As of May 2026, there are 19 SaaS companies in Dynamic Application Security Testing (DAST) Software. They have combined revenues of $147.2M and employ 1.3K people. They have raised $25.7M and serve 2.5K customers combined.
Dynamic Application Security Testing (DAST) Software is a category of security testing tools designed to identify vulnerabilities in web applications and services while they are running. Unlike static application security testing, DAST assesses applications in real-time from an external perspective, simulating the behavior of potential attackers. This dynamic testing method helps organizations discover issues such as SQL injection, cross-site scripting, and other security weaknesses that could be exploited during operations. DAST tools are primarily used by security professionals and DevSecOps teams to ensure that applications are secured against external threats before they are deployed or while they are live. Common features of DAST software include security scanning, vulnerability detection, and reporting capabilities. These tools often integrate with development pipelines, allowing for continuous security monitoring and compliance throughout the application lifecycle.
Sorting: Highest -> Lowest
Showing 10 of 19 companies ranked by annual revenue.
Knutsford, Cheshire, United Kingdom
PortSwigger is a global leader in cybersecurity, specializing in web application security testing. They created Burp Suite, the leading toolkit for web application security testing.
San Rafael, California, United States
Bright Security is an AI -powered application security platform that integrates application security into SDLC.
Leuven, Belgium
Guardsquare offers the most complete approach to mobile application security on the market. Built on the open source ProGuard technology, Guardsquare’s software integrates seamlessly across the development cycle. From app security testing to code hardening to real-time visibility into the threat landscape, Guardsquare solutions provide enhanced mobile application security from early in the development process through publication. More than 975 customers worldwide across all major industries rely on Guardsquare to help them identify security risks and protect their mobile applications against reverse engineering and tampering.
Singapore, Singapore, Singapore
CREST Approved Penetration Testing in SE Asia. Mobile Application Security Testing Web Application Security Testing CLOUD Security Assessments API Security Testing Network Penetration Testing Red Teaming Phishing Campaigns
San Francisco, California, United States
Operator of a platform intended to offer offensive and defensive application security services. The company's platform ensures applications are safe from dangerous hacking threats that can destroy intellectual property and expose sensitive user information, enabling developers to focus on building great products by providing comprehensive and easy-to-use security services.
San Francisco, California, United States
Escape is the only DAST that works with your modern stack and tests business logic instead of missing headers. It fits right into your modern stack, supporting modern web frameworks, APIs, CI/CD, and Wiz without hassle. With Escape, you can: 1. Document all your APIs & Web Apps in minutes and enrich your inventory with seamless integrations. 2. Discover vulnerabilities even at a business logic level with our proprietary AI-powered algorithm. 3. Remediate issues efficiently with code snippets tailored to each framework
Denver, Colorado, United States
Developer of a security platform designed for DevOps teams. The company's platform is security software which continuously scans and documents vulnerabilities, enabling engineers to find and remediate security problems in development and production.
- The software must scan web applications in real-time for security vulnerabilities. - It must simulate attacks from an external perspective without requiring access to the source code. - Capable of identifying a range of vulnerabilities, such as SQL injection, cross-site scripting, and similar exploits. - Features should include automated reporting of discovered vulnerabilities and potential remediation guidance. - Not limited to static testing; must provide active assessment during application runtime.
Each Tuesday, we reverse-engineer a real SaaS company's revenue, profit, CAC, funnels, and its top growth tactic.
Sign up to access all features
Sign up with GoogleSign up with LinkedInAlready have an account? Log in
GetLatka is trusted by 200k+ founders, researchers, and marketers.
No contracts, cancel at any time
