Sold by: Escape
Deployed on AWS
AI-powered DAST that easily integrates with your modern stack, finds even the most complex issues, and helps developers with remediation.
4.9
Overview
Image
Business-logic-aware DAST
Image
Attack Path Validation & Code-level Remediation
Image
Automation - CLI, Escape API and workflows
Your AppSec team is 100x smaller than your engineering org.
Escape is built for that math.
Escape is an AI-powered, business-logic-aware DAST built for security teams covering 50+ deployments a week without slowing engineering down. Where legacy DAST sees a form field and runs payload lists, Escape sees a payment flow, an authorization boundary, an OAuth handshake and tests whether the logic actually holds.
What you get with Escape DAST
-
Business-logic testing, not just payload injection. Escape uncovers BOLAs, IDORs, broken access controls, auth bypasses, and pricing logic flaws, all the issues that actually get exploited. Customers see 63% more complex true positives compared to legacy DAST.
-
Security that ships with your code, not after it. Native CI/CD integration scans every build. Findings come with attack paths, screenshots, exploration graphs, and source-code-aware remediation guidance, so engineers fix faster instead of arguing about whether the issue is real. Customers report 80% reduction in time-to-remediation.
-
Built for outnumbered teams. Per-team RBAC, custom rules, AI-assisted setup, and workflows that route findings to the people who own the asset. Security engineers save roughly 12 hours per month on triage and configuration work.
-
Modern auth handled out of the box. OAuth, SAML, password, TLS, TOTP MFA. Authenticated testing without weeks of scripting.
-
Multiplies your existing stack. Findings flow into Wiz with the context risk prioritization actually needs. Tickets, IDE fixes, and chat workflows route to the right engineer with the right evidence.
Escape is a customer-centric company, and we have the privilege of working with exceptional companies like Schibsted (Media), HealthEquity (Healthcare), Applied (InsurTech), Visma & Miro (Tech), DoubleVerify (AdTech), Thinkific (EdTech), and many others.
To receive a private offer quote, email us at sales@escape.tech , or contact your AWS account manager.
Highlights
- Go further than payload-based testing. Using built-in-house AI-powered testing, Escape uncovers deep security issues like BOLAs, IDORs, and Access Control flaws. Our technology achieves 4000% coverage improvement compared to legacy DAST approaches.
- Escape integrates directly into your CI/CD pipeline, provides detailed attack paths, and generates remediations tailored to your exact source code. Remediation becomes part of the process, not an afterthought.
- Automations, workflows, custom rules, and AI-powered setup assistance. Everything is built in for a small team to scale their effort across the entire org.
Details
Sold by
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Access real-time vendor security and compliance information through their Trust Center powered by Drata or Vanta. Review certifications and security standards before purchase.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Escape Enterprise Plan - Up to 15 apps | Up to 15 scanned applications included, unlimited scan frequency, dedicated technical support | $50,000.00 |
Escape Enterprise Plan - Up to 60 apps | Up to 60 scanned applications included, unlimited scan frequency, dedicated technical support | $150,000.00 |
Escape Enterprise Plan - Up to 120 apps | Up to 120 scanned applications included, unlimited scan frequency, dedicated technical support | $240,000.00 |
Vendor refund policy
For any questions regarding refunds, reach out to us at support@escape.tech
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
For any inquiries, kindly reach out to us through your designated support channel or via email at support@escape.tech . You can also make use of our in-app live messaging feature within the Escape platform for real-time assistance.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Escape
By StackHawk, Inc.
By OpenText
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Business Logic Testing
AI-powered testing that identifies business logic vulnerabilities including BOLAs, IDORs, broken access controls, auth bypasses, and pricing logic flaws beyond traditional payload injection methods.
CI/CD Pipeline Integration
Native integration with CI/CD pipelines that scans every build and provides attack paths, screenshots, exploration graphs, and source-code-aware remediation guidance.
Authentication Protocol Support
Out-of-the-box support for multiple authentication methods including OAuth, SAML, password-based authentication, TLS, and TOTP MFA for authenticated testing.
Role-Based Access Control and Workflows
Per-team RBAC, custom rules configuration, AI-assisted setup, and automated workflows that route findings to asset owners for efficient triage and management.
Security Findings Integration
Integration with security platforms to flow findings with context-aware risk prioritization, enabling ticket creation, IDE fixes, and chat-based workflows for remediation.
Dynamic Application Security Testing (DAST)
Automated dynamic application security testing tool designed to identify vulnerabilities in applications and APIs during the software development lifecycle.
CI/CD Pipeline Integration
Integrates with AWS CodeBuild and AWS CodePipeline to automate security testing as part of the continuous integration and continuous deployment workflow.
Multi-Protocol API Testing Support
Supports testing of REST, GraphQL, SOAP, and gRPC APIs with custom test data capabilities for REST and GraphQL protocols.
Generative AI-Powered API Discovery
Utilizes generative AI technology to identify hidden APIs and provide information about API existence, location, and ownership.
Enterprise Access Control and Compliance
Provides single sign-on, role-based permissions, activity history, audit logging, policy management, and team-based access controls for enterprise deployments.
Static Application Security Testing
Detects over 1137 unique categories of vulnerabilities across 29 programming languages spanning over 1 million individual APIs
Dynamic and Interactive Application Security Testing
Offers dynamic application security testing (DAST), interactive application security testing (IAST), and mobile application security testing (MAST) capabilities on demand
CI/CD Pipeline Integration
Integrates into development toolchain with Swagger-supported RESTful APIs, GitHub repository support, and plugins for DevOps, VSTS, and Jenkins ecosystem partners
Software Supply Chain Security
Provides precise identification and matching of custom code and third-party risks using proprietary research data to protect software integrity and SDLC
Cloud-Native Application Support
Purpose-built to secure rapidly evolving cloud-native technologies and architectures with flexibility to adapt to diverse application requirements and emerging attack vectors
Standard contract
No
No
Customer reviews
Varun S.
Fast, Transparent DAST with Excellent GraphQL Handling and Strong Support
Reviewed on Jun 18, 2026
Review provided by G2
What do you like best about the product?
Escape is built with a wide range of protocols in mind and shows a strong understanding of how they work. In particular, I really liked how it handles GraphQL operations. I’ve gotten better results than with traditional DASTs.
The UI/UX offers a lot of transparency into what the tool is doing and how it reports issues. Filtering is excellent, and it’s easy to adapt it to whatever prioritization matrix you use. Scans are also quick.
Escape comes with the baseline integrations you need from day one. It covers the same integrations you’d expect from other DAST platforms, and the team is quick to work with you on new ones when there’s enough interest and it improves the overall experience.
Support has been consistently strong: they typically respond within half a day and do a great job helping resolve issues. They’re also willing to jump on calls to debug and fix things together.
Escape's AI Copilot is great on its own, but if you want to extend it further, you can use Escape MCP with other AI tools to build your own triage pipelines with custom context and knowledge.
I was an early adopter of Escape, and their pricing has been fair since day one.
The UI/UX offers a lot of transparency into what the tool is doing and how it reports issues. Filtering is excellent, and it’s easy to adapt it to whatever prioritization matrix you use. Scans are also quick.
Escape comes with the baseline integrations you need from day one. It covers the same integrations you’d expect from other DAST platforms, and the team is quick to work with you on new ones when there’s enough interest and it improves the overall experience.
Support has been consistently strong: they typically respond within half a day and do a great job helping resolve issues. They’re also willing to jump on calls to debug and fix things together.
Escape's AI Copilot is great on its own, but if you want to extend it further, you can use Escape MCP with other AI tools to build your own triage pipelines with custom context and knowledge.
I was an early adopter of Escape, and their pricing has been fair since day one.
What do you dislike about the product?
I’m mostly going to nitpick here.
Escape could elevate the UX tremendously and connect its offerings more cohesively. It supports GraphQL schema files, but there’s no way to automate schema file updates. It would be a huge help if it had GitHub integration so it could automatically discover and pull schema files.
Similarly, Escape Copilot is great at reasoning with the information that’s available, but that alone isn’t enough for me to fully trust its reasoning when the goal is to reduce triage time.
Right now, I run custom pipelines via Escape’s MCP for triage agents, using my own code knowledge for correlation. If they introduce GitHub integration, they could leverage it to provide better triage outcomes.
They could also improve the UX around load times. The platform takes a while to load pages and profiles.
Lastly, Escape could improve their APIs & other component with customer side automations in mind. Escape generate good reports but there is no automated way to export those as PDFs. You have to manually fetch the data via API and format it where the escape insights and presentation is lost.
Escape could elevate the UX tremendously and connect its offerings more cohesively. It supports GraphQL schema files, but there’s no way to automate schema file updates. It would be a huge help if it had GitHub integration so it could automatically discover and pull schema files.
Similarly, Escape Copilot is great at reasoning with the information that’s available, but that alone isn’t enough for me to fully trust its reasoning when the goal is to reduce triage time.
Right now, I run custom pipelines via Escape’s MCP for triage agents, using my own code knowledge for correlation. If they introduce GitHub integration, they could leverage it to provide better triage outcomes.
They could also improve the UX around load times. The platform takes a while to load pages and profiles.
Lastly, Escape could improve their APIs & other component with customer side automations in mind. Escape generate good reports but there is no automated way to export those as PDFs. You have to manually fetch the data via API and format it where the escape insights and presentation is lost.
What problems is the product solving and how is that benefiting you?
I’m using Escape to close the gaps in our current DAST coverage as Sigma becomes more API-first and GraphQL-heavy. Previous tool was falling short for me on GraphQL support, authenticated and logic-aware testing, and CI/CD integration, which meant weaker coverage for issues like BOLA/IDOR and multi-step workflow flaws.
Escape helps me by giving me better coverage across the surfaces I actually care about - our GraphQL backends, APIs, and web apps - with native GraphQL discovery, authenticated and multi-user scanning, internal scanning through private locations, and more context-aware vulnerability detection.
The practical benefit to me is that I can get broader coverage, higher-fidelity findings, and better operational fit. I’m expecting fewer false positives, better signal for developers, and tighter integration with our existing workflows so security testing is less of a bottleneck.
Escape helps me by giving me better coverage across the surfaces I actually care about - our GraphQL backends, APIs, and web apps - with native GraphQL discovery, authenticated and multi-user scanning, internal scanning through private locations, and more context-aware vulnerability detection.
The practical benefit to me is that I can get broader coverage, higher-fidelity findings, and better operational fit. I’m expecting fewer false positives, better signal for developers, and tighter integration with our existing workflows so security testing is less of a bottleneck.
Information Technology and Services
Excellent DAST disruptor
Reviewed on Sep 11, 2025
Review provided by G2
What do you like best about the product?
Escape has an excellent modern approach to DAST testing making it easy to manage complex single threaded scans. One of the nicest/underated features is the screen capturing in scan logs allowing teams to quickly validate if authentication has occured and to assess product coverage.
What do you dislike about the product?
Since it is a start up there are some features missing but they have added them to the roadmap and quickly iterate through version based on user feedback a rarity in a stagnant market.
What problems is the product solving and how is that benefiting you?
It solves complex single thread authentication scanning and creates simplicity to DAST scanning which no other vendor was able to provide for us.
Financial Services
API security : inventory & security checks made easy!
Reviewed on Feb 19, 2025
Review provided by G2
What do you like best about the product?
Easy to setup
Easy to integrate to your CI/CD
Public and private internal APIs supported
Nice advices and examples for your developers to address issues
Capacity to create workflows
Easy to integrate to your CI/CD
Public and private internal APIs supported
Nice advices and examples for your developers to address issues
Capacity to create workflows
What do you dislike about the product?
Small company, which could block the purchasing process in some large companies.
Not yet recognized company even if their product is great
Not yet recognized company even if their product is great
What problems is the product solving and how is that benefiting you?
Help identifying vulnerabilities or coding errors continually in our APIs and propose solutions to our developpers.
Nobuyuki I.
Best API security testing tool in the world!
Reviewed on Feb 17, 2025
Review provided by G2
What do you like best about the product?
We have been using Escape platform for a couple years since the beginning of their product.
It effectively addresses the pain points in API security management!
The tool excels in detecting a wide range of API vulnerabilities, including business logic flaws often missed by other solutions.
It effectively addresses the pain points in API security management!
The tool excels in detecting a wide range of API vulnerabilities, including business logic flaws often missed by other solutions.
What do you dislike about the product?
The updates to the platform, while ensuring we always have access to the latest features and security enhancements, can sometimes require a bit of adjustment on our part.
Nevertheless, the benefits of the tool far outweigh this minor inconvenience, and we look forward to seeing how the platform evolves to balance innovation with user familiarity.
Nevertheless, the benefits of the tool far outweigh this minor inconvenience, and we look forward to seeing how the platform evolves to balance innovation with user familiarity.
What problems is the product solving and how is that benefiting you?
We usually build AWS serverless applications for many clients, but we do not have experienced security engineers in our team that's where Escape platform helps us a lot.
Reporting to the client becomes much easier as well, we want to apply Escape security testing to upcoming projects as a standard security assesments
Reporting to the client becomes much easier as well, we want to apply Escape security testing to upcoming projects as a standard security assesments
Information Technology and Services
API Security with Escape
Reviewed on Jan 30, 2025
Review provided by G2
What do you like best about the product?
Easy to integrate. Helped to quickly check and make sure our GraphQL endpoints were secure.
Great customer support as well.
Great customer support as well.
What do you dislike about the product?
No complaints here. Worked great for us.
What problems is the product solving and how is that benefiting you?
It is helping us make sure our API security is up to date.