├── README.md
└── SASTDAST_Product_Comparison.xlsx


/README.md:
--------------------------------------------------------------------------------
 1 | # Comparison of Enterprise SAST/DAST Products
 2 | 
 3 | This document is a comparison of the features and capabilities of various enterprise SAST and DAST products. It is intended to be a living document, and contributions are welcome. Contibution is welcome so long as ratings can be qualified with a reference to a publically available sources.
 4 | 
 5 | Each product was rated on the below scale using publicly available information by myself. The ratings are subjective but generally qualified.
 6 | 
 7 | I am not associated with any of the products listed in this document, this is simply a collection of information that is useful to me, and may be useful to others, in the analysis and selection of a SAST/DAST product.
 8 | 
 9 | ## Format
10 | 
11 | This document is a vanilla excel spreadsheet that does not contain any macros or scripts. It is intended to be easily readable and editable by anyone with a basic understanding of excel.
12 | 
13 | ## Products Rated
14 |     - CheckMarx One Platform
15 |     - Veracode
16 |     - Rapid7 AppSpider (InsightAppSec Edition)
17 |     - Wiz.IO
18 |     - Fortify Static Code Analyzer
19 |     - Acunetix
20 |     - Invicti/NetSparker
21 |     - CloudDefense.AI
22 |     - Rapid7 Insight
23 |     - Fortify WebInspect
24 |     - SonarQube
25 | 
26 | ## Rating Categories
27 |     - Multi-Modal System Compatibility
28 |         - IOT Device / Firmware Analysis
29 |         - Web Application Analysis
30 |         - Mobile Application Analysis
31 |         - POS System Analysis
32 |         - Integration with Diverse Architectures
33 |     - Advanced Threat Detection
34 |         - High Volume Data Handling
35 |         - Cloud and On-Premise Scalability
36 |         - Real-Time Analysis for High Traffic Systems
37 |         - 0-Day Vulnerability Detection
38 |         - Advanced Logic Flaw Detection
39 |     - Integration & Automation
40 |         - CI/CD Pipeline Integration
41 |         - Automated Security Policy Enforcement
42 |         - Third-Party Tool Integration
43 |         - API Extensibility
44 |         - Automated Alerting and Response Mechanisms
45 |     - Compliance & Regulatory Adherence
46 |         - Compliance Reporting
47 |         - Regulatory Framework Alignment
48 |         - Data Privacy Analysis
49 |         - Audit Trail & Documentation
50 |         - Custom Compliance Rule Sets 
51 |     - Secure Development Lifecycle Integration
52 |         - Secure Coding Guidelines Adherence
53 |         - Risk Assessment and Prioritization
54 |         - Developer Security Training Integration
55 |         - Policy Compliance Validation
56 |         - Feedback Loop Efficiency
57 |     - Dynamic Analysis Proficiency
58 |         - Runtime Behavior Analysis
59 |         - Simulated Attack Patterns
60 |         - Third-Party Component Analysis
61 |         - Environment Interaction Analysis
62 |         - Custom Attack Vector Configuration
63 |     - Application Security Testing Automation
64 |         - Continuous Scanning Integration
65 |         - Automated Exploit Detection
66 |         - Authentication and Session Management Testing
67 |         - Anomaly Detection and Reporting
68 |         - Feedback Mechanisms for False Positives/Negatives
69 | 
70 | ## Rating Scale
71 | 
72 | - 10: Industry Leading: State-of-the-art features/capabilities; sets industry standards for functionality, integration, and ease of use; virtually no limits.
73 | - 9: Excellent: Advanced and comprehensive features with seamless integration; very user-friendly and efficient with minimal limitations.
74 | - 8: Very Good: Strong functionality with comprehensive features; integrates well with most systems; only a few minor limitations.
75 | - 7: Good: Good range of features and relatively easy integration with most systems; minor limitations in advanced capabilities.
76 | - 6: Moderately Above Average: Competent functionality; integration with some systems is possible with effort; some advanced features are present.
77 | - 5: Average: Adequate functionality and integration; meets essential requirements but lacks advanced features.
78 | - 4: Below Average: Some useful features, but still lacks robustness and integration capabilities; moderate manual intervention needed.
79 | - 3: Basic: Basic functionality with noticeable deficiencies and limited integration; requires substantial manual effort.
80 | - 2: Very Basic: Minimal functionality; suitable only for the simplest tasks with significant limitations.
81 | - 1: Extremely Limited: The feature exists but is rudimentary and not practical for most use cases.


--------------------------------------------------------------------------------
/SASTDAST_Product_Comparison.xlsx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bcdannyboy/EnterpriseSASTDASTProductLandscape/0769dd9451037c557fcb50a390b5a53d17e78de9/SASTDAST_Product_Comparison.xlsx


--------------------------------------------------------------------------------