With over 20 DAST tools on the market, selecting the most suitable one can be challenging due to their different features and pricing options. We’ve compiled publicly available information on vendors’ pricing strategies, making it easy to get an overview and estimate the likely costs you may face.
Top DAST software prices
| Vendors | Free Trial | Price |
|---|---|---|
| Invicti | ✅ | Not shared publicly |
InsightVM Rapid7 | ✅ (30-day) | Pricing is asset-based (at least 512 assets). |
| PortSwigger Burp Suite | ✅ | Community edition: Free |
| Tenable Nessus | ✅ (7-day) | Tenable Nessus has 3 pricing edition(s), from $3,990 to $5,990 annually. |
NowSecure | ✅ | Not shared publicly |
Indusface WAS | ✅ (14-day) | Has an Advanced plan, priced at $59 per month. A Premium and MSSP plan is custom billed annually. |
Contrast Assess | ❌ | Not shared publicly |
Checkmarx DAST | ❌ | Not shared publicly |
| HCL AppScan | ✅ (30-day) | Not shared publicly |
The following are important to consider when it comes to pricing:
- Features offered: The features included in a DAST tool will affect its price. This is why some vendors offer different pricing options based on the features of their products. For example, Tenable offers two versions of its products, Nessus Pro and Nessus Expert. While the Pro version is less expensive than the Expert, it does not have features such as Web Application Scanning and External Attack Surface Scanning. (See Figure 3)
- Licensing model: While some DAST tools are priced based on a subscription model, which can be billed monthly or annually, others are based on the number of scans or the number of resources used. For example InsightVM Rapid 7 prices its services based on the number of assets a customer wishes to cover (See Figure 4).
- Free version with limited features: Some Vendors offer a basic version of their product with limited features or capacity. Clients can upgrade to a paid version for additional functionality. Burp Suite Community edition and Indusface WAS basic edition are examples of this.
Tenable Nessus
Tenable Nessus offers different versions of DAST tools, specifically Nessus Pro and Nessus Expert. Each has an annual subscription, but they differ in terms of cost and features. While Nessus Pro has a lower price, it does not have the most features offered in the Expert version (See Figure 1 & 2). See Tenable Nessus alternatives for more information.
Figure 1. Nessus Pro Pricing 1
Figure 2. Nessus Expert Pricing 2
Figure 3. Tenable Nessus Expert vs Pro 3
InsightVM Rapid 7
Rapid7’s InsightVM utilizes a pricing model that is primarily based on the number of assets you wish to cover. The pricing begins at a minimum of 512 assets, billed annually. Additionally, InsightVM offers discounts for higher volumes of assets, which means that the more assets you have, the lower the per-asset cost can be.
There are also various other offerings within InsightVM’s suite, such as application security testing, which costs around $2,000 per application, and log management services, which costs $19 per GB. It’s important to note that these prices are indicative and may vary based on specific requirements and agreements with Rapid7.
Figure 4. InsightVM Pricing Model 4
PortSwigger Burp Suite
PortSwigger’s Burp Suite offers several pricing models to accommodate different needs, ranging from individual use to large enterprise solutions.
Burp Suite Community: This version is free and it is designed for manual security testing. The Community Edition includes essential features like the Burp Proxy, which allows you to intercept traffic, and the Burp Repeater tool for manual testing of web applications. However, it lacks the automated scanning capabilities and other advanced features available in the Professional and Enterprise editions.
Burp Suite Professional: This edition is geared towards individual users and small teams. It requires an annual subscription; the cost has been shown as $449 per user per year. (Figure 5)
Burp Suite Enterprise Edition: This edition is designed for larger organizations with more extensive scanning needs. PortSwigger does not have publicly verifiable price information for this edition, they advise you to contact them to get a quote.
Figure 5. Burp Suite Professional Pricing 5
Indusface WAS
Indusface WAS offers a subscription-based pricing model with different levels to accommodate various needs and budgets. They provide an Advance tier billed at $59 per app per month or $599 per app annually. There is also the Premium and MSSP edition which is custom billed annually. (See Figure 7).
If you want to learn about these tools’ features, see vulnerability scanning tools.
Figure 7. Indusface WAS Pricing 6
FAQ
Are there open-source alternatives to commercial DAST tools?
Yes, there are several open-source DAST tools available, such as OWASP ZAP (Zed Attack Proxy) and Arachni. While these tools may not offer the same level of support and advanced features as commercial solutions, they can be a cost-effective option for organizations with limited budgets.
What are some best practices for maximizing the value of DAST tools?
To maximize the value of DAST tools, organizations should regularly update their testing methodologies to account for new threats and vulnerabilities, integrate DAST testing into the software development lifecycle (SDLC), prioritize and remediate identified vulnerabilities promptly, and invest in training to ensure that team members are proficient in using the tool effectively.
How can organizations determine which DAST tool is right for them?
Organizations should consider factors such as their budget, the specific security requirements of their applications, the level of expertise available within their team, and the scalability and flexibility of the DAST tool when evaluating their options.
Are there any additional costs associated with DAST tools?
In addition to the base licensing fees, organizations may incur additional costs for services such as training, implementation, integration with existing systems, and ongoing support and maintenance.
External Links
- 1. Tenable and Nessus Pricing & Purchase Options | Tenable®.
- 2. Tenable and Nessus Pricing & Purchase Options | Tenable®.
- 3. Advanced Vulnerability Assessment with Nessus Professional | Tenable®.
- 4. InsightVM Vulnerability Management Pricing - Rapid7.
- 5. Subscribe to Burp Suite Professional - PortSwigger.
- 6. WAS Pricing - Protect Your Apps Today | Indusface. Indusface
Comments
Your email address will not be published. All fields are required.