Security testing tools are typically built around a particular platform and/or technology. There is little open source pressure for security testing, so these are usually expensive, specialized tools that include heavy services. Here are the top security testing tools to consider:  
  1. HP Fortify On Demand
Summary:  Provides application security as a service with a single platform to view and manage security risk, develop security testing schedules and run remediation projects. Fortify on Demand runs automated tests with a full audit of results and includes support for the SAST, DAST and IAST spaces (due to addition of the legacy WebInspect tool) as well as limited support for MAST. Features:
  • Strongest set of combined offerings with full support across languages
  • Includes RASP support
What you really need to know: HP is undoubtedly the largest player in the security space, with tools for SAST, DAST, IAST and MAST. For more information: To learn more, visit the HP Fortify website. Reviews: Visit for a list of reviews. Pricing: Plans start at $2000 per application with 4 pricing tiers. Request pricing here.  
  1. Veracode
Summary:  Veracode offers tools for SAST, DAST, IAST and MAST. Its binary static analysis is built toward Agile, while its DAST and IAST tools offer true cloud hosting and web perimeter monitoring. Additionally, almost all of its offerings are targeted to mobile. Features:
  • Strongest player for cloud and mobile technologies
  • Integrates with numerous bug tracking and QA tools, such as TFS
  • Includes RASP support
What you really need to know: Veracode is the largest player in the security space without its own testing and SDLC tools. For more information: Learn more at Reviews: Head over to to read reviews for Veracode.  
  1. IBM Application Security APPScan
Summary:  Offers a single console for testing, reporting and policies and automates the correlation of static, dynamic and interactive security testing. IBM’s AppScan static testing tool is well known in the security space, although its DAST tools rely on third party solutions and its IAST tools only work with .Net and Java. Features:
  • Strong in SAST
  • Includes a complete suite of offerings
What you really need to know: IBM competes with HP as a similar full service offering, with some focus on downstream security tools like SIEM. For more information: Head over to IBMs website to learn more. Reviews: Visit or for reviews. Pricing: Plans start at $10,700 per install. Request pricing here.