# Best Vulnerability Scanner Software *By [Lauren Worth](https://research.g2.com/insights/author/lauren-worth)* Vulnerability scanners continuously monitor applications and networks against an up-to-date database of known vulnerabilities, identifying potential exploits, producing analytical reports on the security state of applications and networks, and providing recommendations to remedy known issues. ### Core Capabilities of Vulnerability Scanner Software To qualify for inclusion in the Vulnerability Scanner category, a product must: - Maintain a database of known vulnerabilities - Continuously scan applications for vulnerabilities - Produce reports analyzing known vulnerabilities and new exploits ### Common Use Cases for Vulnerability Scanner Software Security and IT teams use vulnerability scanners to proactively identify and address weaknesses before they can be exploited. Common use cases include: - Running scheduled and on-demand scans of applications and network infrastructure for known CVEs - Generating prioritized vulnerability reports to guide remediation efforts - Testing application and network security posture as part of ongoing compliance and risk management programs ### How Vulnerability Scanner Software Differs from Other Tools Some vulnerability scanners operate similarly to [dynamic application security testing (DAST)](https://www.g2.com/categories/dynamic-application-security-testing-dast) tools, but the key distinction is that vulnerability scanners test applications and networks against known vulnerability databases rather than mimicking real-world attacks or performing penetration tests. DAST tools simulate attacker behavior to uncover runtime vulnerabilities, while scanners focus on identification and reporting of known weaknesses. ### Insights from G2 on Vulnerability Scanner Software Based on category trends on G2, continuous scanning and comprehensive vulnerability reporting stand out as standout capabilities. Faster identification of critical exposures and improved compliance readiness stand out as primary benefits of adoption. ## Category Overview **Total Products under this Category:** 219 ## Trust & Credibility Stats **Why You Can Trust G2's Software Rankings:** - 30 Analysts and Data Experts - 7,100+ Authentic Reviews - 219+ Products - Unbiased Rankings G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category. ## Best Vulnerability Scanner Software At A Glance - **Leader:** [Wiz](https://www.g2.com/products/wiz-wiz/reviews) - **Highest Performer:** [BugDazz API Scanner](https://www.g2.com/products/bugdazz-api-scanner/reviews) - **Easiest to Use:** [Wiz](https://www.g2.com/products/wiz-wiz/reviews) - **Top Trending:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews) - **Best Free Software:** [Wiz](https://www.g2.com/products/wiz-wiz/reviews) --- **Sponsored** ### Intruder Intruder is an exposure management platform for scaling to mid-market businesses. Over 3000 companies - across all industries - use Intruder to find critical exposures, respond faster and prevent breaches. Unifying Attack Surface Management, Vulnerability Management and Cloud security into one powerful, easy to use platform, Intruder simplifies the complex task of securing an ever-expanding attack surface. Recognizing no two business are alike, Intruder provides real-time, accurate scanning combined with intelligent risk prioritization, ensuring businesses focus on the exposures that are most relevant to them. And our proactive approach limits the window of risk, continuously monitoring for new threats while eliminating the noise that slows teams down. Whether you're an IT Manager, in DevOps or a CISO, Intruder's easy setup and context-driven approach will free you up to focus on exposures that cause real breaches, not just technical vulnerabilities. Keeping you one step ahead of attackers. [Try for Free](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&secure%5Bad_slot%5D=category_product_list&secure%5Bcategory_id%5D=1423&secure%5Bdisplayable_resource_id%5D=1423&secure%5Bdisplayable_resource_type%5D=Category&secure%5Bmedium%5D=sponsored&secure%5Bplacement_reason%5D=page_category&secure%5Bplacement_resource_ids%5D%5B%5D=1423&secure%5Bprioritized%5D=false&secure%5Bproduct_id%5D=27706&secure%5Bresource_id%5D=1423&secure%5Bresource_type%5D=Category&secure%5Bsource_type%5D=category_page&secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fvulnerability-scanner%3Fopen_modal_url%3D%252Fproducts%252Forca-security%252Fwishlists%253Fhost_path%253D%25252Fcategories%25252Fvulnerability-scanner%2526source%253Dcategory&secure%5Btoken%5D=1715c7d199e3776c1381ae1058c585a516074183887955eeecc3e07a4a0f149e&secure%5Burl%5D=https%3A%2F%2Fwww.intruder.io%2F%3Futm_source%3Dg2%26utm_medium%3Dp_referral%26utm_campaign%3Dglobal%7Cfixed%7Cg2_clicks_2025&secure%5Burl_type%5D=free_trial) --- ## Top-Rated Products (Ranked by G2 Score) ### 1. [Wiz](https://www.g2.com/products/wiz-wiz/reviews) Wiz transforms cloud security for customers – including more than 50% of the Fortune 100 – by enabling a new operating model. With Wiz, organizations can democratize security across the development lifecycle, empowering them to build fast and securely. Its Cloud Native Application Protection Platform (CNAPP) consolidates CSPM, KSPM, CWPP, Vulnerability management, IaC scanning, CIEM, DSPM into a single platform. Wiz drives visibility, risk prioritization, and business agility. Protecting Your Cloud Environments Requires a Unified, Cloud Native Platform. Wiz connects to every cloud environment, scans every layer, and covers every aspect of your cloud security - including elements that normally require installing agents. Its comprehensive approach has all of these cloud security solutions built in. Hundreds of organizations worldwide, including 50 percent of the Fortune 100, to rapidly identify and remove critical risks in cloud environments. Its customers include Salesforce, Slack, Mars, BMW, Avery Dennison, Priceline, Cushman & Wakefield, DocuSign, Plaid, and Agoda, among others. Wiz is backed by Sequoia, Index Ventures, Insight Partners, Salesforce, Blackstone, Advent, Greenoaks, Lightspeed and Aglaé. Visit https://www.wiz.io for more information. **Average Rating:** 4.7/5.0 **Total Reviews:** 772 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10) - **Detection Rate:** 8.8/10 (Category avg: 8.9/10) - **Automated Scans:** 9.0/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.8/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Wiz](https://www.g2.com/sellers/wiz-76a0133b-42e5-454e-b5da-860e503471db) - **Company Website:** https://www.wiz.io/ - **Year Founded:** 2020 - **HQ Location:** New York, US - **Twitter:** @wiz_io (22,413 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/wizsecurity/ (3,248 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** CISO, Security Engineer - **Top Industries:** Financial Services, Information Technology and Services - **Company Size:** 54% Enterprise, 39% Mid-Market #### Pros & Cons **Pros:** - Features (113 reviews) - Security (107 reviews) - Ease of Use (104 reviews) - Visibility (87 reviews) - Easy Setup (68 reviews) **Cons:** - Improvement Needed (35 reviews) - Feature Limitations (34 reviews) - Learning Curve (34 reviews) - Improvements Needed (29 reviews) - Complexity (27 reviews) ### 2. [Tenable Nessus](https://www.g2.com/products/tenable-nessus/reviews) Built for security practitioners, by security professionals, Nessus products by Tenable are the de-facto industry standard for vulnerability assessment. Nessus performs point-in-time assessments to help security professionals quickly and easily identify and fix vulnerabilities, including software flaws, missing patches, malware, and misconfigurations - across a variety of operating systems, devices, and applications. With features such as pre-built policies and templates, customizable reporting, group “snooze” functionality, and real-time updates, Nessus is designed to make vulnerability assessment simple, easy, and intuitive. The result: less time and effort to assess, prioritize, and remediate issues. **Average Rating:** 4.5/5.0 **Total Reviews:** 287 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 8.7/10 (Category avg: 9.2/10) - **Detection Rate:** 8.9/10 (Category avg: 8.9/10) - **Automated Scans:** 9.0/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.4/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Tenable](https://www.g2.com/sellers/tenable) - **Company Website:** https://www.tenable.com/ - **HQ Location:** Columbia, MD - **Twitter:** @TenableSecurity (87,575 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/25452/ (2,357 employees on LinkedIn®) - **Ownership:** NASDAQ: TENB **Reviewer Demographics:** - **Who Uses This:** Security Engineer, Network Engineer - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 40% Mid-Market, 34% Enterprise #### Pros & Cons **Pros:** - Vulnerability Identification (21 reviews) - Vulnerability Detection (19 reviews) - Automated Scanning (18 reviews) - Ease of Use (17 reviews) - Features (15 reviews) **Cons:** - Slow Scanning (8 reviews) - Expensive (6 reviews) - Limited Features (6 reviews) - Complexity (5 reviews) - False Positives (5 reviews) ### 3. [Orca Security](https://www.g2.com/products/orca-security/reviews) The Orca Cloud Security Platform identifies, prioritizes, and remediates risks and compliance issues in workloads, configurations, and identities across your cloud estate spanning AWS, Azure, Google Cloud, Kubernetes, Alibaba Cloud, and Oracle Cloud. Orca offers the industry’s most comprehensive cloud security solution in a single platform — eliminating the need to deploy and maintain multiple point solutions. Orca is agentless-first, and connects to your environment in minutes using Orca’s patented SideScanning™ technology that provides deep and wide visibility into your cloud environment, without requiring agents. In addition, Orca can integrate with third-party agents for runtime visibility and protection for critical workloads. Orca is at the forefront of leveraging Generative AI for simplified investigations and accelerated remediation – reducing required skill levels and saving cloud security, DevOps, and development teams time and effort, while significantly improving security outcomes. As a Cloud Native Application Protection Platform (CNAPP), Orca consolidates many point solutions in one platform, including: CSPM, CWPP, CIEM, Vulnerability Management, Container and Kubernetes Security, DSPM, API Security, CDR, Multi-cloud Compliance, Shift Left Security, and AI-SPM. **Average Rating:** 4.6/5.0 **Total Reviews:** 235 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10) - **Detection Rate:** 8.8/10 (Category avg: 8.9/10) - **Automated Scans:** 9.2/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.8/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Orca Security](https://www.g2.com/sellers/orca-security) - **Company Website:** https://orca.security - **Year Founded:** 2019 - **HQ Location:** Portland, Oregon - **Twitter:** @orcasec (4,822 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/35573984/ (495 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Security Engineer, CISO - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 48% Mid-Market, 40% Enterprise #### Pros & Cons **Pros:** - Ease of Use (37 reviews) - Features (33 reviews) - Security (29 reviews) - User Interface (22 reviews) - Visibility (22 reviews) **Cons:** - Improvement Needed (15 reviews) - Feature Limitations (12 reviews) - Limited Features (10 reviews) - Missing Features (10 reviews) - Ineffective Alerts (9 reviews) ### 4. [Aikido Security](https://www.g2.com/products/aikido-security/reviews) Aikido Security is the developer-first security platform that unifies code, cloud, protection, and attack testing in one suite of best-in-class products. Built by developers for developers, Aikido helps teams of any size ship secure software faster, automate protection, and simulate real-world attacks with AI-driven precision. The platform’s proprietary AI cuts noise by 95%, delivers one-click fixes, and saves developers 10+ hours per week. Aikido Intel proactively uncovers vulnerabilities in open source packages before disclosure, helping secure more than 50,000 organizations worldwide, including Revolut, Niantic, Visma, Montblanc, and GoCardless. **Average Rating:** 4.6/5.0 **Total Reviews:** 139 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10) - **Detection Rate:** 9.0/10 (Category avg: 8.9/10) - **Automated Scans:** 8.9/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.1/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Aikido Security](https://www.g2.com/sellers/aikido-security) - **Company Website:** https://aikido.dev - **Year Founded:** 2022 - **HQ Location:** Ghent, Belgium - **Twitter:** @AikidoSecurity (6,187 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/aikido-security/ (175 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** CTO, Founder - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 71% Small-Business, 17% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (78 reviews) - Security (55 reviews) - Features (52 reviews) - Easy Integrations (47 reviews) - Easy Setup (47 reviews) **Cons:** - Missing Features (19 reviews) - Expensive (17 reviews) - Limited Features (16 reviews) - Pricing Issues (15 reviews) - Lacking Features (14 reviews) ### 5. [Intruder](https://www.g2.com/products/intruder/reviews) Intruder is an exposure management platform for scaling to mid-market businesses. Over 3000 companies - across all industries - use Intruder to find critical exposures, respond faster and prevent breaches. Unifying Attack Surface Management, Vulnerability Management and Cloud security into one powerful, easy to use platform, Intruder simplifies the complex task of securing an ever-expanding attack surface. Recognizing no two business are alike, Intruder provides real-time, accurate scanning combined with intelligent risk prioritization, ensuring businesses focus on the exposures that are most relevant to them. And our proactive approach limits the window of risk, continuously monitoring for new threats while eliminating the noise that slows teams down. Whether you're an IT Manager, in DevOps or a CISO, Intruder's easy setup and context-driven approach will free you up to focus on exposures that cause real breaches, not just technical vulnerabilities. Keeping you one step ahead of attackers. **Average Rating:** 4.8/5.0 **Total Reviews:** 206 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.7/10 (Category avg: 9.2/10) - **Detection Rate:** 9.3/10 (Category avg: 8.9/10) - **Automated Scans:** 9.5/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 9.5/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Intruder](https://www.g2.com/sellers/intruder) - **Company Website:** https://www.intruder.io - **Year Founded:** 2015 - **HQ Location:** London - **Twitter:** @intruder_io (979 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/6443623/ (84 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** CTO, Director - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 57% Small-Business, 36% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (41 reviews) - Vulnerability Detection (30 reviews) - Customer Support (26 reviews) - User Interface (24 reviews) - Vulnerability Identification (24 reviews) **Cons:** - Expensive (10 reviews) - Slow Scanning (8 reviews) - Licensing Issues (7 reviews) - False Positives (6 reviews) - Limited Features (6 reviews) ### 6. [Sysdig Secure](https://www.g2.com/products/sysdig-sysdig-secure/reviews) Sysdig Secure is the real-time cloud-native application protection platform (CNAPP) trusted by organizations of all sizes around the world.. Built by the creators of Falco and Wireshark, Sysdig uniquely delivers runtime-powered visibility and agentic AI to stop cloud attacks instantly, not after the damage is done. With Sysdig, you can: - Stop threats in 2 seconds and respond in minutes - Cut vulnerability noise by 95% with runtime prioritization - Detect real risk instantly across workloads, identities, and misconfigurations - Close permissions gaps in under 2 minutes Sysdig Secure consolidates CSPM, CWPP, CIEM, vulnerability management, and threat detection into a single open, real-time platform. Unlike other CNAPPs, Sysdig connects signals across runtime, identity, and posture to eliminate blind spots, reduce tool sprawl, and accelerate innovation without compromise. No guesswork. No black boxes. Just cloud security, the right way. Learn more at https://sysdig.com **Average Rating:** 4.8/5.0 **Total Reviews:** 110 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.7/10 (Category avg: 9.2/10) - **Detection Rate:** 9.5/10 (Category avg: 8.9/10) - **Automated Scans:** 9.5/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 9.5/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Sysdig](https://www.g2.com/sellers/sysdig-715eaed9-9743-4f27-bd2b-d3730923ac3e) - **Company Website:** https://www.sysdig.com - **Year Founded:** 2013 - **HQ Location:** San Francisco, California - **Twitter:** @Sysdig (10,260 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/3592486/ (640 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Security Engineer - **Top Industries:** Financial Services, Information Technology and Services - **Company Size:** 46% Enterprise, 40% Mid-Market #### Pros & Cons **Pros:** - Security (33 reviews) - Vulnerability Detection (32 reviews) - Threat Detection (31 reviews) - Detection Efficiency (30 reviews) - Features (23 reviews) **Cons:** - Feature Limitations (10 reviews) - Complexity (9 reviews) - Missing Features (8 reviews) - Difficult Learning (7 reviews) - Feature Complexity (7 reviews) ### 7. [Astra Pentest](https://www.g2.com/products/astra-pentest/reviews) Astra is a leading penetration testing company that provides PTaaS and continuous threat exposure management capabilities. Our comprehensive cybersecurity solutions blend automation and manual expertise to run 15,000+ tests and compliance checks, ensuring complete safety, irrespective of the threat and attack location. With a 360° view of an organization’s security posture, continuous proactive insights, real-time reporting, and AI-first defensive strategies, we aim to help CTOs shift left at scale with continuous pentests. The offensive scanner engine, seamless tech stack integrations, and expert support help make pentesting simple, effective and hassle-free for 1000+ businesses worldwide. Moreover, our industry-specific AI test cases, world-class Astranaut Bot, and customizable reports are designed to make your experience smoother while saving you millions of dollars proactively. **Average Rating:** 4.6/5.0 **Total Reviews:** 179 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.2/10) - **Detection Rate:** 8.7/10 (Category avg: 8.9/10) - **Automated Scans:** 8.9/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.7/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [ASTRA IT, Inc.](https://www.g2.com/sellers/astra-it-inc) - **Company Website:** https://www.getastra.com/ - **Year Founded:** 2018 - **HQ Location:** New Delhi, IN - **Twitter:** @getastra (690 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/getastra/ (120 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** CTO, CEO - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 65% Small-Business, 30% Mid-Market #### Pros & Cons **Pros:** - Customer Support (65 reviews) - Vulnerability Detection (52 reviews) - Ease of Use (51 reviews) - Pentesting Efficiency (42 reviews) - Vulnerability Identification (38 reviews) **Cons:** - Poor Customer Support (12 reviews) - Poor Interface Design (10 reviews) - Slow Performance (8 reviews) - UX Improvement (7 reviews) - False Positives (6 reviews) ### 8. [Tenable Vulnerability Management](https://www.g2.com/products/tenable-vulnerability-management/reviews) Tenable Vulnerability Management provides a risk-based approach to identifying, prioritizing, and remediating vulnerabilities across your entire attack surface. Powered by Nessus technology and AI-driven analytics, it goes beyond CVSS scores to assess exploitability, asset criticality, and business impact—so you can focus on what matters most. With continuous visibility, automated scanning, and real-time risk insights, security teams can quickly expose and close critical vulnerabilities before they’re exploited. Advanced asset identification ensures accurate tracking in dynamic environments, while intuitive dashboards, comprehensive reporting, and seamless third-party integrations help streamline workflows. As a cloud-based solution, Tenable Vulnerability Management scales with your organization, empowering security teams to maximize efficiency, reduce risk, and improve resilience against evolving threats. **Average Rating:** 4.5/5.0 **Total Reviews:** 112 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 8.6/10 (Category avg: 9.2/10) - **Detection Rate:** 9.0/10 (Category avg: 8.9/10) - **Automated Scans:** 9.3/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.7/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Tenable](https://www.g2.com/sellers/tenable) - **Company Website:** https://www.tenable.com/ - **HQ Location:** Columbia, MD - **Twitter:** @TenableSecurity (87,575 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/25452/ (2,357 employees on LinkedIn®) - **Ownership:** NASDAQ: TENB **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Financial Services - **Company Size:** 55% Enterprise, 34% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (12 reviews) - Scanning Efficiency (10 reviews) - Vulnerability Identification (10 reviews) - Automated Scanning (7 reviews) - Features (7 reviews) **Cons:** - Expensive (6 reviews) - Pricing Issues (6 reviews) - Complexity (5 reviews) - Inadequate Reporting (5 reviews) - Limited Reporting (5 reviews) ### 9. [HackerOne Platform](https://www.g2.com/products/hackerone-hackerone-platform/reviews) HackerOne is a global leader in Continuous Threat Exposure Management (CTEM). The HackerOne Platform unites agentic AI solutions with the ingenuity of the world’s largest community of security researchers to continuously discover, validate, prioritize, and remediate exposures across code, cloud, and AI systems. Through solutions like bug bounty, vulnerability disclosure, agentic pentesting, AI red teaming, and code security, HackerOne delivers measurable, continuous reduction of cyber risk for enterprises. Industry leaders, including Anthropic, Crypto.com, General Motors, Goldman Sachs, Lufthansa, Uber, UK Ministry of Defence, and the U.S. Department of Defense, trust HackerOne to safeguard their digital ecosystems. HackerOne was recognized in Gartner’s Emerging Tech Impact Radar: AI Cybersecurity Ecosystem report for its leadership in AI Security Testing and has been named a Most Loved Workplace for Young Professionals (2024). **Average Rating:** 4.5/5.0 **Total Reviews:** 64 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 8.9/10 (Category avg: 9.2/10) - **Detection Rate:** 7.5/10 (Category avg: 8.9/10) - **Automated Scans:** 6.7/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 7.9/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [HackerOne](https://www.g2.com/sellers/hackerone) - **Company Website:** https://hackerone.com - **Year Founded:** 2012 - **HQ Location:** San Francisco, California - **Twitter:** @Hacker0x01 (334,606 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/hackerone/ (6,444 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 42% Mid-Market, 41% Enterprise #### Pros & Cons **Pros:** - Ease of Use (19 reviews) - Helpful (12 reviews) - Collaboration (11 reviews) - Security Protection (11 reviews) - Customer Support (10 reviews) **Cons:** - Complexity Issues (5 reviews) - Expensive (5 reviews) - Time Management (5 reviews) - Poor Customer Support (4 reviews) - Poor Interface Design (4 reviews) ### 10. [Burp Suite](https://www.g2.com/products/burp-suite/reviews) Burp Suite is a complete ecosystem for web application and API security testing, combining two products: Burp Suite DAST - a best-of-breed, precision DAST solution that automates runtime testing, and Burp Suite Professional - the industry-standard toolkit for manual penetration testing. Developed by PortSwigger, more than 85,000 security professionals rely on Burp Suite to find, verify, and understand vulnerabilities across complex modern web applications. Burp Suite DAST is PortSwigger’s enterprise dynamic application security testing (DAST) solution, purpose-built for continuous, automated scanning of web applications and APIs. Unlike many DAST solutions, which are part of a wider AST offering, Burp Suite DAST is not a bolt-on tool - instead it’s precision-built from over 20 years of dynamic testing experience. Burp Suite DAST reveals the runtime issues that static analysis tools miss, such as authentication flaws, configuration drift, and chained vulnerabilities. Built on the same proprietary scanning engine that powers Burp Suite Professional, it delivers precise, low-noise results that security teams trust. Key capabilities of Burp Suite DAST include: Continuous, automated scanning of web applications and APIs, integration with CI/CD pipelines and vulnerability management tools, flexible deployment across cloud, and on-premise environments, shared scanning logic and configurations between automated and manual testing, accurate, low-noise detection informed by PortSwigger Research. Burp Suite Professional complements DAST with deep manual testing capability. It’s the industry-standard toolkit for penetration testers, consultants, and AppSec engineers who need complete insight and flexibility when validating or exploring vulnerabilities. Findings discovered by DAST can be investigated and verified in Burp Suite Professional, ensuring every result is accurate, contextual, and actionable. Together, Burp Suite DAST and Burp Suite Professional create a unified ecosystem that delivers automation at breadth and manual depth where it counts. Burp Suite is built for AppSec teams who need scalable, trustworthy coverage across web and API environments, enabling a seamless handoff between automated and manual testing. **Average Rating:** 4.8/5.0 **Total Reviews:** 124 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.7/10 (Category avg: 9.2/10) - **Detection Rate:** 8.7/10 (Category avg: 8.9/10) - **Automated Scans:** 8.6/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.0/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [PortSwigger](https://www.g2.com/sellers/portswigger) - **Company Website:** https://www.portswigger.net - **Year Founded:** 2008 - **HQ Location:** Knutsford, GB - **Twitter:** @Burp_Suite (137,013 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/portswigger-web-security/ (321 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Cyber Security Analyst - **Top Industries:** Computer & Network Security, Information Technology and Services - **Company Size:** 41% Mid-Market, 31% Small-Business #### Pros & Cons **Pros:** - Ease of Use (12 reviews) - User Interface (8 reviews) - Testing Services (7 reviews) - Features (5 reviews) - Clear Interface (4 reviews) **Cons:** - Expensive (5 reviews) - Slow Performance (5 reviews) - High Learning Curve (2 reviews) - Learning Curve (2 reviews) - Limited Customization (2 reviews) ### 11. [SentinelOne Singularity Endpoint](https://www.g2.com/products/sentinelone-singularity-endpoint/reviews) SentinelOne (NYSE:S) is pioneering autonomous cybersecurity to prevent, detect, and respond to cyber attacks faster and with higher accuracy than ever before. The Singularity Platform protects and empowers leading global enterprises with real-time visibility, cross-platform correlation, and AI-powered response across endpoints, cloud workloads and containers, network-connected (IoT) devices and identity-centric attack surfaces. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, on LinkedIn or Facebook. Over 9,250 customers, including 4 of the Fortune 10, hundreds of the Global 2000, prominent governments, healthcare providers, and educational institutions, trust SentinelOne to bring their defenses into the future, gaining more capability with less complexity. SentinelOne is a Leader in the Gartner Magic Quadrant for Endpoint Protection Platforms, and is a go-to platform across all customer profiles, as highlighted in Gartner’s Critical Capabilities report. SentinelOne continues to prove its industry-leading capabilities in the MITRE Engenuity ATT&CK® Evaluation, with 100% protection detection, 88% less noise, and zero delays in the 2024 MITRE ATT&CK Engenuity evaluations, demonstrating our dedication to keeping our customers ahead of threats from every vector. **Average Rating:** 4.7/5.0 **Total Reviews:** 193 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10) - **Detection Rate:** 9.5/10 (Category avg: 8.9/10) - **Automated Scans:** 8.7/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 7.6/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [SentinelOne](https://www.g2.com/sellers/sentinelone) - **Company Website:** https://www.sentinelone.com - **Year Founded:** 2013 - **HQ Location:** Mountain View, CA - **Twitter:** @SentinelOne (57,389 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/2886771/ (3,183 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 45% Mid-Market, 37% Enterprise #### Pros & Cons **Pros:** - Ease of Use (16 reviews) - Features (11 reviews) - Threat Detection (11 reviews) - Customer Support (10 reviews) - Security (7 reviews) **Cons:** - Learning Curve (4 reviews) - Not User-Friendly (4 reviews) - Slow Performance (4 reviews) - Complexity (3 reviews) - Difficult Configuration (3 reviews) ### 12. [SentinelOne Singularity Cloud Security](https://www.g2.com/products/sentinelone-singularity-cloud-security/reviews) Singularity Cloud Security is SentinelOne’s comprehensive, cloud-native application protection platform (CNAPP). It combines the best of agentless insights with AI-powered threat protection, to secure and protect your multi-cloud infrastructure, services, and containers from build time to runtime. SentinelOne’s CNAPP applies an attacker’s mindset to help security practitioners better prioritize their remediation tasks with evidence-backed Verified Exploit Paths™. The efficient and scalable runtime protection, proven over 5 years and trusted by many of the world’s leading cloud enterprises, harnesses local, autonomous AI engines to detect and thwart runtime threats in real-time. CNAPP data and workload telemetry is recorded to SentinelOne’s unified security lake, for easy access and investigation. **Average Rating:** 4.9/5.0 **Total Reviews:** 112 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.9/10 (Category avg: 9.2/10) - **Detection Rate:** 9.8/10 (Category avg: 8.9/10) - **Automated Scans:** 9.8/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 9.9/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [SentinelOne](https://www.g2.com/sellers/sentinelone) - **Company Website:** https://www.sentinelone.com - **Year Founded:** 2013 - **HQ Location:** Mountain View, CA - **Twitter:** @SentinelOne (57,389 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/2886771/ (3,183 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Financial Services - **Company Size:** 60% Mid-Market, 31% Enterprise #### Pros & Cons **Pros:** - Security (27 reviews) - Ease of Use (20 reviews) - Vulnerability Detection (19 reviews) - Cloud Management (16 reviews) - Cloud Security (15 reviews) **Cons:** - Complexity (5 reviews) - Ineffective Alerts (5 reviews) - Complex Setup (4 reviews) - Difficult Configuration (4 reviews) - Poor UI (4 reviews) ### 13. [CyberSmart](https://www.g2.com/products/cybersmart/reviews) CyberSmart is the UK’s leading cybersecurity platform for small and medium-sized businesses and the organisations that support them. As the UK’s largest provider of Cyber Essentials certification and a National Ambassador to the Cyber Resilience Centres network, CyberSmart plays a central role in raising cyber maturity across the UK economy. We work closely with businesses, managed service providers, and government-backed initiatives to deliver practical, scalable cybersecurity that aligns with real-world commercial pressures. A recognised market leader in delivering Cyber Essentials and Cyber Essentials Plus at scale, CyberSmart helps organisations achieve trusted certification quickly and maintain continuous compliance long after the audit is complete. As regulatory requirements, supply chain scrutiny, and insurance expectations continue to increase, businesses need more than a point-in-time assessment - they need ongoing assurance. The CyberSmart platform brings together people, process and technology in one integrated solution. It combines always-on device monitoring, vulnerability management, automated patch management, security awareness training, certification, privacy management and streamlined access to cyber insurance. By unifying protection and compliance within a single platform, CyberSmart reduces tool sprawl, simplifies security operations, and provides clear, prioritised visibility into risk. CyberSmart also supports larger organisations and supply-chain assurance programmes by enabling certification at scale across supplier tiers, providing executive-level visibility of supplier risk, and leveraging a network of over 1,000 MSP partners to drive adoption without disrupting commercial relationships. Trusted by over 7,000 businesses and partners worldwide, CyberSmart delivers Complete Cyber Confidence - helping organisations stay secure, demonstrate compliance, and build measurable resilience over time. **Average Rating:** 4.4/5.0 **Total Reviews:** 49 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.7/10 (Category avg: 9.2/10) - **Detection Rate:** 8.8/10 (Category avg: 8.9/10) - **Automated Scans:** 10.0/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 10.0/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [CyberSmart](https://www.g2.com/sellers/cybersmart) - **Year Founded:** 2016 - **HQ Location:** London, GB - **Twitter:** @CyberSmartUK (1,934 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/be-cybersmart (82 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 65% Small-Business, 20% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (34 reviews) - Customer Support (20 reviews) - Helpful (16 reviews) - Implementation Ease (14 reviews) - Setup Ease (12 reviews) **Cons:** - Technical Issues (8 reviews) - False Positives (7 reviews) - Expensive (6 reviews) - Pricing Issues (6 reviews) - Improvement Needed (5 reviews) ### 14. [CrowdStrike Falcon Cloud Security](https://www.g2.com/products/crowdstrike-falcon-cloud-security/reviews) Crowdstrike Falcon Cloud Security is the only CNAPP to stop breaches in the cloud Built for today’s hybrid and multi-cloud environments, Falcon Cloud Security protects the entire cloud attack surface - from code to runtime - by combining continuous agentless visibility with real-time detection and response. At runtime, Falcon Cloud Security delivers best-in-class cloud workload protection and real-time cloud detection and response (CDR) to stop active threats across hybrid environments. Integrated with the CrowdStrike Falcon platform, it correlates signals across endpoint, identity, and cloud to detect sophisticated cross-domain attacks that point solutions miss—enabling teams to respond faster and stop breaches in progress. To reduce risk before attacks occur, Falcon Cloud Security also delivers agentless-driven posture management that proactively shrinks the cloud attack surface. Unlike typical solutions, Crowdstrike enriches cloud risk detections with adversary intelligence and graph-based context, enabling security teams to prioritize exploitable exposures and prevent breaches before they happen. Customers using Falcon Cloud Security consistently see measurable results: 89% faster cloud detection and response 100x reduction in false positives by prioritizing exploitable, business-critical risk 83% reduction in cloud security licenses due to elimination of redundant tools **Average Rating:** 4.6/5.0 **Total Reviews:** 83 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.2/10) **Seller Details:** - **Seller:** [CrowdStrike](https://www.g2.com/sellers/crowdstrike) - **Company Website:** https://www.crowdstrike.com - **Year Founded:** 2011 - **HQ Location:** Sunnyvale, CA - **Twitter:** @CrowdStrike (110,002 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/2497653/ (11,258 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 45% Enterprise, 43% Mid-Market #### Pros & Cons **Pros:** - Security (49 reviews) - Cloud Security (37 reviews) - Detection Efficiency (34 reviews) - Vulnerability Detection (31 reviews) - Ease of Use (29 reviews) **Cons:** - Expensive (17 reviews) - Improvements Needed (14 reviews) - Improvement Needed (13 reviews) - Feature Complexity (8 reviews) - Learning Curve (8 reviews) ### 15. [Edgescan](https://www.g2.com/products/edgescan/reviews) What Is Edgescan? Edgescan is a cybersecurity company that helps organizations proactively identify, validate, and prioritize vulnerabilities across their applications, API’s and digital landscape. The company specializes in continuous vulnerability assessment, automated penetration testing, Attack Surface Management and Penetration Testing as a Service (PTaaS). Edgescan combines advanced automation with certified security experts, including professionals holding credentials such as CREST and OSCP, to deliver highly accurate and actionable security testing. This hybrid approach allows organizations to move beyond traditional point-in-time penetration tests and operate a continuous proactive cybersecurity program. The Edgescan platform is designed primarily for web application and API security, enabling organizations to continuously assess their attack surface and identify vulnerabilities throughout the development lifecycle but also delivers “full stack” coverage to detect host layer CVE’s. With a client retention rate of over 90%, Edgescan has built long-term partnerships by delivering measurable improvements in security efficiency, risk visibility, and vulnerability management. Key Features and Capabilities of Edgescan Automated Penetration Testing Edgescan uses intelligent automation to continuously assess applications, APIs, hosts, and cloud environments for vulnerabilities. This enables frequent, scalable security testing across modern and distributed architectures. Human‑Validated Testing Findings are reviewed and manually validated by certified security experts to eliminate false positives and provide deeper insight into real‑world exploitability. Each result is accurate, contextual, and actionable. Penetration Testing as a Service (PTaaS) Edgescan’s PTaaS model extends beyond automated testing by allowing expert testers to focus on vulnerabilities that require human analysis, including: • Business logic flaws • Authentication and authorization weaknesses • Context-dependent exposures • Complex attack chains and privilege escalation paths Cyber Analytics and AI‑Assisted Validation AI-driven analysis enhances detection, verifies exploitability, and increases accuracy. This reduces noise and gives security teams a clearer picture of genuine threats. Integrated Threat Intelligence Edgescan correlates vulnerabilities with real-world threat intelligence, including known exploits and ransomware activity to help organizations prioritize the most dangerous exposures first. Risk‑Based Prioritization Findings are prioritized based on exploitability, severity, threat context, and business impact, ensuring teams focus on the issues that matter most. Primary Value: What Edgescan Solves for Clients Edgescan enables organizations to shift from reactive vulnerability management to a continuous, proactive security model. Traditional scanners and periodic penetration tests frequently produce large volumes of unvalidated findings. This creates noise and forces security teams to spend hours determining which issues are real and critical. Edgescan solves this by combining: Automation for continuous testing Human expertise for validation and complex analysis Cyber analytics and AI for accuracy and prioritization Key Benefits Significant efficiency gains: reducing thousands of hours spent on manual validation. Higher accuracy, thanks to expert‑validated findings and reduced false positives. Clear prioritization, using threat intelligence and ransomware insights to highlight the highest‑risk exposures. Continuous security improvement, enabling rapid detection, faster remediation, and scalable vulnerability management. By unifying automation, human expertise, AI, and threat intelligence, Edgescan empowers organizations to maintain a continuous cybersecurity program that strengthens overall security posture while dramatically reducing operational burden. **Average Rating:** 4.7/5.0 **Total Reviews:** 51 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10) - **Detection Rate:** 9.3/10 (Category avg: 8.9/10) - **Automated Scans:** 9.6/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.3/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Edgescan](https://www.g2.com/sellers/edgescan) - **Company Website:** https://www.edgescan.com - **Year Founded:** 2017 - **HQ Location:** Dublin, Dublin - **Twitter:** @edgescan (2,265 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/2928425/ (88 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 32% Enterprise, 32% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (25 reviews) - Vulnerability Detection (24 reviews) - Customer Support (19 reviews) - Vulnerability Identification (19 reviews) - Features (18 reviews) **Cons:** - Complex UI (5 reviews) - Limited Customization (5 reviews) - Poor Interface Design (5 reviews) - Slow Performance (5 reviews) - UX Improvement (5 reviews) ### 16. [Tenable Security Center](https://www.g2.com/products/tenable-security-center/reviews) Tenable Security Center (formerly Tenable.sc) is the industry's most comprehensive risk-based vulnerability management (RBVM) solution, enabling you to: • See all your vulnerabilities and continuously assess all assets the moment they join the network -- including transient devices that aren’t regularly connected • Predict what matters by understanding vulnerabilities in the context of business risk, as well as the criticality of affected assets • Act on each high priority vulnerability to effectively manage risk, and measure KPIs to effectively communicate effectiveness Legacy vulnerability management tools weren't designed to handle the modern attack surface and the growing number of threats that come with them. Instead, they’re limited to a theoretical view of risk, leading security teams to waste the majority of their time chasing after the wrong issues while missing many of the most critical vulnerabilities that pose the greatest risk to the business. By taking a risk-based approach to vulnerability management, Tenable.sc enables security teams to focus on the vulnerabilities and assets that matter most, so they can address the organization’s true business risk instead of wasting their valuable time on vulnerabilities that have a low likelihood of being exploited. Tenable delivers the most comprehensive risk-based vulnerability management solution available to help you prioritize your remediation efforts, so you can take decisive action to reduce the greatest amount of business risk with the least amount of effort. **Average Rating:** 4.6/5.0 **Total Reviews:** 73 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 8.8/10 (Category avg: 9.2/10) - **Detection Rate:** 8.8/10 (Category avg: 8.9/10) - **Automated Scans:** 9.1/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.9/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Tenable](https://www.g2.com/sellers/tenable) - **HQ Location:** Columbia, MD - **Twitter:** @TenableSecurity (87,575 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/25452/ (2,357 employees on LinkedIn®) - **Ownership:** NASDAQ: TENB **Reviewer Demographics:** - **Top Industries:** Computer & Network Security, Banking - **Company Size:** 59% Enterprise, 24% Mid-Market #### Pros & Cons **Pros:** - Features (2 reviews) - Compliance Management (1 reviews) - Customer Support (1 reviews) - Cybersecurity (1 reviews) - Dashboard Design (1 reviews) **Cons:** - Complexity (1 reviews) - Complex Queries (1 reviews) - Complex Setup (1 reviews) - Difficult Setup (1 reviews) - Integration Issues (1 reviews) ### 17. [Amazon Inspector](https://www.g2.com/products/amazon-inspector/reviews) Amazon Inspector is an automated vulnerability management service that continuously scans AWS workloads—including Amazon EC2 instances, container images in Amazon ECR, AWS Lambda functions, and code repositories—for software vulnerabilities and unintended network exposure. By integrating seamlessly with AWS environments, it provides real-time detection and prioritization of security issues, enabling organizations to enhance their security posture efficiently. Key Features and Functionality: - Automated Discovery and Continuous Scanning: Automatically identifies and assesses AWS resources for vulnerabilities and network exposures, ensuring comprehensive coverage without manual intervention. - Contextualized Risk Scoring: Generates risk scores by correlating vulnerability data with environmental factors such as network accessibility and exploitability, aiding in the prioritization of remediation efforts. - Integration with AWS Services: Seamlessly integrates with AWS Security Hub and Amazon EventBridge, facilitating automated workflows and centralized management of security findings. - Support for Multiple Resource Types: Extends vulnerability management to various AWS services, including EC2 instances, container images, Lambda functions, and code repositories, providing a unified security assessment across the cloud environment. - Agentless Scanning for EC2 Instances: Offers continuous monitoring of EC2 instances for software vulnerabilities without the need for installing additional agents, simplifying deployment and maintenance. Primary Value and Problem Solved: Amazon Inspector addresses the critical need for continuous and automated vulnerability management within AWS environments. By providing real-time detection and prioritization of security issues, it enables organizations to proactively identify and remediate vulnerabilities, reducing the risk of security breaches and ensuring compliance with industry standards. Its integration with existing AWS services and support for various resource types streamline security operations, allowing teams to focus on strategic initiatives while maintaining a robust security posture. **Average Rating:** 4.4/5.0 **Total Reviews:** 24 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10) - **Detection Rate:** 9.2/10 (Category avg: 8.9/10) - **Automated Scans:** 9.2/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 7.8/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Amazon Web Services (AWS)](https://www.g2.com/sellers/amazon-web-services-aws-3e93cc28-2e9b-4961-b258-c6ce0feec7dd) - **Year Founded:** 2006 - **HQ Location:** Seattle, WA - **Twitter:** @awscloud (2,220,862 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/amazon-web-services/ (156,424 employees on LinkedIn®) - **Ownership:** NASDAQ: AMZN **Reviewer Demographics:** - **Top Industries:** Computer Software - **Company Size:** 42% Small-Business, 35% Mid-Market #### Pros & Cons **Pros:** - Security Protection (3 reviews) - Customer Support (2 reviews) - Centralization Management (1 reviews) - Collaboration (1 reviews) - Security (1 reviews) **Cons:** - Complexity (1 reviews) - Complexity Issues (1 reviews) - Learning Curve (1 reviews) - Limited Features (1 reviews) - Not User-Friendly (1 reviews) ### 18. [Pentera](https://www.g2.com/products/pentera/reviews) Pentera is the category leader for Automated Security Validation, allowing every organization to test with ease the integrity of all cybersecurity layers, unfolding true, current security exposures at any moment, at any scale. Thousands of security professionals and service providers around the world use Pentera to guide remediation and close security gaps before they are exploited. Its customers include Casey's General Stores, Emeria, LuLu International Exchange, IP Telecom PT, BrewDog, City National Bank, Schmitz Cargobull, and MBC Group. Pentera is backed by leading investors such as K1 Investment Management, Insight Partners, Blackstone, Evolution Equity Partners, and AWZ. Visit https://pentera.io for more information. **Average Rating:** 4.5/5.0 **Total Reviews:** 141 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10) - **Detection Rate:** 8.4/10 (Category avg: 8.9/10) - **Automated Scans:** 9.1/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 7.8/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Pentera](https://www.g2.com/sellers/pentera) - **Company Website:** https://pentera.io/ - **Year Founded:** 2015 - **HQ Location:** Boston, MA - **Twitter:** @penterasec (3,322 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/penterasecurity/ (486 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Banking, Information Technology and Services - **Company Size:** 51% Enterprise, 40% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (9 reviews) - Vulnerability Identification (8 reviews) - Automation (7 reviews) - Customer Support (7 reviews) - Security (6 reviews) **Cons:** - Inadequate Reporting (3 reviews) - Access Control (2 reviews) - False Positives (2 reviews) - Limited Reporting (2 reviews) - Missing Features (2 reviews) ### 19. [Qualys WAS](https://www.g2.com/products/qualys-was/reviews) Qualys WAS is Qualys's platform for end-to-end web application scanning. **Average Rating:** 4.5/5.0 **Total Reviews:** 19 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.7/10 (Category avg: 9.2/10) - **Detection Rate:** 9.1/10 (Category avg: 8.9/10) - **Automated Scans:** 9.6/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.2/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Qualys](https://www.g2.com/sellers/qualys) - **Year Founded:** 1999 - **HQ Location:** Foster City, CA - **Twitter:** @qualys (34,165 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/8561/ (3,564 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 45% Mid-Market, 35% Enterprise ### 20. [Hybrid Cloud Security](https://www.g2.com/products/trend-micro-hybrid-cloud-security/reviews) In today's complex digital landscape, securing your cloud environment is paramount. The management and security of your hybrid and multi-cloud setup pose increasing challenges. Trend's Cloud Security provides essential visibility, allowing you and your teams to secure every aspect of your transformation and eliminate disruptive security silos. Automate security policies, deployments, monitoring, and compliance audits seamlessly from a single console, ensuring the automatic protection of all workloads from both known and unknown threats. With Cloud-Native Application Protection and robust platform capabilities, Trend empowers you to proactively address vulnerabilities and defend against threats. Gain centralized visibility, continuous asset discovery, and contextualized risk assessments, equipping your team with everything necessary to stay ahead of potential cloud security risks. **Average Rating:** 4.5/5.0 **Total Reviews:** 181 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.1/10 (Category avg: 9.2/10) - **Detection Rate:** 8.9/10 (Category avg: 8.9/10) - **Automated Scans:** 9.0/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.5/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Trend Micro](https://www.g2.com/sellers/trend-micro) - **Year Founded:** 1988 - **HQ Location:** Tokyo - **LinkedIn® Page:** https://www.linkedin.com/company/4312/ (8,090 employees on LinkedIn®) - **Ownership:** OTCMKTS:TMICY - **Total Revenue (USD mm):** $1,515 **Reviewer Demographics:** - **Who Uses This:** Cyber Security Associate, Cyber Security Engineer - **Top Industries:** Computer & Network Security, Information Technology and Services - **Company Size:** 43% Mid-Market, 34% Enterprise #### Pros & Cons **Pros:** - Security (9 reviews) - Security Protection (7 reviews) - Compliance (6 reviews) - Cloud Security (4 reviews) - Comprehensive Security (4 reviews) **Cons:** - Complexity (6 reviews) - Complex Setup (4 reviews) - Feature Complexity (4 reviews) - Learning Curve (4 reviews) - Difficult Learning (3 reviews) ### 21. [Bitsight](https://www.g2.com/products/bitsight/reviews) Bitsight is the global leader in cyber risk intelligence, leveraging advanced AI to empower organizations with precise insights derived from the industry’s most extensive external cybersecurity dataset. With more than 3,500 customers and over 68,000 organizations active on its platform, Bitsight delivers real-time visibility into cyber risk and threat exposure, enabling teams to rapidly identify vulnerabilities, detect emerging threats, prioritize remediation, and mitigate risks across their extended attack surface. Bitsight proactively uncovers security gaps across infrastructure, cloud environments, digital identities, and third- and fourth-party ecosystems. From security operations and governance teams to executive boardrooms, Bitsight provides the unified intelligence backbone required to confidently manage cyber risk and address exposures before they impact performance. **Average Rating:** 4.5/5.0 **Total Reviews:** 75 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10) **Seller Details:** - **Seller:** [Bitsight](https://www.g2.com/sellers/bitsight) - **Company Website:** https://www.bitsight.com/ - **Year Founded:** 2011 - **HQ Location:** Boston, MA - **Twitter:** @BitSight (4,492 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/bitsight/ (740 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Hospital & Health Care - **Company Size:** 72% Enterprise, 23% Mid-Market #### Pros & Cons **Pros:** - Security (15 reviews) - Risk Management (14 reviews) - Ease of Use (13 reviews) - Features (11 reviews) - Customer Support (9 reviews) **Cons:** - Missing Features (6 reviews) - Lack of Clarity (5 reviews) - Poor Notifications (4 reviews) - Slow Performance (4 reviews) - Delay Issues (3 reviews) ### 22. [Red Hat Ansible Automation Platform](https://www.g2.com/products/red-hat-ansible-automation-platform/reviews) Red Hat® Ansible® Automation Platform is Red Hat's primary enterprise automation product offering., it includes all of the tooling needed for building, deploying, and managing end-to-end automation at scale. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless technical implementation. IT managers can provide guidelines on how automation is applied to individual teams. Meanwhile, automation creators retain the freedom to write tasks that use existing knowledge, without the operational overhead of conforming to complex tools and frameworks. It is a more secure and stable foundation for deploying end-to-end automation solutions, from hybrid cloud to the edge. Ansible Automation Platform uses an open source development model of the Ansible project to create an experience tailored to enterprise automation. This open development model connects the engineers behind Ansible Automation Platform to more than a dozen open source Ansible projects in the community. As members work together to identify and elevate the best ideas, Red Hat supports them by contributing to the code and creating products from upstream projects. View more at https://www.ansible.com/compare Ansible Automation Platform simplifies packaging and distribution while providing tested and trusted interoperability between all the components. Combined with an 18-month support life cycle, Ansible Automation Platform takes the complexity, uncertainty, and guesswork out of using upstream open source tools. With a Red Hat subscription, you get certified and validated automation content from our robust partner ecosystem; added security, reporting, and analytics; and life cycle technical support from Red Hat and Red Hat’s technology partners to scale automation across your organization. And you’ll get expert knowledge gained from our success with thousands of customers. **Average Rating:** 4.6/5.0 **Total Reviews:** 369 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 8.8/10 (Category avg: 9.2/10) - **Detection Rate:** 7.9/10 (Category avg: 8.9/10) - **Automated Scans:** 8.8/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 9.2/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Red Hat](https://www.g2.com/sellers/red-hat) - **Year Founded:** 1993 - **HQ Location:** Raleigh, NC - **Twitter:** @RedHat (299,330 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/3545/ (19,305 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** DevOps Engineer, Software Engineer - **Top Industries:** Information Technology and Services, Financial Services - **Company Size:** 48% Enterprise, 36% Mid-Market #### Pros & Cons **Pros:** - Automation (56 reviews) - Automation Efficiency (47 reviews) - Ease of Use (41 reviews) - Easy Integrations (37 reviews) - Task Automation (37 reviews) **Cons:** - Learning Curve (16 reviews) - Learning Difficulty (16 reviews) - Complexity (15 reviews) - Complex Setup (12 reviews) - Automation Issues (10 reviews) ### 23. [Microsoft Defender Vulnerability Management](https://www.g2.com/products/microsoft-defender-vulnerability-management/reviews) Defender Vulnerability Management delivers asset visibility, intelligent assessments, and built-in remediation tools for Windows, macOS, Linux, Android, iOS, and network devices. Leveraging Microsoft threat intelligence, breach likelihood predictions, business contexts, and devices assessments, Defender Vulnerability Management rapidly and continuously prioritizes the biggest vulnerabilities on your most critical assets and provides security recommendations to mitigate risk. Reduce risk with continuous vulnerability assessment, risk-based prioritization, and remediation. Defender Vulnerability Management is available for cloud workloads and endpoints. Defender for Endpoint Plan 2 customers can access advanced vulnerability management capabilities with the Defender Vulnerability Management add-on, now generally available. **Average Rating:** 4.4/5.0 **Total Reviews:** 33 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 8.6/10 (Category avg: 9.2/10) - **Detection Rate:** 8.3/10 (Category avg: 8.9/10) - **Automated Scans:** 7.2/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 7.2/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Microsoft](https://www.g2.com/sellers/microsoft) - **Year Founded:** 1975 - **HQ Location:** Redmond, Washington - **Twitter:** @microsoft (13,090,464 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/microsoft/ (227,697 employees on LinkedIn®) - **Ownership:** MSFT **Reviewer Demographics:** - **Top Industries:** Computer & Network Security - **Company Size:** 41% Small-Business, 35% Enterprise ### 24. [Indusface WAS](https://www.g2.com/products/indusface-was/reviews) Indusface WAS (Web Application Scanner) provides comprehensive managed dynamic application security testing (DAST) solution. It is a zero-touch, non-intrusive cloud-based solution that provides daily monitoring for web applications, checking for systems and application vulnerabilities, and malware. Indusface WAS with its automated scans & manual pentesting done by certified security experts ensures none of the OWASP Top10, business logic vulnerabilities, and malware go unnoticed. With zero false-positive guarantee and comprehensive reporting with remediation guidance, Indusface web app scanning ensures developers to quickly fix vulnerabilities seamlessly. **Average Rating:** 4.6/5.0 **Total Reviews:** 63 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.2/10) - **Detection Rate:** 9.2/10 (Category avg: 8.9/10) - **Automated Scans:** 9.3/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 8.8/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [Indusface](https://www.g2.com/sellers/indusface) - **Year Founded:** 2012 - **HQ Location:** Vadodara - **Twitter:** @Indusface (3,470 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/indusface/ (174 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer Software, Information Technology and Services - **Company Size:** 52% Small-Business, 37% Mid-Market #### Pros & Cons **Pros:** - Vulnerability Detection (19 reviews) - Vulnerability Identification (16 reviews) - Customer Support (6 reviews) - Scanning Efficiency (6 reviews) - Security (6 reviews) **Cons:** - Expensive (2 reviews) - Confusing Interface (1 reviews) - Lacking Features (1 reviews) - Limited Scope (1 reviews) - Poor Interface Design (1 reviews) ### 25. [MetaDefender](https://www.g2.com/products/metadefender/reviews) MetaDefender Platform is an advanced threat prevention solution that lets organizations embed multi-layer file security into existing applications and security architectures, especially to protect common attack vectors like malicious file uploads, untrusted file transfers, and file-based supply chain risk. It’s designed for environments that need stronger protection against highly evasive malware, zero-day attacks, and APTs, including IT and OT/critical infrastructure use cases. MetaDefender easily integrates into your existing IT solutions and can be deployed on-premises (including air-gapped), in cloud/IaaS, or as SaaS. We offer flexible implementation options for ICAP enabled devices, containerized applications, AWS, Azure, NAS/Storage workflows and Rest API. Overview: Multi-engine malware scanning: Quickly scan files with 30+ antivirus engines and detect over 99% of known malware. Deep CDR (Content Disarm & Reconstruction): Recursively sanitize and rebuild 200+ file types to neutralize embedded threats while maintaining file usability, with extensive reconstruction and file conversion options. Proactive DLP: Remove, redact, or watermark sensitive data in files before content enters or leaves the organization; also supports AI-powered document classification. File-based Vulnerability Assessment: Identify vulnerabilities in installers, binaries, and applications before they are installed/executed and reduce exposure to known software flaws. Threat intelligence-driven detection: Identify malicious domains and IPs embedded in documents and support near real-time blocking using curated threat intelligence. Adaptive threat analysis (sandboxing): Detonate and analyze suspicious files in a controlled environment and improve zero-day detection. SBOM & software supply chain visibility: Generate SBOMs and identify vulnerabilities in source code and containers. Reputation Engine: Use file hash reputation (known good/known bad/unknown) and advanced analysis to remediate false positives faster. Visibility, reporting, and policy control: Gain operational visibility, use automated reports for remediation, and configure workflow/analysis rules based on user, business priority, file source, and file type. Free Training - OPSWAT Academy: https://www.opswat.com/academy **Average Rating:** 4.5/5.0 **Total Reviews:** 21 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.2/10) - **Detection Rate:** 10.0/10 (Category avg: 8.9/10) - **Automated Scans:** 10.0/10 (Category avg: 9.0/10) - **Configuration Monitoring:** 10.0/10 (Category avg: 8.4/10) **Seller Details:** - **Seller:** [OPSWAT](https://www.g2.com/sellers/opswat) - **Company Website:** https://www.opswat.com - **Year Founded:** 2002 - **HQ Location:** Tampa, Florida - **Twitter:** @OPSWAT (7,227 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/opswat/ (1,124 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 67% Mid-Market, 43% Small-Business #### Pros & Cons **Pros:** - Ease of Use (12 reviews) - Security (11 reviews) - Protection (10 reviews) - Scanning Efficiency (10 reviews) - Scanning (9 reviews) **Cons:** - Complex Configuration (3 reviews) - Difficult Setup (3 reviews) - Excessive Blocking (3 reviews) - Overblocking (3 reviews) - Policy Management (3 reviews) ## Parent Category [DevSecOps Software](https://www.g2.com/categories/devsecops) ## Related Categories - [Penetration Testing Tools](https://www.g2.com/categories/penetration-testing-tools) - [Dynamic Application Security Testing (DAST) Software](https://www.g2.com/categories/dynamic-application-security-testing-dast) - [Risk-Based Vulnerability Management Software](https://www.g2.com/categories/risk-based-vulnerability-management) --- ## Buyer Guide ### What You Should Know About Vulnerability Scanner Software ### What is Vulnerability Scanner Software? Vulnerability scanners are used to examine applications, networks, and environments for security flaws and misconfigurations. These tools run a variety of dynamic security tests to identify security threats along an application or network’s attack surface. Scans can be used for anything from an application penetration test to a compliance scan. Depending on the specific objectives a user has, they can customize the vulnerability scanner to test for specific issues or requirements. Companies can configure these tests to their unique environment. Companies that handle lots of personal or financial data may scan to ensure every transaction or datastore is encrypted from the public. They could also test their web applications against specific threats like SQL injection or cross-site scripting (XSS) attacks. The highly-customizable nature of vulnerability scanners provides users with tailor-made solutions for application and network security examination. Many of these tools offer continuous scanning and testing for nonstop protection and monitoring. Whatever administrators set as a priority will be tested periodically and inform employees of issues or incidents. Continuous monitoring makes it much easier to discover vulnerabilities before they become an issue and drastically reduce the amount of time a vulnerability takes to remediate. Key Benefits of Vulnerability Scanner Software - Scan networks and applications for security flaws - Diagnose, track, and remediate vulnerabilities - Identify and resolve misconfigurations - Perform ad hoc security tests ### Why Use Vulnerability Scanner Software? Applications and networks are only beneficial to a business if they operate smoothly and securely. Vulnerability scanners are a useful tool to view internal systems and applications from the perspective of the attacker. These tools allow for dynamic testing while applications operate. This helps security teams take a step beyond patches and code analysis to evaluate security posture while the application, network, or instance actually runs. **Application security—** Cloud, web, and desktop applications all require security, but operate differently. While many vulnerability scanners support testing for all kinds of applications, vulnerability scanners often support a few application types, but not others. Still, they will all examine the application itself, as well as the paths a user needs to access it. For example, if a vulnerability scanner is used on a web application, the tool will take into account the various attack vectors a hacker might take. This includes a site’s navigation, regional access, privileges, and other factors decided by the user. From there, the scanner will output reports on specific vulnerabilities, compliance issues, and other operational flaws. **Networks —** While software applications are often the most obvious use cases for vulnerability scanners, network vulnerability scanners are also quite common. These tools take into account the network itself, as well as computers, servers, mobile devices and any other asset accessing a network. This helps businesses identify vulnerable devices and abnormal behaviors within a network to identify and remediate issues as well as improve their network's security posture. Many even provide visual tools for mapping networks and their associated assets to simplify the management and prioritization of vulnerabilities requiring remediation. **Cloud environments —** Not to be confused with cloud-based solutions delivered in a SaaS model, cloud vulnerability scanners examine cloud services, cloud computing environments, and integrated connections. Like network vulnerability scanners, cloud environments require an examination on a few levels. Cloud assets come in many forms including devices, domains, and instances; but all must be accounted for and scanned. In a properly secured cloud computing environment, integrations and API connections, assets, and environments must all be mapped, configurations must be monitored, and requirements must be enforced. ### What are the Common Features of Vulnerability Scanner Software? Vulnerability scanners can provide a wide range of features, but here are a few of the most common found in the market. **Network mapping —** Network mapping features provide a visual representation of network assets including endpoints, servers, and mobile devices to intuitively demonstrate an entire network’s components. **Web inspection —** Web inspection features are used to assess the security of a web application in the context of its availability. This includes site navigation, taxonomies, scripts, and other web-based operations that may impact a hacker’s abilities. [**Defect tracking**](https://www.g2.com/categories/vulnerability-scanner/f/issue-tracking) **—** Defect and issue tracking functionality helps users discover and document vulnerabilities and track them to their source through the resolution process. **Interactive scanning —** Interactive scanning or interactive application security testing features allow a user to be directly involved in the scanning process, watch tests in real time, and perform ad hoc tests. [**Perimeter scanning**](https://www.g2.com/categories/vulnerability-scanner/f/perimeter-scanning) **—** Perimeter scanning will analyze assets connected to a network or cloud environment for vulnerabilities. [**Black box testing**](https://www.g2.com/categories/vulnerability-scanner/f/black-box-testing) **—** Black box scanning refers to tests conducted from the hacker’s perspective. Black box scanning examines functional applications externally for vulnerabilities like SQL injection or XSS. **Continuous monitoring —** Continuous monitoring allows users to set it and forget it. They enable scanners to run all the time as they alert users of new vulnerabilities. [**Compliance monitoring**](https://www.g2.com/categories/vulnerability-scanner/f/compliance-testing) **—** Compliance-related monitoring features are used to monitor data quality and send alerts based on violations or misuse. **Asset discovery —** Asset discovery features unveil applications in use and trends associated with asset traffic, access, and usage. **Logging and reporting —** Log documentation and reporting provides required reports to manage operations. It provides adequate logging to troubleshoot and support auditing. **Threat intelligence —** Threat intelligence features integrate with or store information related to common threats and how to resolve them once incidents occur. **Risk analysis —** Risk scoring and risk analysis features identify, score, and prioritize security risks, vulnerabilities, and compliance impacts of attacks and breaches. **Extensibility —** Extensibility and integration features provide the ability to extend the platform or product to include additional features and functionalities. Many vulnerability scanner tools will also offer the following features:  - [Configuration monitoring capabilities](https://www.g2.com/categories/vulnerability-scanner/f/configuration-monitoring) - [Automated scan capabilities](https://www.g2.com/categories/vulnerability-scanner/f/automated-scans) - [Manual application testing capabilities](https://www.g2.com/categories/vulnerability-scanner/f/manual-application-testing) - [Static code analysis capabilities](https://www.g2.com/categories/vulnerability-scanner/f/static-code-analysis) ### Potential Issues with Vulnerability Scanner Software **False positives —** False positives are one of the most common issues with security tools. They indicate a tool is not running efficiently and introduce lots of unnecessary labor. Users should examine figures related to specific products and their accuracy before purchasing a solution. **Integrations —** Integrations can make an application or product do virtually anything, but only if the integration is supported. If a specific solution must be integrated or a specific data source is highly relevant, be sure it’s compatible with the vulnerability scanner before making that decision. **Scalability —** Scalability is always important, especially for growing teams. Cloud and SaaS-based solutions are traditionally the most scalable, but desktop and open source tools may be as well. Scalability will be important for teams considering collaborative use, concurrent use, and multi-application and environment scanning. ### Software and Services Related to Vulnerability Scanner Software These technology families are either closely related to vulnerability scanners or there is frequent overlap between products. [**Risk-based vulnerability management software**](https://www.g2.com/categories/risk-based-vulnerability-management) **—** Risk-based vulnerability management software is used to analyze security posture based on a wide array of risk factors. From there, companies prioritize vulnerabilities based on their risk score. These tools often have some overlapping features, but they’re more geared towards prioritizing risks in large organizations rather than identifying vulnerabilities to individual applications or environments. [**Dynamic application security testing (DAST) software**](https://www.g2.com/categories/dynamic-application-security-testing-dast) **—** DAST software is very closely related to vulnerability scanners and are sometimes used interchangeably. The differentiating factor here, though, is the ability to scan networks, cloud services, and IT assets in addition to applications. While they do scan for vulnerabilities, they won’t allow users to map networks, visualize environments, or examine vulnerabilities beyond the scope of the application. [**Static application security testing (SAST) software**](https://www.g2.com/categories/static-application-security-testing-sast) **—** SAST software is not that similar to vulnerability scanners, unlike DAST tools. SAST tools allow for the examination of source code and non-operational application components. They also can’t simulate attacks or perform functional security tests. Still, these can be useful for defect and bug tracking if the vulnerability is rooted in an application’s source code. [**Penetration testing software**](https://www.g2.com/categories/penetration-testing) **—** Penetration testing software is one aspect of vulnerability scanning, but a penetration test will not provide a wide variety of security tests. They are useful for testing common attack types, but they won’t be very effective in identifying and remediating the root cause of a vulnerability.