selection guides, pricing, and comparisons.
Use SAST during development to catch coding flaws early (SQL injection, XSS patterns in code). Use DAST to test running applications for runtime vulnerabilities that SAST cannot detect: authentication issues, session management flaws, server misconfigurations, and business logic vulnerabilities. A mature AppSec program uses both, with SAST in CI/CD and DAST in staging/pre-production.
Based on user ratings and community engagement on CybersecTools, the top-rated Dynamic Application Security Testing tools are:
Yes. Out of 24 dynamic application security testing tools listed on CybersecTools, 12 are free and 12 are commercial. Free tools work well for small teams, testing, and budget-conscious organizations. Commercial tools typically add enterprise features, dedicated support, and SLA guarantees.
