DAST, API security, and the work behind it.

Buyer's Guide

Top 10 DAST Tools in 2026 (Honestly Ranked)

An honest, criteria-based ranking of the top DAST tools in 2026, including where our own product wins and loses.

Jun 3, 2026

Read full post → Guide

API and Application Security Testing: What You Should Know

Our comprehensive guide to next-generation API and application security testing: why legacy DAST and SAST miss API-first apps, how discovery-driven testing works, and how NightVision maps to federal API security requirements.

Updated Jun 2026

Buyer's Guide

Top 10 API Security Tools in 2026 (Honestly Ranked)

Runtime protection, testing, and discovery compared, honestly ranked across the API security category.

Jun 3, 2026

Insight

TeamPCP Shows Why “Secure the App” Now Means “Secure the Pipeline”

TeamPCP's supply-chain attacks turn stolen CI/CD secrets into ransomware. Learn how DAST and API discovery shrink the blast radius of pipeline compromise.

May 27, 2026

Insight

The Native Domain of Agentic Engineering

Why static analysis is the native domain of agentic engineering: AI agents both build and rely on static analysis, powering API eNVy's rapid evolution.

Mar 30, 2026

Announcements

NightVision Skills for Claude Code Are Now Available. Here's What They Do.

NightVision skills for Claude Code: four skills covering scan configuration, API discovery, finding triage, and CI/CD integration, installable in a minute.

Mar 5, 2026

Insight

Claude Code Security Is Here. What It Changes, and What It Doesn’t.

Claude Code Security is strong at code reasoning and patches. Here's how NightVision's API inventory controls and runtime DAST complement that scope.

Mar 3, 2026

Research

Your Crawler Is Testing the Same Button 50 Times. Ours Isn't.

FragGen, NightVision's fragment-based crawler upgrade, skips redundant page components, delivering 3.5x more states and 5x faster crawl efficiency.

Feb 11, 2026

Insight

Beware the Invisible APIs: The Serious Threat Posed by AI Coding Assistants

AI coding assistants create shadow APIs faster than teams can document them. Why legacy security tools fail and how code-level API discovery closes the gap.

Jan 28, 2026

Research

Introducing Automated Authentication Issue Remediation: From Detection to Pull Request in Minutes

API eNVy now finds authentication vulnerabilities, generates fixes with LLMs, and opens ready-to-review pull requests, in minutes instead of weeks.

Jan 21, 2026

Research

Introducing Intelligent Waits for Spidering

NightVision's crawler now uses WebDriver BiDi network and DOM signals instead of fixed delays, so spidering captures fully rendered dynamic web apps.

Nov 18, 2025

Insight

Why Every Business Needs NightVision's DAST

Legacy DAST misses undocumented APIs and breaks on modern apps. See how NightVision discovers APIs from code, then attacks them with code-traced proof.

Nov 4, 2025

Insight

Federal API Security Requirements (U.S.) - and How NightVision Helps

How federal mandates from NIST, CISA, OMB, FedRAMP, and EO 14028 shape API security, and how NightVision's API eNVy plus gray-box DAST helps you comply.

Sep 30, 2025

Research

Introducing Intelligent Form Handling for DAST Scans

Web forms are gateways to core app features but hard for crawlers to handle. NightVision's LLM-augmented spider generates context-aware form inputs for DAST.

Sep 17, 2025

Insight

API‑Security Approaches in 2025

A breakdown of six API-security approaches in 2025, WAFs, traffic mirroring, spec linting, legacy DAST, and why hybrid DAST plus code-intelligence wins.

Aug 21, 2025

Insight

Introducing Broken-Flask: Why SAST, DAST, and CNAPP Aren't Enough

Broken-Flask is an intentionally vulnerable Flask API whose SQL injections evade SAST, SCA, CNAPP, and traditional DAST, proving exploitability is what matters.

Aug 12, 2025

Insight

Mother Knows Best: Fix API Security Problems at Their Source

Reactive API security costs more than prevention. Learn why code-level API discovery plus CI-speed DAST fixes inactive, zombie, and shadow APIs at the source.

Jun 19, 2025

Insight

Fast DAST That Runs at Developer Speed

Modern DAST now runs in minutes, not hours. Eight reasons to plug dynamic security testing into CI, plus how NightVision scans at developer speed.

Jun 17, 2025

Research

Introducing the NightVision MCP Server: A New Way to Interact with NightVision

The open-source NightVision MCP Server lets AI assistants like Claude and Cursor run DAST scans, discover APIs, and fetch results via natural language.

Apr 22, 2025

Research

Next.js Middleware Bypass (CVE‑2025‑29927) Detection

CVE-2025-29927 lets attackers bypass Next.js middleware via the x-middleware-subrequest header. NightVision's nuclei template detects it with a two-stage approach.

Mar 26, 2025

Insight

Today Yogi might have said: "You can learn a lot from Discovery."

Why static-analysis API discovery beats the traffic-monitoring approach: faster, cheaper, complete, and it finds inactive, zombie, and shadow APIs before deployment.

Mar 21, 2025

Press Release

NightVision Transforms Secure Software Development With Application Testing Solution

NightVision launches a gray-box AppSec testing solution that identifies and locates exploitable vulnerabilities in minutes, before code reaches production.

May 29, 2024

Announcements

NightVision Has Completed a SOC 2 Exam. Here's What It Means for You.

NightVision has completed a SOC 2 Type II examination. Learn what a SOC 2 report is, what it covers, and why it matters for the security of your data.

May 24, 2024

Press Release

NightVision Bolsters Advisory Board To Propel Development and Deployment of Application Security Testing Solutions

NightVision builds a high-powered Advisory Board and adds cybersecurity veterans John Steven and Shaun Murphy to its Board of Directors to guide AppSec growth.

Apr 23, 2024

Announcements

NightVision Raises $5.4 Million In Seed Funding to Develop Fast and Easy-to-Use Application Security Testing

NightVision secures $5.4M in seed funding to build fast, easy-to-use gray-box application security testing that finds exploitable vulnerabilities pre-production.

Apr 15, 2024

Industry

The Essential Role of Dynamic Application Security Testing (DAST) in Complementing Static Application Security Testing (SAST)

Why DAST is essential alongside SAST: it proves vulnerabilities exist by simulating real attacks, works with any framework, and cuts false-positive noise.

Feb 15, 2024

Press Release

NightVision Now Discovers and Documents Software Application Programming Interfaces (APIs) In Seconds

NightVision releases API eNVy, an API discovery and documentation solution that uncovers shadow APIs in seconds using static analysis, no agents required.

Jan 11, 2024

Announcements

NightVision hires Qilong Wang to lead Engineering, to Help Shift the DAST Space Towards Developers

NightVision appoints Qilong Wang as VP of Engineering, bringing leadership experience from Mobi, SilverRail, Gomez, and Dynatrace to its developer-first DAST.

Nov 15, 2023