Try our new research platform with insights from 80,000+ expert users
ManagerF4d5d - PeerSpot reviewer
Manager for Technology Services at a educational organization with 5,001-10,000 employees
Real User
Offers good vulnerability scanning options for analyzing the security loopholes on the website
Pros and Cons
  • "The vulnerability scanning option for analyzing the security loopholes on the websites is the most valuable feature of this solution."
  • "In terms of what needs improvement, the way the licensing model is currently is not very convenient for us because initially, when we bought it, the licensing model was very flexible, but now it restricts us."

What is our primary use case?

Our primary use case of this solution is to scan web vulnerabilities.

What is most valuable?

The vulnerability scanning option for analyzing the security loopholes on the websites is the most valuable feature of this solution. 

What needs improvement?

In terms of what needs improvement, the way the licensing model is currently is not very convenient for us because initially, when we bought it, the licensing model was very flexible, but now it restricts us.

For how long have I used the solution?

I have been using this solution for four years now.
Buyer's Guide
Acunetix
December 2024
Learn what your peers think about Acunetix. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.

What do I think about the stability of the solution?

The stability is very good. 

What do I think about the scalability of the solution?

We currently have two users using this solution in my company. Their roles are in IT security. We only require one staff member for the deployment and maintenance of this solution. 

How are customer service and support?

I haven't needed to contact their technical support. 

How was the initial setup?

The initial setup of this solution was very straightforward. The implementation didn't take much time. 

What about the implementation team?

We did the implementation ourselves. 

What was our ROI?

We have absolutely seen ROI. 

What's my experience with pricing, setup cost, and licensing?

Licensing is on a yearly basis. don't remember the exact cost, it's not about the cost, it's about the flexibility. We have a lot of websites to scan and we are looking for fewer instances and to scan more websites.

The costs aren't very expensive. It costs around $3000 or $4000. There aren't additional costs.

Which other solutions did I evaluate?

We are in the process of evaluating other solutions. We are looking to switch because of the complex licensing. 

What other advice do I have?

It's a very easy deployment and easy application. I don't think you need some kind of training or expertise to manage the solution. For us it just works, so we are happy about that. 

I would rate it an eight out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
CEO at IMART OFFICE CONSULTANTS
Reseller
Versatile solution that can operate both as a standalone and can be integrated as part of applications
Pros and Cons
  • "The scalability is good. The scalability is more than good because it can operate both as a standalone and it can be integrated as part of applications. So that really makes it a very, very versatile solution to have."
  • "We want to see how much bandwidth usage it consumes. When we monitor traffic we have issues with the consumption and throttling of the traffic."

What is our primary use case?

Our primary use case is to secure web applications, especially against cross-scripting and other forms of malware that happen at an application level.

What is most valuable?

The scalability is good. The scalability is more than good because it can operate both as a standalone and it can be integrated as part of applications. So that really makes it a very, very versatile solution to have.

What needs improvement?

We want to see how much bandwidth usage it consumes. When we monitor traffic we have issues with the consumption and throttling of the traffic. 

For how long have I used the solution?

We've been using Acunetix since 2017.

What do I think about the stability of the solution?

It is a stable solution. It doesn't have a lot of false positives. You get your logs and reports without any problems. 

How are customer service and technical support?

I haven't contacted technical support because I'm supposed to be the first line of their support. If I need to contact their support, it's because I have problems beyond my scope. 

How was the initial setup?

The initial setup was really straightforward. You can do it even if you're not an expert, you just need to download the appliance from their website and then you deploy. It took a few hours. 

What other advice do I have?

I would recommend Acunetix.

Everything is going cloud-based. They should consider implementing SD-WAN abilities. It will give them the longevity they need.

I would rate it an eight out of ten. Even though some solutions are cloud-native by definition, they are not really next generation because the next generation is fully cloud and properly load balanced.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Acunetix
December 2024
Learn what your peers think about Acunetix. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Cyber Security Associate at a consultancy with 10,001+ employees
Real User
Valuable log-sequence feature and quite stable but does not offer unlimited scans
Pros and Cons
  • "For us, the most valuable aspect of the solution is the log-sequence feature."
  • "The solution limits the number of scans. It would be much better if we could have unlimited scans."

What is our primary use case?

For the last two years, we've primarily used the solution for specific scanning of external web applications for some of our clients.

What is most valuable?

For us, the most valuable aspect of the solution is the log-sequence feature.

The main components covering most of the SQL injection findings are quite useful.

We've never faced any maintenance issues.

What needs improvement?

The solution limits the number of scans. It would be much better if we could have unlimited scans.

For how long have I used the solution?

We've been using the solution for almost two years now.

What do I think about the stability of the solution?

We've found the solution to be quite stable. We haven't had any issues with it at all.

What do I think about the scalability of the solution?

The scalability of the solution is quite good. We've never faced any issues with scaling.

Currently, 15 people use the solution in our organization. They're all developers and consultants. We use it every day.

How are customer service and technical support?

For now, everything about the solution has been fine, so we haven't reached out to technical support.

Which solution did I use previously and why did I switch?

Before switching to this solution we used the Burp Suite Pro. We switched because we found this solution's findings more accurate. It has better performance.

How was the initial setup?

The initial setup was very straightforward. It was easy. We didn't find it complex at all. The initial setup only takes one to two hours.

What about the implementation team?

I didn't implement the solution personally, however, one of my colleagues did. The installation was handled in-house.

What's my experience with pricing, setup cost, and licensing?

We buy the license annually.

What other advice do I have?

We're Acunetix customers. I'm not sure which version number we are using, but it is the latest one.

Overall, I believe Acunetix to be one of the best products on the market. I'd recommend it. it's very reliable.

I'd rate it seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Securityf8d4 - PeerSpot reviewer
Security Engineer at a tech services company with 51-200 employees
Real User
It provides quite a lot information about vulnerabilities, but we are also receiving false positives around cross site scripting vulnerabilities
Pros and Cons
  • "Their technical support has been very active. If I have an issue, I can reach out to them and get an answer pretty quick."
  • "You can't actually change your password after you've set it unless you go back into the administration account and you change it there. Thus, if you're locked out and don't remember your password, that's a thing."

What is our primary use case?

We use it as a dynamic scanner for testing our websites. We also adjust it into another tool that we use which allows us to share our report with our developers.

How has it helped my organization?

It has been able to find some vulnerabilities, and we've been able to remediate our websites and vulnerabilities, thanks to Acunetix. We can go back in and have them retested, which is kind of nice, because we can click on the vulnerabilities which it has found. It will also give us quite a bit of information, along with responses, so we can go back and manually test it to make sure it's not a false positive. So, it has been especially useful in that way.

What is most valuable?

The crawl only scan for trying to figure out at which points of the site that you'll actually be able to reach within the full scan. That's pretty useful. If you're just trying to test your login sequence, it is nice. It'll tell you which parts of your website it will initially scan, and you can actually go through and disable parts if you know you're not going to have to scan those parts. Then, later on, you go back and do a full scan for deep penetration of the site.

What needs improvement?

There are quite a few false positives that come out. It's mostly based upon finding XSS vulnerabilities, even though we know that XSS vulnerabilities do not exist within some of the web applications because of some frameworks we're using. So, we're not entirely sure why it finds a bunch of these cross site scripting vulnerabilities, but these are main false positives that we have come across.

You can't actually change your password after you've set it unless you go back into the administration account and you change it there. Thus, if you're locked out and don't remember your password, that's a thing.

If you're exporting vulnerabilities to view so you can ingest them into another viewer, the ability to select all the vulnerabilities would be nice. Because as of right now, you have to manually go through and click on every single vulnerability that you want to export.

With the implementation, when we started, there were a lot of issues. They've actually fixed a lot of the issues in the past (almost) year now. Initially, when you were creating a login sequence, when you wanted to edit it, you actually had to go back, open it in a text document, then edit the request that way because you weren't able to edit it through the GUI. Now, they've updated that, so you can actually go back and edit it, which is very nice.

We had some issues, not particularly bugs, like with the user interface, e.g., "Why isn't this here?" Just specific tools that we were looking for initially, which they ended up implementing later on.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

We have not recently had any stability issues. We were having some issue with the speed of the login initially, but ever since they updated that, it has gotten a lot better.

Only one person is needed for maintenance. It's pretty low maintenance. They'll send you an email update when there's a physical update to the application. You just go and download the new application, then install it the same way you would have originally. It keeps all your scans and targets, so it is very easy for maintenance.

What do I think about the scalability of the solution?

The scalability has moved along nicely and been able to keep up with the expansion of our website and the added targets. However, with a dynamic scanner, the scans take longer as the site gets larger. So, there is more tweaking here and there about what would be best in how to speed up the scans and what we really need to include when we are scanning. This is quite easy to adjust: How we are going to be scanning and what we are going to be scanning.

We have 15 plus targets. We set them up on a schedule, so we can get the most scans here and there on a continuous line. We have eight people currently using it.

How are customer service and technical support?

Their technical support has been very active. If I have an issue, I can reach out to them and get an answer pretty quick.

I had a one-on-one meeting with a support analyst at Acunetix and gave them a bunch of feedback on what we thought. We saw some of those ideas trickling out into the next release, and some releases after that. While I don't know if they're responding directly to requests, or some other person had these suggestions ahead of us, but they definitely are putting in more positive changes.

Which solution did I use previously and why did I switch?

I'm still learning how to use this solution. We were using the Burp Suite and its scan before this, which is very similar. I would actually say that the Burp Suite finds quite a bit more vulnerabilities than Acunetix does.

How was the initial setup?

It was very easy to set up. It was just almost plug and play. Initially, it was not Linux compatible, but after a little while they actually came out with compatibility for Linux, which was nice.

We use it on Windows now. Initially, I wanted to set it up on a Linux box, and it didn't have compatibility for that, but they added the compatibility over the past several months, I just never really got around to installing it onto the Linux boxes. Now that we have everything already set up here, we don't really want to migrate a bunch of our scans.

The deployment took me a week to a week and a half to do, get everything set up, and all our first scans tested. However, this was from a very inexperienced point of view. I'm sure somebody who was more experienced and didn't come fresh out of college would've been able to set it up in a day.

Everything is web-based and relatively intuitive, which is very nice. Knowing what I know now versus back then, the first thing I would've done is set up a certification for a web portal. However, I installed it as it was correctly, but I was very cautious about what I was doing because I wasn't very experienced. It was a very easy install and set up.

What about the implementation team?

I did the implementation with another security engineer. There is a lot of documentation to help, with a lot of forums on the Acunetix website and off of the Acunetix website.

What's my experience with pricing, setup cost, and licensing?

Our license is good through June. We're really trying to ramp up here to see if it is a viable option to renew it.

Which other solutions did I evaluate?

We still do use Burp suite on the side. We use it a lot for manual testing and still use it for dynamic testing.

We decided to try Acunetix to see if it would find any different vulnerabilities, etc.

What other advice do I have?

While there has not been any real reduction in remediation time, there has been a reduction in scan time. Because when you're doing a Burp scan, it can take a long time. Whereas, with Acunetix, you can basically just set it, then it will scan throughout the night.

On bigger sites, the speed can be a little tricky unless you are narrowing it down to smaller sections of the site. On small sites, half a million lines of code or less, it has gotten pretty nice and quick, down to a couple hours now for a whole scan. So, it's getting there. They are pushing out quite a few updates, every now and then.

There is something called AcuSensor, and you can install that on local servers for a deeper scan. This has worked for us, but we haven't installed it on all of our boxes yet, but I think we will pretty soon.

It's been used quite extensively here within our company. Every website is using this along with other scanners.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
reviewer2406861 - PeerSpot reviewer
Anon at a training & coaching company with 10,001+ employees
Real User
Top 20
Provides web application testing and identify security risks

What is our primary use case?

We use the solution for web application testing.

What is most valuable?

The solution identify security risks.

What needs improvement?

There could be extensions that help us perform test cases related to AI bots or element-based testing. Implementing such extensions internally could be beneficial for enhancing the testing capabilities.

Sometimes it takes too much time to complete, maybe because the application is huge or we have not properly configured the scan settings. Due to these challenges, the scan often stops in between.

For how long have I used the solution?

I have been using Acunetix for seven years.

What do I think about the stability of the solution?

The product is stable.

I rate the solution’s stability a ten out of ten.

What do I think about the scalability of the solution?

The scalability depends on the license that we avail. I rate the solution’s scalability a nine or ten out of ten.

How are customer service and support?

Customer support is helpful, but sometimes the response are a bit delayed. They respond within 24 hours.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup is straightforward and takes an hour to complete.

What's my experience with pricing, setup cost, and licensing?

The product pricing is average.

I rate the product’s pricing a five out of ten, where one is cheap and ten is expensive.

What other advice do I have?

I recommend the solution as we didn't have some specific extensions for any failure testing and SSO related testing.

Overall, I rate the solution an eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer:
Flag as inappropriate
PeerSpot user
reviewer1379034 - PeerSpot reviewer
Project Manager at a computer software company with 1,001-5,000 employees
Real User
Good usability and scan results
Pros and Cons
  • "The usability and overall scan results are good."
  • "There is room for improvement in website authentication because I've seen other products that can do it much better."

What is our primary use case?

Our primary use case is scanning our websites for security flaws.

What is most valuable?

The usability and overall scan results are good.

What needs improvement?

The vendor messed up our contract when they changed the licensing scheme and downgraded our license without any notification. It was dropped from a premium license with unlimited scan targets to a professional license with 10 targets per year. This is insufficient for us because we have about 50 public websites, and twice that number between internal and development sites. We ran out of scanning targets after only two months, so we have been evaluating other products since then.

There is room for improvement with respect to technical support.

We were having trouble with our Active Directory Federation Services. They couldn't work out how to authenticate the websites.

There is room for improvement in website authentication because I've seen other products that can do it much better.

For how long have I used the solution?

We have been using the Acunetic Vulnerability Scanner for seven years.

What do I think about the stability of the solution?

We have not had any problems with stability.

What do I think about the scalability of the solution?

Scalability has not been a problem except when it comes to licensing.

How are customer service and technical support?

Technical support was not overwhelmingly good, but it was okay. They couldn't provide solutions to every problem that we encountered, although they helped us from time to time.

What's my experience with pricing, setup cost, and licensing?

The pricing is not as good as we expected. I would say that Acunetix is expensive because there are products on the market with similar features that are equally or better-priced.

When we started with Acunetix seven years ago, it was quite good in terms of being competitively priced. It was up to the task and financially suitable. Now, however, with the change in the licensing scheme, it is a rather large step in terms of price. It has gone up by a factor of 30 in the past two years.

Which other solutions did I evaluate?

Our experience with Acunetix has not been good, so we are in the process of switching solutions.

What other advice do I have?

The product is quite good, but their sales techniques are poor and the sales teams need to be improved. They also should have provided a lot more information about the new licensing scheme when they changed it.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1312281 - PeerSpot reviewer
Executive Director at a financial services firm with 201-500 employees
Real User
Assists greatly with our financial compliance reporting but only supports web scanning
Pros and Cons
  • "Picks up weaknesses in our app setups."
  • "Currently only supports web scanning."

What is our primary use case?

We have quite a few applications that we scan. We have a requirement to meet PCI DSS compliance and we deal with it by producing reports on a quarterly or a part-quarterly evaluation. We are customers of Acunetix and I'm the executive director of our company. 

What is most valuable?

We're happy with Acunetix although we're currently looking for a more cost effective solution. There might be a better product on the market and we're looking for that. What I gather from my colleagues who do the scanning is that this solution picks up any weaknesses in terms of our application setup as well as reading our application and finding the weaknesses. We need that PCI DSS report which is important for us. The solution is comprehensive and easy to use. 

What needs improvement?

The costs for the licensing have changed and it's not in our favor which is why we're now looking at other options. One of our issues is that Acunetix only supports web scanning, no mobile app for now. If they were to include that it would mean not having to work on two separate tools. 

For how long have I used the solution?

I've been using this solution for three years. 

What do I think about the stability of the solution?

We've raised some minor issues with support. There are certain aspects that Acunetix cannot power and we haven't been able to resolve those problems yet. 

What do I think about the scalability of the solution?

I don't believe there are issues with scaling.

How are customer service and technical support?

I think that generally their customer service is quite responsive. Whenever we encounter problems or new external applications, they're willing to guide us through the process. 

Which solution did I use previously and why did I switch?

I think the company previously used Netsparker and that was even more expensive than Acunetix. 

What's my experience with pricing, setup cost, and licensing?

Licensing is on an annual basis and we pay the standard licensing fee directly to Acunetix.

What other advice do I have?

The solution meets our requirements, it's just that we were moved from a perpetual license to an annual license and that has significantly increased our annual fees. Here in Bangladesh, we're trying to check comparable products in the same price range and see what they offer. 

I would rate this solution a seven out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1155117 - PeerSpot reviewer
Works at a educational organization with 501-1,000 employees
Real User
Testing websites is fast and efficient, but the executive summary reports need improvement
Pros and Cons
  • "The automated approach to these repetitive discovery attempts would take days to do manually and therefore it helps reduce the time needed to do an assessment."
  • "It would be nice to have a feature to "retest" only a single vulnerability that the customer reports as patched, and delete it from the next scans since it has already been patched."

What is our primary use case?

I am a freelance consultant and I use this product to scan customer's web sites.

Most of the time, I use it to perform black-box analysis. The automated approach to these repetitive discovery attempts would take days to do manually and therefore it helps reduce the time needed to do an assessment.

How has it helped my organization?

It has helped me to discover some vulnerabilities in the web applications (like Cross-site scripting or SQL injection) and it helps to reduce the time it takes to perform a vulnerability assessment or a penetration test against a customer's web application.

What is most valuable?

This solution is easy and quick to set up and use. Most of the time, all it takes is entering a website's URL and clicking on the scan button.

Obviously, this is not usually the recommended way to use it, but to get an initial picture of the target's possible vulnerabilities it is a very comfortable starting point.

In fact, often a proper penetration test requires emulating a real user of the target application and logging in.

The vulnerabilities that can be discovered when logged in normally outnumber the ones that can be discovered by a "simple" black-box approach.

Acunetix allows recording a login session and replying it during its attack phase and this is quite convenient.

What needs improvement?

It would be interesting to do differential scans. Normally, after the initial scan, the customer will start patching the discovered vulnerabilities. It would be nice to have a feature to "retest" only a single vulnerability that the customer reports as patched, and delete it from the next scans since it has already been patched.

The executive summary reports could be improved with some graphs and a very short description of what has been discovered in a way that can be understood by C-level people.

For how long have I used the solution?

Two years.

What do I think about the stability of the solution?

So far I did not have any critical stability issue.

What do I think about the scalability of the solution?

I have not yet used the product to test extremely huge and complex web sites. For "normal" ones the performance is acceptable, even if sometimes it seems "stuck" at a certain scan percentage. In this case, normally I just wait and later it will advance again.

How are customer service and technical support?

The customer service is quite helpful. The time to fix issues is not too quick, so in the case of time-restricted projects for some customers, this might become a problem. Sometimes, identifying the exact issue to fix is not easy.

Which solution did I use previously and why did I switch?

Previously I was using IBM Rational AppScan, Burp Suite, and some other open-source tools.

I switched from AppScan to Acunetix mainly because of a better price/value ratio when I had purchased my perpetual license (which now, unfortunately, is not available anymore).

How was the initial setup?

The initial setup is very easy and straightforward.

What about the implementation team?

I implemented it myself.

What was our ROI?

After two years it's about 300%.

What's my experience with pricing, setup cost, and licensing?

When I first purchased my license the price/value was very good because I purchased a perpetual license and the annual maintenance fee was extremely competitive. Now, unfortunately, my perpetual license does not exist anymore and my maintenance costs will increase in the next years.

All things considered, I think it has a good price/value ratio.

Which other solutions did I evaluate?

I tried some of the other commercial web vulnerability scanners such as Burp Professional embedded and IBM Rational AppScan.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Acunetix Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free Acunetix Report and get advice and tips from experienced pros sharing their opinions.