It is top-rated and widely employed for conducting security assessments on networks, websites, and applications. It is considered the gold standard for evaluating security measures and identifying vulnerabilities in websites, networks, and applications. The tool's extensive capabilities make it a go-to choice for ensuring security. It is renowned for its comprehensive scanning and assessment of networks and websites, but it is also known for its significant cost, particularly for deploying it on large clusters.
Hardware Engineer at Ministry of Defense
Scalable and efficient web security and vulnerability management
Pros and Cons
- "It comes equipped with an internal applicator, which automatically identifies and addresses vulnerabilities within the program."
- "There's a clear need for a reduction in pricing to make the service more accessible."
What is our primary use case?
What is most valuable?
One of its primary features is its ability to offer automated solutions for application security. It comes equipped with an internal applicator, which automatically identifies and addresses vulnerabilities within the program. It then provides insights on how to rectify these issues, even showcasing the payloads and other relevant information in the report. Occasionally, it may generate some false positives, but for the most part, it delivers reports that are approximately 80% accurate. This allows users to manually test the function and ascertain its functionality. It also allows for communication with external entities, vendors, and servers used by the application. This information encompasses server hosting details, the status of open or closed ports, and insights into Indian Palantir, among others. These features make it an invaluable resource for those seeking to comprehensively understand their website's infrastructure and potential vulnerabilities.
What needs improvement?
The initial concern that comes to mind is the cost as the pricing structure is significantly high, especially for the average user. It amounts to approximately $2,000 per year, excluding additional expenses. There's a clear need for a reduction in pricing to make the service more accessible. Another critical enhancement should focus on the tool's ability to bypass Web Application Firewalls. Currently, it falls short in this aspect, which can be a significant limitation.
For how long have I used the solution?
I have been working with it for nine years now.
Buyer's Guide
Acunetix
December 2024
Learn what your peers think about Acunetix. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
What do I think about the stability of the solution?
It provides good stability abilities.
What do I think about the scalability of the solution?
It offers excellent scalability capabilities. You have the flexibility to adjust your usage based on workload demands and it becomes a valuable and frequently used tool to accommodate the increased workload when multiple projects come in. I would rate it nine out of ten.
How are customer service and support?
I am not very satisfied with the customer support they provide. It tends to be quite time-consuming. When I raised a ticket seeking assistance with a simple issue, their response time was notably delayed. They mentioned having a backlog of inquiries, and it took a while for them to address my specific question. There seems to be a disconnect between the amount of money they charge for their support services and the level of support they provide.
How would you rate customer service and support?
Neutral
How was the initial setup?
The initial setup was straightforward. I would rate it nine out of ten.
What about the implementation team?
You can easily download the application and install it on your desktop. The setup algorithm simplifies the application installation on your computer, it automatically configures itself on your system, eliminating the need for any manual configuration. It's a quick and hassle-free installation, taking just about five minutes to set up and configure. The deployment management is quite efficient and it can be handled by a single individual.
What's my experience with pricing, setup cost, and licensing?
The price is exceptionally high. They offer various categories of services, but the problem lies in the lack of transparency. Before purchasing, they don't clearly outline the available versions or their limitations, and they don't display their pricing on the website. They should have a standardized pricing structure readily available on their website for all potential users to see. This lack of pricing information is a rarity and an issue that needs to be addressed.
What other advice do I have?
To effectively utilize this tool on a monthly basis, users must possess a certain level of expertise. It is crucial that individuals who wish to employ this tool have experience in both programming and networking to make the most of its functionalities. I would rate it eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Security Engineer at a insurance company with 10,001+ employees
Our apps are more secure because the solution improves our processes and findings
Pros and Cons
- "We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why."
- "We have had issues during upgrades where their scans worked on some apps better with previous versions. Then, we had to work with their tech support, who were great, to get it fixed for the next version."
What is our primary use case?
We are doing dynamic code testing with some of our different websites and other applications that we've developed in-house.
Right now, we are doing the basic kick-off the target, control, and see what it comes up with in the report. We haven't done any importing yet.
We are using the Windows onsite solution.
How has it helped my organization?
We have had more success with this particular product being able to control our different applications better than some of the other applications that we have used in the past, as far as checking for vulnerabilities. We know our apps are more secure.
It takes a few weeks just to look at the entire process. We take the reports, send it to the business team, who give it the analysts, and then come up with the remediation plan. Afterwards, we scan it again unless there are critical issues, which are done in less time.
What is most valuable?
The ability to be on the website and test for different vulnerabilities.
We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why.
I can have a scan set up within five to ten minutes by double checking the login script works, so it doesn't take long at all.
We have found a few cross-site scripting vulnerabilities.
What needs improvement?
On the vulnerabilities screen, where you put your target on the drop down, it would be nice to have more choices, not have such limited options.
One thing that we used to be able to do in other applications with a macro was step-by-step filing in the fields of the app and being able to test certain forms. I haven't seen this in Acunetix. This would be a longer macro instead of doing a login, i.e., we are looking for a workflow process.
We have experienced few false positives. Though, it does depend on the application because sometimes it will identify false positives on one application, but not on another.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
The solution is stable.
We have had issues/hiccups during upgrades where their scans worked on some apps better with previous versions. Then, we had to work with their tech support, who were great, to get it fixed for the next version. This has been frustrating, because there have been some tweaks that hurt us from this perspective. This hasn't happened on every release, just a couple.
I am the main user for the product. We also have a couple of other people on staff who run scans.
What do I think about the scalability of the solution?
It seems to be scalable. Right now, we are just using it at our primary locations and and are scanning about 25 different apps. We are looking at the process of being able to scan more than one app simultaneously. It should fit our needs going forward.
How are customer service and technical support?
The technical support has been very helpful, and pretty quick to respond to emails or when I call in.
Which solution did I use previously and why did I switch?
The speed is phenomenal. Some of our applications can do a scan in less ten minutes, even some of our bigger scans. We were using Micro Focus Fortify WebInspect when it is was owned by HPE, and it would take two or three days for it to scan everything. Acunetix can scan everything within 13 hours, which is sort of long time, but still much shorter than the other apps that we were using. So, it seems to be pretty quick and pretty thorough.
We switched solutions because of cost and the timing of the scans was taking too long.
How was the initial setup?
The setup is very straightforward with the database and the way that we use it.
They have a very good support website, so you can find out answers to questions and reach out to the support team.
Downloading and updating the software took ten to 15 minutes (deployment). I am the person who does the deployments and upgrades.
What about the implementation team?
We did the deployment in-house. We did use the Acunetix support when dealing with the install or any type of setup piece. It was seamless, which was good.
What was our ROI?
We found it to improve our processes and findings.
The solution is paying for itself, as our applications are more secure.
We have found several hundred medium to high level vulnerabilities in our applications. In just one application, we were able to identify 75 of these vulnerabilities.
What's my experience with pricing, setup cost, and licensing?
The pricing and licensing are reasonable to a point. In order to run multiple scans at a time, we are going to have to purchase a 100 count license, which is overkill. Though, compared to what we were paying for, the cost seems reasonable.
Which other solutions did I evaluate?
We went with the recommendations of our parent company. This was one of the approved solutions.
What other advice do I have?
It is a pretty good product.
Do a demo and test whatever application that you are using right now. If you have a site where it is more difficult to identify vulnerabilities, or you have issues scanning, use this to check your particular software. If it can handle your more challenging apps, then it will definitely handle the easier, less technical sites.
We view it on a very traditional PC. Aesthetically, you can see what you are looking for. Unfortunately, we don't utilize the dashboard as much as we should and take full advantage of it. Right now, we're pretty much in the infancy of building the solution. It's nice to be able to look at the dashboard and see the vulnerabilities which are there. However, at this time, we not doing the retesting with the scans to clear them out. So, we are not taking advantage of this feature.
We are looking to increase the usage of the product to do multiple scans. We will potentially be increasing the number of applications that we are scanning. We are also looking to add the AcuSensor piece with our Jenkins Pipeline, but we haven't gotten there yet.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Acunetix
December 2024
Learn what your peers think about Acunetix. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
Comes with good performance but pricing is expensive
Pros and Cons
- "The tool's most valuable feature is performance."
- "Acunetix needs to improve its cost."
What is our primary use case?
We use the product for application security.
What is most valuable?
The tool's most valuable feature is performance.
What needs improvement?
Acunetix needs to improve its cost.
For how long have I used the solution?
I have been using the product for a year.
What do I think about the stability of the solution?
The tool is stable.
What do I think about the scalability of the solution?
Acunetix is scalable.
How are customer service and support?
The tool's support is good.
How would you rate customer service and support?
Positive
What other advice do I have?
I rate the product a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Engineer at Secure Network
Very easy to set up because they give you an installer that does everything
Pros and Cons
- "Acunetix has an awesome crawler. It gives a referral site map of near targets and also goes really deep to find all the inputs without issues. This was valuable because it helped me find some files or directories, like web admin panels without authentication, which were hidden."
- "I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection."
What is our primary use case?
We needed it to scan our internal network and web applications.
Our security team of five people used it. We scheduled some monthly scans for web applications, which were not being used, to check for vulnerabilities and also vulnerabilities on new features.
How has it helped my organization?
Where I worked was a big group where there were many agencies under it, and we did the security for all other agencies. With Acunetix, we cut the time to make infrastructures and web applications (for our colleagues) more secure.
For one application with two or three critical vulnerabilities and some other vulnerabilities, it took like a week to remediate issues because the scan and findings were really fast.
What is most valuable?
What I found to be valuable was the fully automated scanner because it is really fast.
Acunetix has an awesome crawler. It gives a referral site map of near targets and also goes really deep to find all the inputs without issues. This was valuable because it helped me find some files or directories, like web admin panels without authentication, which were hidden.
Acunetix saves on the cost of time because it is fast.
When Acunetix finds a vulnerability, it also checks for a false positive so it can be a 100 percent sure about the issue that it found. The false positives are really low, maybe one percent.
What needs improvement?
I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection.
They need more customized scans along with a way to edit their default payloads. While you can select which check to do, you can't add which payload to use.
For how long have I used the solution?
I used Acunetix 20 months ago at the last agency where I worked.
What do I think about the scalability of the solution?
The scalability was okay. We didn't need to do much work to implement it into the network or some web applications, so I think it's really easy to scale. We didn't need to do work on it because the solution is adaptable to every environment.
There were about 20 websites and other web applications.
How are customer service and technical support?
I never needed to talk to the Acunetix technical support.
Which solution did I use previously and why did I switch?
They were previously using Fortify WebInspect, which was good, but very costly.
How was the initial setup?
It was very easy to set up Acunetix, as they give you an installer that does everything. You just need to click: "Install".
It takes a maximum of 10 minutes to deploy, if you want to read everything.
We did other configurations to enable the IP address to talk to all the networks.
We also used Acunetix on a Linux server. The deployment process was the same as Windows. It was just another installer, but for Linux.
What was our ROI?
It saved us many weeks of work.
We didn't sell anything with Acunetix, so it was just an improvement for ourselves.
If someone would have hacked us, they probably would have caused much damage. However, now with Acunetix, they shouldn't be able to cause to damage.
What's my experience with pricing, setup cost, and licensing?
I think all the scanners, except Burp Suite, are a bit costly.
Implementing Acunetix needs a medium or larger business agency, because you need some money to get Acunetix. It is costly, but if you care about your agency's security, then maybe it's a cost that might help you in the future.
Which other solutions did I evaluate?
Acunetix is the fastest scanner available compared to applications like Netsparker and Fortify WebInspect. The longest scan with Acunetix, and it was for a huge web application, took only four hours. Other scanners did the job in six to eight hours.
While I like Netsparker, it is really slow compared to other scanners.
What other advice do I have?
We found 50 unexpected, high vulnerabilities for three web applications. This made our principal a bit mad.
We found three or four DOM-based XSS vulnerabilities using this solution.
It did not require maintenance on our part. We just needed to give it some credentials.
I would rate it as a nine out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Security Engineer at a media company with 1,001-5,000 employees
Interactive Application Security Testing provides more in-depth, granular findings, but integration with other tools is very limited
Pros and Cons
- "One of the features that I feel is groundbreaking, that I would like to see expanded on, is the IAS feature: The Interactive Application Security Testing module that gets loaded onto an application on a server, for more in-depth, granular findings. I think that is really neat. I haven't seen a lot of competitors doing that."
- "Integration into other tools is very limited for Acunetix. While we're trying to incorporate a CI/CD process where we're integrating with JIRA and we're integrating with Jenkins and Chef, it becomes problematic. Other tools give you a high integration capability to connect into different solutions that you may already have, like JIRA."
What is our primary use case?
Dynamic application security testing is our primary use case. I don't know if it would be used as a primary solution, but as a supplemental solution, Acunetix is very good for scanning applications and finding vulnerabilities.
We're a global organization. We're a large book publisher around the world. We use it globally: China, Australia, Europe, Asia, India, South America, Canada, and the USA. It's a global solution.
How has it helped my organization?
It has been instrumental in supplementing services that we already have.
What is most valuable?
Scheduling of testing cuts down on the manual, tedious activities that go into setting up a test site.
One of the features that I feel is groundbreaking, that I would like to see expanded on, is the IAS feature: The Interactive Application Security Testing module that gets loaded onto an application on a server, for more in-depth, granular findings. I think that is really neat. I haven't seen a lot of competitors doing that.
What needs improvement?
I would like to see them build up that IAS tool, the Interactive Application Security Testing module that is embedded with PHC. That's a very cool function.
I would also like to see them enhance the database. I don't know what version of OWASP Top Ten vulnerabilities they actually employ for Acunetix, but there are some versions of OWASP Top Ten vulnerabilities out there and I would like to see some PCI included as well within Acunetix. That would be great.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
The stability is great. We have never had any service drops. Whether we have run a web service where we allow our security professionals to access Acunetix over a URL, we have never had any problems with someone signing into the actual server and running Acunetix from a platform; or from an application perspective, where they're launching applications from the desktop of the server. Both have been pretty great.
What do I think about the scalability of the solution?
We are only using Acunetix as a secondary solution. We already employ Qualys as our primary solution but that was getting overworked. We needed to relieve it of some of the workload that we were sending it. What we did was look at a solution like Acunetix to help supplement some of the work that Qualys is doing for us. But since it is a secondary tool, scalability was never really an issue because we weren't asking the solution to scale at all.
How are customer service and technical support?
Tech support is not a 24-hour. It's more of a ticketing-type of solution where you e-mail the support team. We always go through our reseller for support. Response time is average, about a day or so until they respond.
How was the initial setup?
The setup and upgrades could be easier. I would like to see a wizard to take you step-by-step.
Upgrading v7 to v8, we had to do a fresh reinstall. We had to uninstall it and reinstall it rather than just reaching out, grabbing an update and have it fix itself. We had to go into some files and re-input a key and we actually needed to call support to help us with upgrading from 7 to 8. We had to create a support ticket, call one of the resellers of Acunetix, and get some assistance with that.
So a wizard would be great, a step-by-step instructional program that guides administrators or security professionals along the way, especially with upgrades from version to version or initial installs.
They should make it a little easier for security professionals or system administrators to get the software into the actual infrastructure. Without that, people are running around, searching for Wikis and documentation that supports deployment on multiple devices. I know when I was first working with Acunetix and getting it deployed into our environment, we ran across those issues. I would like them to make it a little easier, where automation plays a key in driving deployment of Acunetix, versus a manual installation process.
If you know what you're doing, the deployment of Acunetix can take less than 30 minutes.
What about the implementation team?
Everything was done internally.
What was our ROI?
Return on investment is hard to track because it really depends on the criticality of the vulnerabilities and what the business costs or impact could be if those vulnerabilities were actually exploited. We have a vigorous application security program so testing activities like SAST and DAST must take place. I know if we were to remove our DAST program and not test our websites, we could see an immediate cost-effect as a result. But since Acunetix is used as a secondary tool, we don't know if it actually provided any real cost metrics where we could say: "Okay, because of our use, we have saved X amount of dollars because it found Y amount of vulnerabilities that saved us Z amount of time remediating." Those metrics are not known.
What's my experience with pricing, setup cost, and licensing?
We have a corporate deal and we're almost at the end of that contract. We are looking to renew Acunetix, but we were told that the price was increasing greatly because of some advanced capabilities, or miscalculations of value. It's increasing by 3.5-fold from what the initial quote was. Because of that, we have to go back to the drawing board and figure out cost-to-capability value, versus features that we could get for that same amount.
At the current pricing structure, it doesn't save us money. It winds up costing the program money due to the fact that it's increasing in cost. At the time when we signed up initially, it was very beneficial because of its cost. When we looked at all other vendors and what they were asking, to provide a third of what Acunetix was capable of doing, it was an easy decision. With the IAS modules and everything else that we got as an add-on, it made it a real value compared to all the other competitors out there. But now that it's coming to a cost where it's line with market value, it becomes more of a competition.
Which other solutions did I evaluate?
There were other tools in the running, although I don't remember off the top of my head which ones. At the time, Acunetix was the winner mainly based on pricing and capability.
As I said, Acunetix is a secondary tool for us. We use Qualys as our primary DAST solution and when that gets overloaded we turn to Acunetix to supplement some of the load that we're putting on our prime solution.
Compared to other vendors in the field, the speed of Acunetix is just about average. Something like Micro Focus WebInspect scans about ten percent faster. If you're looking at IBM AppScan it might be five percent faster. We're not looking at a huge percentage difference in the time Acunetix takes to scan versus others.
The false-positive rate of Acunetix is definitely not perfect. No tool is going to avoid all false-positives. The false-positive rate of Acunetix falls - I don't want to say below average - but it's almost the same as everyone else. What I have to say, honestly, is that I do find myself correcting a lot of the false-positives that show up in Acunetix right now. We don't get a 50 percent margin, but I estimate that 25 percent of the reported vulnerabilities are false-positives in Acunetix.
What other advice do I have?
At the current pricing structure, I would tell people to do their research. If you have X amount of dollars to spend in the budget, and you're looking for a good solution, definitely consider Acunetix, but also consider other tools for similar features and functionalities where you may get a little bit more bang for your dollar, frankly, versus a tool that's still maturing as it's starting to take market share. Acunetix is a very intermediate tool. It's not an advanced DAST solution. It's still in its infancy. There's a lot of the solution to still build out, a lot of features to still work on, but it is definitely a tool that's worth looking into. Keep in mind, for that same price structure, you can get more established, more brand-name solutions.
The speed of the solution is about average. I use a lot of DAST solutions and I can't say that I'm blown away by the amount of time it takes to complete a security assessment, but I do like that it's not slow. It's not the fastest tool I've ever seen, but it's not the slowest tool I've ever seen, so it meets my expectations. It is a fast application but I'm not blown out of the water by it.
It definitely meets the benchmark. Like I said, it doesn't fall below expectations. When you're running Acunetix against a site, looking for security vulnerabilities, you're not blown away by the speed, but you're not sitting there for a day-and-a-half waiting for results or waiting for a scan to complete. It really depends on the size of the application and the granularity of that application. Acunetix performs just as expected. It's not a bad thing.
We have very large applications, so it could be less about the solution and more about the depth of our applications. A lot of our applications have special prerequisites that Acunetix just can't expect or predict. A lot of it is giving Acunetix the proper permissions and things of that nature to go in-depth with DAST scans. On average, depending on the application, it can take anywhere from six to eight hours.
We host Acunetix on our own environment. I don't think they have a SaaS solution yet. We host it in an in Azure environment where we put it on our own server - a dedicated server - specialized to doing DAST security scans - and we are happy. We're not unhappy with Acunetix, but we're not greatly excited that this is the best tool ever. But we are very impressed by some of the things that it has been doing. It's that middle ground. It's a good tool. I would definitely recommend it.
The remediation rate is based on the maturity of our development team. Acunetix doesn't provide a format that makes remediation easier. It does what every tool does and gives us the vulnerability, explains the vulnerability, and gives us some remediation guidelines or tips, but that's what everyone does. So it really depends on the workload of our development team, and what backlog they have or what their sprints look like going into the next cycle. It has very little to do with the tool and more to do with the capability and workload of the development teams.
Using it on a secondary basis, we have found some medium vulnerabilities but no critical vulnerabilities which required immediate remediation. What I do notice about Acunetix is that there's a lot of "white noise," a lot of "background noise," things that just don't apply. When filtering those out and removing the false-positives that don't apply to the actual application, we may find one cross-site scripting. That may be a medium vulnerability but not a high vulnerability because of business impact. There are different risk ratios that we apply to different findings, but we haven't found anything critical with Acunetix. It could just be that we don't have any critical vulnerabilities in that environment - although I don't think that's the case. In terms of DOM-based cross-site scripting vulnerabilities, it all depends on the application.
We don't have it deployed on any Linux server. It's on our Windows environment. We have it in Azure, in a cloud, so it's a Microsoft framework that we have Acunetix installed on top of.
All of our users of Acunetix are in development and security roles. The number of users is well into the hundreds. I administrate the tool, I set the roles and also manage users and user interface and interaction. We have a dedicated server team that does maintenance and deployment. If we need to deploy another instance of Acunetix, that is usually done by our server team. They handle all server infrastructure activities. I am the senior security engineer, so I handle all security-related activities.
We don't have plans to increase our usage of Acunetix. We may stop usage. Acunetix is raising the cost of licensing. It's 3.5 times what we were initially quoted. As a secondary solution, we're trying to figure out, is it worth the extra cost just to have it do some supplemental scans for us. We're still evaluating that.
Overall, Acunetix is definitely a seven out of ten. I like the product. It's doing a lot of what its competitors are doing. It's running great DAST scans and it has a rich database of vulnerabilities that it can report and it also provides a web component of its solution where you don't necessarily have to sign on to a physical server or a virtual device to interact. You can, but you can also contact Acunetix through a web interface, which is great. But the interface, in general, is still very simplistic, which may be a good or bad thing. The reporting could be a little bit better. When ending a scan I would like to see more graphical representations, maybe trends from scan to scan, of how the overall maturity is going of the application project that it's scanning or assessing. The reporting is okay. It does give you the option to do PDFs or CSVs. More reporting formats, like an Excel format, maybe an XML format, would be great.
Integration into other tools is very limited for Acunetix. While we're trying to incorporate a CI/CD process where we're integrating with JIRA and we're integrating with Jenkins and Chef, it becomes problematic. Other tools give you a high integration capability to connect into different solutions that you may already have, like JIRA. All findings that Acunetix happens to run across could be sent straight to JIRA. That would increase our remediation rate because it's very seldom that developers read PDFs of security vulnerabilities. One of the things that Qualys does is allow us to integrate into our JIRA environment, into our Jenkins environment, etc. We haven't seen the same capabilities with Acunetix.
Because of these things, I have to give it a seven. It's ultimately a great tool, a great scanner, and you can really rely on some of its findings once it's tuned.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Senior Information Security Analyst at EastNets Holding Ltd.
Helps to scan vulnerabilities like SQL injunctions but not recommended for dynamic scanning
Pros and Cons
- "We use the solution for the scanning of vulnerabilities like SQL injections."
- "Acunetix needs to be dynamic with JavaScript code, unlike Netsparker which can scan complex agents."
What is our primary use case?
We use the solution for the scanning of vulnerabilities like SQL injections.
What needs improvement?
Acunetix needs to be dynamic with JavaScript code, unlike Netsparker which can scan complex agents.
For how long have I used the solution?
I have been working with the solution for three years.
What do I think about the stability of the solution?
Acunetix is very stable.
What do I think about the scalability of the solution?
The solution is scalable if you use the cloud version. You will face limitations with RAM and processor on the desktop.
How are customer service and support?
We have not faced any issues to complain about.
Which solution did I use previously and why did I switch?
I have used Netsparker before.
How was the initial setup?
Acunetix is easy to install and took only two minutes to deploy. For desktop applications, you need to download an EXE file. Deployment over the cloud requires API.
What other advice do I have?
I would rate Acunetix an eight out of ten. I don't recommend it for dynamic websites. It is recommended for static pages.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Director at NETdefence Co. Limited
Stable solution with efficient technical support services
Pros and Cons
- "The solution is highly stable."
- "The solution's pricing could be better."
What is most valuable?
The solution's most valuable feature is its capability to scan the rest APIs.
What needs improvement?
They should include the features for reporting in the solution's next release. Also, a dashboard feature could help us view scanning targets segregated into different categories. In addition, there should be a feature to export the data into Excel Spreadsheet.
For how long have I used the solution?
We have been using the solution for 15 years.
What do I think about the stability of the solution?
The solution is highly stable. I rate its stability an eight out of ten.
What do I think about the scalability of the solution?
I rate the solution's scalability a four out of ten. Our clients are enterprise businesses. Also, we have two solution users in our organization.
How was the initial setup?
For standard use cases, we deploy it on a notebook or a desktop machine. In case of integration with a development system, we deploy it on a server or a virtual memory machine. I rate the solution's initial setup process a five out of ten.
What's my experience with pricing, setup cost, and licensing?
The solution is expensive. Its price is based on the number of targets. It has an annual subscription plan and costs around HK$500,000. I rate its pricing a nine out of ten.
What other advice do I have?
I advise others to stay connected to the solution online to ensure the license is up-to-date. I rate it an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
CEO at IMART OFFICE CONSULTANTS
Simple to use and does not report many false positives or false negatives
Pros and Cons
- "It can operate both as a standalone and it can be integrated with other applications, which makes it a very versatile solution to have."
- "When monitoring the traffic we always have issues with the bandwidth consumption and the throttling of traffic."
What is our primary use case?
This solution is a WAF (web application firewall). The primary use case of this solution is to secure web applications against cross-site scripting and other forms of malware that occur at the application level.
We last used Acunetix in December and we have switched to Barracuda.
What is most valuable?
The scalability is more than good. It can operate both as a standalone and it can be integrated with other applications, which makes it a very versatile solution to have.
This solution is simple enough, especially with the cloud. You can download the client onto your machines and then you start filtering your traffic from there.
What needs improvement?
An area that we wanted to test was if it will tie bandwidth and does it throttle traffic?
How much bandwidth usage does it consume when it sorts out the traffic. When monitoring the traffic we always have issues with the bandwidth consumption and the throttling of traffic.
Everything now is moving to the cloud. If they would consider SD1 possibilities, it would give it the longevity that it needs in the market. They may not need it, as they would be able to integrate it with other SD1 platforms as an extra feature.
By definition, they are not next-generation. The next-generation is fully cloud, properly load-balanced, and you would want something that is tailored along those lines from the get-go. It would give you more deployment, less support, and less technical hands looking at the solution.
For how long have I used the solution?
We have been dealing with Acunetix since 2017.
We provide services to our clients.
What do I think about the stability of the solution?
It's a stable solution. It doesn't report a lot of false positives or false negatives. You can put it on and look at your logs and your reports.
What do I think about the scalability of the solution?
This solution is scalable.
How are customer service and technical support?
I haven't contacted technical support because I am supposed to be the first line of their support. Contacting them would mean that I have problems beyond my scope.
Which solution did I use previously and why did I switch?
We are now doing a profile on Barracuda because we are partners but we don't have clients yet. It is very difficult to profile because we don't have a live environment. The only way we could have a live environment is if we deploy it in-house.
We deployed in-house to test the cloud solution and we are moving to LV1 solutions within our MSP.
We were bringing everything on top of a CASB, a cloud broker for security. We had to look at different solutions to see what could be brought on top of the CASBplatform and what we would be leaving out from the previous partnerships. We wanted to look at a different solution.
How was the initial setup?
The initial setup is straightforward. You just need to download the client from the website or get a license from them, then you can deploy it.
It can take a couple of hours or less to deploy.
What about the implementation team?
We have a team in the company.
What other advice do I have?
This is a solution that I would recommend.
I would rate it an eight out of ten.
Which deployment model are you using for this solution?
Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Download our free Acunetix Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Application Security Tools Static Application Security Testing (SAST) Vulnerability Management DevSecOpsPopular Comparisons
SonarQube Server (formerly SonarQube)
Veracode
GitLab
Snyk
Checkmarx One
Fortify on Demand
Sonatype Lifecycle
PortSwigger Burp Suite Professional
HCL AppScan
Qualys Web Application Scanning
Tenable.io Web Application Scanning
Fortify Application Defender
Contrast Security Protect
w3af
Syhunt Hybrid
Buyer's Guide
Download our free Acunetix Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- If you had to both encrypt and compress data during transmission, which would you do first and why?
- When evaluating Application Security, what aspect do you think is the most important to look for?
- What are the Top 5 cybersecurity trends in 2022?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- Which application security solutions include both vulnerability scans and quality checks?
- We're evaluating Tripwire, what else should we consider?
- Is SonarQube the best tool for static analysis?
- Why Do I Need Application Security Software?
- Which Email Security enterprise solution would you choose: Cisco Secure Email vs Forcepoint Email Security vs Barracuda Email Security Gateway?
- SAST vs. DAST: Which is better for application security testing?