Acunetix vs Invicti comparison

Read 28 Invicti reviews

2,950 Views
1,573 Comparison Views

96% willing to recommend

Acunetix

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 8, 2024

Acunetix and Invicti compete in web application security testing. Invicti is considered superior due to its more comprehensive feature set.

Features: Acunetix offers impressive automation capabilities, rapid scan speed, and extensive vulnerability coverage. Invicti provides exceptional accuracy, seamless integration capabilities, and advanced scanning features, giving it a competitive edge with enhanced security testing precision and features.

Room for Improvement: Acunetix users seek better error handling, improved report customization, and additional technical advancements. Invicti users desire faster scan times, interface updates, and performance improvements.

Ease of Deployment and Customer Service: Acunetix is easy to install and complemented by responsive customer service. Invicti is recognized for straightforward deployment and proactive support, providing a remarkable customer service experience.

Pricing and ROI: Acunetix is seen as cost-effective with satisfactory ROI, appealing to budget-conscious users. Invicti is pricier but justifies the cost through its robust feature set, delivering higher ROI.

To learn more, read our detailed Acunetix vs. Invicti Report (Updated: January 2025).

Download the complete report

Acunetix vs. Invicti

January 2025

Helped 832,138 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Acunetix

Ranking in Static Application Security Testing (SAST)

13th

Average Rating

7.8

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Application Security Tools (16th), Vulnerability Management (21st), DevSecOps (6th)

Invicti

Ranking in Static Application Security Testing (SAST)

14th

Average Rating

8.2

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

API Security (5th), Dynamic Application Security Testing (DAST) (3rd)

Mindshare comparison

As of February 2025, in the Static Application Security Testing (SAST) category, the mindshare of Acunetix is 3.3%, up from 2.8% compared to the previous year. The mindshare of Invicti is 1.4%, up from 1.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Static Application Security Testing (SAST)

Featured Reviews

AnubhavGoswami

Compliance Manager at Compunnel

Attractive automated reports with boost user productivity and an easy setup

The primary use is mainly related to vulnerability assessment, including both public and internal IP addresses By using this tool, we have reduced the workload and increased the productivity of users. It generates automated reports. This feature is beneficial when sharing reports with clients as…

Read full review

JanetMuhia

Cyber Security Engineer at Spartec

Streamlined our security efforts by allowing us to integrate with tools like Jira

From my experience, Invicti is an exceptionally stable solution for web application security. Here's what stands out: * Consistent Performance: Over the three years we’ve used it, the solution has demonstrated reliable and consistent performance, even during large-scale scanning operations. * Minimal Downtime: I have not encountered significant downtime or disruptions while using Invicti, which is critical for security tools that organizations rely on continuously. * Robust Architecture: Its ability to handle complex scanning tasks without crashes or lag reflects its well-engineered platform. * Regular Updates: Invicti frequently releases updates and patches, which enhance functionality and address any stability concerns proactively. Rating : I would confidently rate Invicti’s stability at 9.5 out of 10. It ensures uninterrupted operations and supports high-performance demands, which are essential for enterprise environments.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Picks up weaknesses in our app setups."

"I haven't seen reporting of that level in any other tool."

"The solution is highly stable."

"The tool's most valuable feature is performance."

"For us, the most valuable aspect of the solution is the log-sequence feature."

"It generates automated reports."

"The most valuable feature of the solution is the speed at which it can scan multiple domains in just a few hours."

"One of the features that I feel is groundbreaking, that I would like to see expanded on, is the IAS feature: The Interactive Application Security Testing module that gets loaded onto an application on a server, for more in-depth, granular findings. I think that is really neat. I haven't seen a lot of competitors doing that."

More Acunetix pros

"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."

"The solution generates reports automatically and quickly."

"Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."

"When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."

"The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support."

"Its ability to crawl a web application is quite different than another similar scanner."

"The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."

"The most valuable feature of Invicti is getting baseline scanning and incremental scan."

More Invicti pros

Cons

"You can't actually change your password after you've set it unless you go back into the administration account and you change it there. Thus, if you're locked out and don't remember your password, that's a thing."

"The jargon used makes it difficult for project managers to understand the issues, and the technical explanations used make it difficult for developers to understand issues. These things should be simplified much more. That would be very helpful for us when explaining to them what needs to be fixed. The report output needs to be simplified."

"It should be easier to recreate something manually, with the manual tool, because Acunetix is an automatic tool. If it finds something, it should be easier to manually replicate it. Sometimes you don't get the raw data from the input and output, so that could be improved."

"There is room for improvement in the pricing."

"There's a clear need for a reduction in pricing to make the service more accessible."

"The only problem that they have is the price. It is a bit expensive, and you cannot change the number of applications for the whole year."

"There was an issue related to updates from the internet."

"There is room for improvement in website authentication because I've seen other products that can do it much better."

More Acunetix cons

"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."

"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."

"Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product."

"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."

"Netsparker doesn't provide the source code of the static application security testing."

"They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one."

"The scanner itself should be improved because it is a little bit slow."

"The solution's false positive analysis and vulnerability analysis libraries could be improved."

More Invicti cons

Pricing and Cost Advice

"The cost is based on two types of licenses, ConsultLite, and ConsultPlus, as well as the number of domains that are scanned."

"The pricing and licensing are reasonable to a point. In order to run multiple scans at a time, we are going to have to purchase a 100 count license, which is an overkill. Though, compared to what we were paying for, the cost seems reasonable."

"Acunetix was around the same price as all the other vendors we looked at, nothing special."

"The price is exceptionally high."

"Implementing Acunetix needs a medium or larger business agency, because you need some money to get Acunetix. It is costly, but if you care about your agency's security, then maybe it's a cost that might help you in the future."

"The costs aren't very expensive. It costs around $3000 or $4000."

"I would say that Acunetix is expensive because there are products on the market with similar features that are equally or better-priced."

"The solution is expensive."

More Acunetix pricing and cost advice

"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."

"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."

"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."

"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."

"We never had any issues with the licensing; the price was within our assigned limits."

"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."

"OWASP Zap is free and it has live updates, so that's a big plus."

"The price should be 20% lower"

More Invicti pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.

See recommendations

832,138 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

17%

Financial Services Firm

13%

Government

Manufacturing Company

Educational Organization

56%

Financial Services Firm

Computer Software Company

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Acunetix Vulnerability Scanner?

The tool's most valuable feature is scan configurations. We use it for external physical applications. The scanning time depends on the application's code.

What is your primary use case for Acunetix Vulnerability Scanner?

I use Acunetix for penetration testing purposes. This is the primary use case.

What advice do you have for others considering Acunetix Vulnerability Scanner?

I rate the overall solution nine out of ten. I prefer Acunetix for its more precise and accurate results.

What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?

As a technical user, I do not handle pricing or licensing, but I am aware that Invicti offers flexible licensing models based on organizational needs.

What do you like most about Invicti?

The most valuable feature of Invicti is getting baseline scanning and incremental scan.

What needs improvement with Invicti?

Currently, there is nothing I would like to improve.

PortSwigger Burp Suite Professional vs Acunetix

Comparisons

OWASP Zap vs Acunetix

Compared 16% of the time

Compared 12% of the time

HCL AppScan vs Acunetix

Compared 10% of the time

Tenable.io Web Application Scanning vs Acunetix

Compared 7% of the time

Veracode vs Acunetix

Compared 5% of the time

More Acunetix Competitors

OWASP Zap vs Invicti

Compared 15% of the time

Qualys Web Application Scanning vs Invicti

Compared 7% of the time

SonarQube Server (formerly SonarQube) vs Invicti

Compared 6% of the time

Snyk vs Invicti

Compared 6% of the time

PortSwigger Burp Suite Professional vs Invicti

Compared 6% of the time

More Invicti Competitors

Product Reports

Download Acunetix product report

Acunetix

February 2025

Download Invicti product report

January 2025

Also Known As

AcuSensor

Netsparker

Overview

Acunetix Web Vulnerability Scanner is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross site scripting, and other exploitable vulnerabilities.

Invicti helps DevSecOps teams automate security tasks and save hundreds of hours each month by identifying web vulnerabilities that matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss with 99.98% accuracy, delivering on the promise of Zero Noise AppSec. Invicti helps discover all web assets — even ones that are lost, forgotten, or created by rogue departments. With an array of out-of-the-box integrations, DevSecOps teams can get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively while reducing risk and hitting the ROI goals.

Sample Customers

Joomla!, Digicure, Team Random, Credit Suisse, Samsung, Air New Zealand

Samsung, The Walt Disney Company, T-Systems, ING Bank