Lead Security Architect at a comms service provider with 1,001-5,000 employees
Real User
Jul 28, 2021
There are many automated DAST & SAST tools but from my perspective, there is no tool that can give you fully automated penetration testing, as most of the pentesting efforts are manual and depend on the professional and their way of thinking.
Also, you can use a variety of open-source tools like ZAP, Kali Linux distro inbuilt Metasploit, Nmap, hands-on scripting languages like Python, Shell, Perl, knowledge on latest vulnerabilities trends, and exploitation techniques.
Search for a product comparison in Static Application Security Testing (SAST)
Cybersecurity Operations Engineer at a tech services company with 201-500 employees
Real User
Top 20
Feb 16, 2022
Hello,
I can say the most helpful product is Picus for this need. It is not only one time pentest tool, but it can be considered as full-time monitoring tool for whole infrastructure. Also it is extremely easy to deploy.
There is one automated penetration testing tool that performs way beyond VAPT. We are using an AI-based automated pentest platform (robot) that performs penetration testing without the intensity work from human pentester.
The tool utilizes thousand of scenarios and custom scenarios to be built into the library which can be invoked during automated penetration testing. Several key powerful scenarios are as follows:
1. Web to Database penetration testing,
2. Ransomware penetration testing.
The tool that I am using is RidgeSecurity.ai
Let me know if you need more information, I'd be happy to explain further.
@Evgeny Belenky to be honest, I am consulting provider for banks, we sought after this solution to reduce our dependency on human-based pentest - so no human error.
We provide this service for banks using this technology.
The system runs 24/7 with a pre-defined / custom workflow that we instilled based on its AI decision system engine.
It could do repetitive and multi-layer / steps attack simulation just like how human pentester could do.
Find out what your peers are saying about SonarSource Sàrl, Veracode, Checkmarx and others in Static Application Security Testing (SAST). Updated: January 2026.
Vulnerability Management is a cybersecurity process focused on identifying, evaluating, treating, and reporting security vulnerabilities in systems and software.
A thorough understanding of its components and tools is essential for protecting organizational assets. Modern solutions often offer automated scanning, comprehensive risk assessments, and integration with other security operations. Users highlight ease of use and effective remediation capabilities in leading products.
What...
There are many automated DAST & SAST tools but from my perspective, there is no tool that can give you fully automated penetration testing, as most of the pentesting efforts are manual and depend on the professional and their way of thinking.
Also, you can use a variety of open-source tools like ZAP, Kali Linux distro inbuilt Metasploit, Nmap, hands-on scripting languages like Python, Shell, Perl, knowledge on latest vulnerabilities trends, and exploitation techniques.
Hello,
I can say the most helpful product is Picus for this need. It is not only one time pentest tool, but it can be considered as full-time monitoring tool for whole infrastructure. Also it is extremely easy to deploy.
Thanks,
Erdem.
Hi Evgeny,
There is one automated penetration testing tool that performs way beyond VAPT. We are using an AI-based automated pentest platform (robot) that performs penetration testing without the intensity work from human pentester.
The tool utilizes thousand of scenarios and custom scenarios to be built into the library which can be invoked during automated penetration testing. Several key powerful scenarios are as follows:
1. Web to Database penetration testing,
2. Ransomware penetration testing.
The tool that I am using is RidgeSecurity.ai
Let me know if you need more information, I'd be happy to explain further.
Thanks,
Rendy
@Evgeny Belenky to be honest, I am consulting provider for banks, we sought after this solution to reduce our dependency on human-based pentest - so no human error.
We provide this service for banks using this technology.
The system runs 24/7 with a pre-defined / custom workflow that we instilled based on its AI decision system engine.
It could do repetitive and multi-layer / steps attack simulation just like how human pentester could do.
@Alon Mantsur, @Olufemi Adalemo, @Hassan-Moussafir , @Bill Young. Can you please chime in? Tnx