Acunetix Reviews

We have quite a few applications that we scan. We have a requirement to meet PCI DSS compliance and we deal with it by producing reports on a quarterly or a part-quarterly evaluation. We are customers of Acunetix and I'm the executive director of our company. 

We're happy with Acunetix although we're currently looking for a more cost effective solution. There might be a better product on the market and we're looking for that. What I gather from my colleagues who do the scanning is that this solution picks up any weaknesses in terms of our application setup as well as reading our application and finding the weaknesses. We need that PCI DSS report which is important for us. The solution is comprehensive and easy to use. 

The costs for the licensing have changed and it's not in our favor which is why we're now looking at other options. One of our issues is that Acunetix only supports web scanning, no mobile app for now. If they were to include that it would mean not having to work on two separate tools. 

I've been using this solution for three years. 

We've raised some minor issues with support. There are certain aspects that Acunetix cannot power and we haven't been able to resolve those problems yet. 

I don't believe there are issues with scaling.

I think that generally their customer service is quite responsive. Whenever we encounter problems or new external applications, they're willing to guide us through the process. 

I think the company previously used Netsparker and that was even more expensive than Acunetix. 

Licensing is on an annual basis and we pay the standard licensing fee directly to Acunetix.

The solution meets our requirements, it's just that we were moved from a perpetual license to an annual license and that has significantly increased our annual fees. Here in Bangladesh, we're trying to check comparable products in the same price range and see what they offer. 

I would rate this solution a seven out of 10. 

The solution is mostly used for vulnerability scanning purposes. 

I'm drawn to Information Security. I immediately look for security threats vulnerabilities. Therefore, the report generation, the reports that are being monitored are great in that they were very easy to read and understand. 

It's user-friendly and the language that they use is pretty good. 

Overall, the tool is very good in context. It's definitely helpful from a tech intelligence perspective and for identifying vulnerabilities. I like that we can sort the vulnerabilities based on severity levels. 

The initial setup is easy.

There is a lot of documentation on their website which makes setting it up and using it quite simple.

Technical support is available 24/7.

Normally, the product asks for the URL address before scanning a certain application. Acunetix is immediately used for web application scanning purposes for vulnerability assessment. However, it doesn't seem very helpful or useful for scanning web services, and that has what I feel that the organization could work better on that.

The pricing is a bit on the higher side.

I've been using the solution for about two years at this point.

The solution is very stable. There are no bugs or glitches. It doesn't crash or freeze. it's reliable. 

The solution is scalable in the sense that it can be easily migrated.

We have about 50 to 55 users on the solution currently.

Technical support is fine. Whenever we have any queries the support is available. We have the paid version. We have paid for it, however, it's great due to the fact that it's available 24/7.

Although we are working with Acunetix, we are planning to migrate to Nessus in the future. We used Nessus around seven or so years ago. The current solution is a good one, however, my organization wants to try a new, different product. That is the reason we now moving to Nessus.

The initial setup is not overly complex or difficult. It's very straightforward and very easy. On their website, they have lots of documentation that walks you through the process. 

For deployment or maintenance, you only need a maximum of four or five people.

We do pay extra for technical support, however, it's 24/7 support which means we always have access to them if we need them.

The pricing is on the higher side. That could be okay for certain organizations. That said, if they could lower it, that would be ideal. Yeah. To me, it actually all depends upon the companies. My organization is not too big, and we're using it for managing a small set of people. If I have to spend much more, it wouldn't make any sense. 

We are into telecommunications, we have bought this product from the vendors.

We're using the latest version of the solution. We try to only use the most up-to-date option.

Overall, the tool is efficient enough to identify and track your vulnerabilities and it's good for intelligence scanning purposes. I'd advise users to just be cautious while the installation happens in terms of what logins are included and what are missing. 

The main thing is that users have to define their scope and objectives and only on the basis of that will the tool work. 

That said, you always have choices in the market - if this one does not fit your needs.

I'd rate the solution at a seven out of ten.

I'm an IT Manager and we're a customer of Acunetix. We use the automatic tool to control the security of our applications. For the time being, we have two or three people in the company working with the solution, setting up all of the parameters, all the attacks. We have 15 separate groups in the company, most are testing the tool and learning how to use it. We will deploy the tool for the rest of the company at the beginning of next year.

The most important feature is that we are able to parameterize all of the attacks so that our developers can run the attacks directly from their environments and desktops. They don't need any expertise or to know the difficulties of the attacker; they just run the tool and get the results.

In general, this is a good tool to check the security from the attacker's standpoint. However, when thinking about improvements there are still some attacks that we are not able to control with this kind of tool because there are some things you do in the front-end that sometimes launch processes in the application at the back-end. We need to be able to tie all of the front-end activities with all of the back-end activities. That's a missing piece that no one is providing. 

In terms of additional features, we are currently missing some tools that would allow us to work more efficiently with the mobile environment, with Android and iOS. The tools that we evaluated in the past are not really good for mobile applications. You can control the static code, you can control all the dynamic applications, but not within the phone, or within the tablet.

We haven't had any problems so far. It's stable. 

We are still deploying the tool throughout the company, but that hasn't been completed yet. For now, it's just small groups. I hope it is scalable but I can't tell you that now.

We have a pretty good team here and we try to be as independent as possible. We needed some help for the initial setup but after that, we've done everything ourselves. 

For static analysis, we previously used different tools. 

We carried out an evaluation comparing different tools, and Acunetix was the one that most of us liked. 

Initial setup was quite straightforward, we didn't have any problems with it. 

We carried out the implementation ourselves. 

I'm not involved in the financial negotiations, but I believe it's not an expensive product and cheaper than other similar tools. I understand we bought 100 URLs. It's likely that we'll need to purchase more once we deploy the tool to the rest of the company but I wouldn't know the cost.

I would recommend the product. It's very easy to integrate with Jenkins, with ALM. The most important element for us is that it's very easy for developers to use. They don't need to have any knowledge about security, threats or anything. They just run the tool against their application, and that's it. They get the results.

I would rate this product a seven out of 10.

We use it for internal penetration testing, for security reviews.

Acunetix is just one tool of many that we use. We try to cover as much as possible during assessments. We do security assessments of all the code and everything we develop internally. When we do a security assessment, we do a manual code review and we use different kinds of tools, as well as manual testing against the application, etc. It's just one tool within many that we use. It has been very useful in that it's found things that we otherwise might have missed.

As a team, it's helped us to deliver better security assessments. There are only two of us here who do the penetration testing, and we've been providing better results from our testing.

The most important feature is that it's a web-based graphical user interface. That is a great addition. Also, the ability to schedule scans is great.

The speed of Acunetix has been pretty good. It's been the same as most other tools that we use, but it's been good.

It should be easier to recreate something manually, with the manual tool, because Acunetix is an automatic tool. If it finds something, it should be easier to manually replicate it. Sometimes you don't get the raw data from the input and output, so that could be improved. That's the main concern for me.

I would like to see some more advanced settings when it comes to authentication and authorization, and other fine-grain adjustments you could do to the scan engine. The advanced functionality could be a little bit better.

We haven't had any issues with the stability. It's been very good.

Since we only have two small licenses, I cannot judge the scalability. I haven't tried out how it scales.

Technical support has been good. We had some issues or comments, mostly, on the features. We have asked for features and support has been pretty good. They've been very responsive.

The speed of Acunetix would be about the same as previous solutions we've used. Most of the time I just kick it off, walk away, come back later, and check it out. The speed is not the most important thing for us. Of course, we don't want it to drag on too long.

The false-positive rate has also been comparable to most other tools we use. I wouldn't say that it's best-in-class. One of the biggest problems I've had with Acunetix is that it's hard to replicate things manually because you don't get the raw packet. Its debugging functionality hasn't been the best.

The initial setup was very straightforward. The deployment took a couple of minutes. It didn't take long at all. There wasn't really an implementation strategy. We just installed it - nothing special - on our work station.

There are just the two of us who take care of the deployment and maintenance.

We did it ourselves.

I can't share data points, but we have seen ROI. Otherwise, we wouldn't have renewed the license. Every year we evaluate if we're going to keep a vendor or not. Since we have renewed our license, we think it has ROI value.

It's impossible to answer whether it has saved us money in the long-term, but of course, since we use automatic tools, we don't need as many personal testers. However, personal testers also find a lot of bugs that automatic tools don't find. You need a combination of both.

Acunetix was around the same price as all the other vendors we looked at, nothing special.

We just did a PoC with a couple of different vendors, and we liked Acunetix the most.

Think about the usage of the product. What are you going to use it for? Try to see the whole picture. It's very important to see the whole picture: This is one component in web application security testing. It's not only the security scanner.

If you ask how long it takes to complete a scan using this solution, it's like asking, "How long is a rope?" It's very dependent on the applications. It can be anything from 20 minutes to many hours, even 12 to 18 hours.

We use it for ten or 15 websites or locations. We just do a test and then we come back. We have many applications that we test yearly, but we don't do continuous scanning with Acunetix. We just use it for our security assessments. In terms of increasing usage of Acunetix, I think we're happy where we are now. It's being used all the time during assessments, every week, almost daily.

Because we don't do continuous scanning of production environments, we can't say how long it takes to remediate problems. We only do scanning when we do code development. Remediation could be anything from hours to weeks, depending on the developers. And it's nothing that's in production, so it doesn't matter if it's one or two or five days or hours.

We haven't found many high-level vulnerabilities, more mediums, and a lot of lows.

I would give Acunetix a seven out of ten. It's been a great tool for doing dynamic web application security testing, but it's not as versatile as Burp, which is more focused on manual testing. On the other hand, it has a lot more tests than Burp's active scanning has. I think it's a good product and it's being actively developed.

The solution is primarily used purely as a web-based vulnerability scanning tool.

The solution is a very flexible tool.

Overall, it's a very good tool and a very good engine.

The product is very scalable.

We found the solution to be quite stable.

For the number of features on offer, the price point is quite good.

The installation is very straightforward.

The solution should work on dealing with the number of false positives it delivers.

While we do have it integrated with other solutions, it could still offer more integrations.

I've been dealing with the solution for the past two years.

The solution is very stable. There are no bugs or glitches. It does not crash or freeze. It's very good.

The solution is scalable. If a company needs to expand it, it can do so with relative ease.

Right now, we have four or five of our customers using the product.

The solution's technical support is okay. We have no complaints. They are helpful and responsive and we are satisfied with their level of service. 

The initial setup is not too complex. It is simple and straightforward. A company should be able to implement it with ease.

The price point is good. It offers very good value for money.

We are resellers.

We deal with various deployment models including on-premises and the cloud.

I'd recommend the solution to other companies. This is a very good tool for vulnerability assessment. Every organization who has their assets over the internet and are exposed to a public website needs to have vulnerability assessment using Acunetix.

In general, I would rate the solution at a seven out of ten.

The most valuable feature of Acunetix is the UI and the scan results are simple.

There are some versions of the solution that are not as stable as others.

I have been using Acunetix for approximately two years.

The stability of Acunetix is good.

Acunetix is scalable.

We have approximately 50 engineers using Acunetix.

I have requested support from the vendor regarding our scan results that have false positives. The vendor double checks and adds a patch if needed. However, their response is too slow.

I have used previously used other solutions, such as Aspen and Laguna. We chose Acunetix because it is easy to use.

The initial installation of Acunetix was simple.

We did the deployment of the solution ourselves. We have approximately 20 people that do the support and deployment of Acunetix.

I rate Acunetix an eight out of ten.

Assessing top OWASP in applications.

Greater confidence in go-live for multiple application releases over their release cycles.

• Login Sequence Recorder
• Scan throttling
• Fantastic reporting output.

Acunetix runs the automated vulnerablity check scan and provides a report. testers/developers need to copy these vulnerable http/https request from the report, use other external tools like postman to resend the request observe the vulnerability and exploit them. If this was available within the Acunetix tool would have been a great feature.

Installation was quite simple.

I was the vendor who utilized this tool for the customer.

Tool is quite expensive though compared to other tools. We tried with a term license.

Zap, BurpSuite where other tools evaluated.