Acunetix vs Veracode comparison

Read 196 Veracode reviews

18,663 Views
13,042 Comparison Views

90% willing to recommend

Acunetix

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 8, 2024

Veracode and Acunetix are key players in application security, offering distinct strengths. Acunetix holds an advantage due to its comprehensive features and perceived value.

Features: Veracode provides robust code scanning, extensive language support, and early vulnerability detection. Acunetix offers powerful automation, easy integration, and detailed reporting, with notable flexibility, giving it a feature advantage.

Room for Improvement: Veracode needs to enhance scan speed, reduce false positives, and improve accuracy. Acunetix users seek better remediation guidance, user training, and post-scan utility improvements.

Ease of Deployment and Customer Service: Veracode's deployment can be complex, requiring strong support. Acunetix offers straightforward deployment but needs quicker support response times.

Pricing and ROI: Veracode's pricing may deter small teams despite positive ROI for those investing. Acunetix provides cost-effectiveness with substantial ROI, appealing to companies seeking immediate returns with lower setup costs.

To learn more, read our detailed Acunetix vs. Veracode Report (Updated: December 2024).

Download the complete report

Acunetix vs. Veracode

December 2024

Helped 824,053 peers since 2012

Categories and Ranking

Acunetix

Ranking in Application Security Tools

12th

Ranking in Static Application Security Testing (SAST)

11th

Average Rating

7.8

Reviews Sentiment

7.0

Number of Reviews

Ranking in other categories

Vulnerability Management (17th), DevSecOps (5th)

Veracode

Ranking in Application Security Tools

2nd

Ranking in Static Application Security Testing (SAST)

2nd

Average Rating

8.2

Reviews Sentiment

7.0

Number of Reviews

196

Ranking in other categories

Container Security (4th), Software Composition Analysis (SCA) (2nd), Penetration Testing Services (3rd), Static Code Analysis (1st), Application Security Posture Management (ASPM) (1st)

Mindshare comparison

As of December 2024, in the Application Security Tools category, the mindshare of Acunetix is 2.5%, up from 2.3% compared to the previous year. The mindshare of Veracode is 10.4%, down from 11.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Application Security Tools

Featured Reviews

AnubhavGoswami

Compliance Manager at Compunnel

Attractive automated reports with boost user productivity and an easy setup

The primary use is mainly related to vulnerability assessment, including both public and internal IP addresses By using this tool, we have reduced the workload and increased the productivity of users. It generates automated reports. This feature is beneficial when sharing reports with clients as…

Read full review

Sajal Sharma

Test Analyst - Security at Net solutions India Pvt.

Offers shift-left security strategy and helps us with the latest security configurations, OWASP standards, and SAST standards

It's robustness is the main benefit to the organization. As it gets upgraded with time, it also improves the coverage – security configuration coverages and vulnerability coverages. It also updates itself with the latest known vulnerabilities that are uploaded to the NVD, OWASP, or other databases. So it gets upgraded itself with that. And so with each upgrade, it gets better and better. The solution offers the ability to prevent vulnerable code from going into production. It provides us with a report containing multiple remediations and mitigations for each vulnerability. For example, if it finds a cross-site scripting vulnerability, it will also include references like CWE and CVE records, instructions on how to fix it, and the specific line of code or module where the vulnerability is present. This helps us fix the issues accordingly. I'm a penetration tester and DevSecOps engineer. I evaluate the findings, mark false positives, and manually exploit vulnerabilities if they exist. If we need further clarification, we raise a ticket with the Veracode team and get consultancy from them. We are a software development team. If we find a vulnerability, I exploit it and come back with the best possible mitigation, and the dev team fixes it. If we use Veracode Fix, it might use third-party implementations or make changes we aren't aware of. We need to be very aware of what our application is using internally. It should be known to us. As per my experience, the solution's policy reporting ensures compliance with industry standards. It comes with multiple features. I get the most out of it, and it's good. The solution provides visibility into application status at every phase of development. Like static analysis, dynamic analysis, software composition, and manual penetration tests - throughout the SDLC We have a pipeline that I maintain. I use the Veracode API account and have integrated it with AWS and our Jenkins pipeline. We use Snyk for SCA and Veracode for SAST scanning. At the earliest stage of the build, the SAST scan runs along with the JS and PHP files. It provides us with reports, which are then handed over to the other tools we depend on. If I validate the report or check the Veracode dashboard and find vulnerabilities, I mark them as false positives or existing issues. We work on multiple projects, but the one I'm handling these days only uses Veracode for SAST. It's been about one and a half years since I've been working with Veracode and this project. It is quite impressive. There are some things Veracode cannot find, like code obfuscations inside the code and some insecure randoms. Sometimes, it misses those flaws. But overall, if I compare it with other tools, it is better. I will definitely recommend others to use this tool. We run the scan before each deployment. If the dev team builds a new module or something, we scan it along with all the files. If we find anything, we get it fixed. That's how it works. Veracode is quite important to the organization's shift-left security strategy because we make a scan for each deployment. Sometimes, if I think we need to perform a shift-left, I just make a scan before deployment and check for any misconfiguration or vulnerability in the code.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The solution is highly stable."

"The vulnerability scanning option for analyzing the security loopholes on the websites is the most valuable feature of this solution."

"There is a lot of documentation on their website which makes setting it up and using it quite simple."

"The tool's most valuable feature is performance."

"Overall, it's a very good tool and a very good engine."

"The scalability is good. The scalability is more than good because it can operate both as a standalone and it can be integrated as part of applications. So that really makes it a very, very versatile solution to have."

"The most valuable feature of the solution is the speed at which it can scan multiple domains in just a few hours."

"We use the solution for the scanning of vulnerabilities like SQL injections."

More Acunetix pros

"Veracode's integration with our continuous integration solution is what I've found to be the most valuable feature. It is easy to connect the two and to run scans in an automated way without needing as much manual intervention."

"Another feature of Veracode is that they provide e-learning, but the e-learning is not basic, rather it is quite advanced... in the e-learning you can check into best practices for developing code and how to prevent improper management of some component of the code that could lead to a vulnerability. The e-learning that Veracode provides is an extremely good tool."

"The coverage of backdoors attacks on security that's the most valuable for my clients."

"It pinpoints the errors. Its accuracy is very interesting. It also elaborates on flaws, meaning it provides you with details about what is valid or not and how something can be fixed."

"I like its integration with GitHub. I like using it from GitHub. I can use the GitHub URL and find out the vulnerabilities."

"The SCA, agent-based analysis, is valuable. SAST and DAST take time, while this is quite fast. It gives the results very quickly. We have implemented it into our CI/CD pipeline."

"The automation of Veracode is great because we no longer have to run manual testing."

"The benefits are quick discovery and understanding of software vulnerabilities that we are putting in our own code. By discovering them quickly enough, we can triage them and determine the best ways to remediate them and prevent them from happening in the future."

More Veracode pros

Cons

"There is room for improvement in the pricing."

"The vulnerability identification speed should be improved."

"Acunetix needs to be dynamic with JavaScript code, unlike Netsparker which can scan complex agents."

"The solution's pricing could be better."

"It would be nice to have a feature to "retest" only a single vulnerability that the customer reports as patched, and delete it from the next scans since it has already been patched."

"You can't actually change your password after you've set it unless you go back into the administration account and you change it there. Thus, if you're locked out and don't remember your password, that's a thing."

"In terms of what needs improvement, the way the licensing model is currently is not very convenient for us because initially, when we bought it, the licensing model was very flexible, but now it restricts us."

"The cost can be reduced as management has noted it to be on the higher side."

More Acunetix cons

"Veracode's ability to fix flaws is less sophisticated than that of its competitors."

"Mitigation review isn't always super easy."

"Scheduling can be a little difficult. For instance, if you set up recurring scheduled scans and a developer comes in and says, "Hey, I have this critical release that happened outside of our normal release patterns and they want you to scan it," we actually have to change our schedule configuration and that means we lose the recurring scheduling settings we had."

"It will be beneficial for developers if Veracode Greenlight includes Python."

"Veracode is a little costly. It's cost-effective for a large enterprise, but it may be too expensive for small businesses."

"The usability isn't good in Veracode. Sometimes, it will show a problem, but it's difficult to go into their tool and figure out where it is. You primarily use a web browser to access their system. It requires a lot of clicks. The static analysis is a separate part of their system from the SCA, so that's a bit difficult. They haven't fully integrated that. It's difficult for the consumer."

"Raw file scans and dynamic scans would be an improvement, instead of dealing with code binaries."

"When Veracode updates the pool of tests and security checks, it could be a little more transparent about what it is releasing. It's not clear what it's adding. They do thousands of checks, and when they add more, there aren't many details about what the new tests are doing."

More Veracode cons

Pricing and Cost Advice

"The pricing and licensing are reasonable to a point. In order to run multiple scans at a time, we are going to have to purchase a 100 count license, which is an overkill. Though, compared to what we were paying for, the cost seems reasonable."

"I would say that Acunetix is expensive because there are products on the market with similar features that are equally or better-priced."

"The price is exceptionally high."

"The costs aren't very expensive. It costs around $3000 or $4000."

"When compared with other products, the pricing is a little bit high. But it gives value for the price. It serves the purpose and is worthwhile for the price we pay."

"The solution is expensive."

"It is a bit expensive. If you need to check five applications, you have to pay almost 14,000. It is an agreement for two years at 7,000 per year for only five applications. You cannot change the applications in the license. So, you are stuck with the same license for the five applications for one full year."

"The pricing is a little high, and moreover, it's kind of domain-based."

More Acunetix pricing and cost advice

"The price of Veracode Static Analysis is on the higher side."

"It is pricey. There is a lot of value in the product, but it is a costly tool."

"Veracode has been fair. We use their SaaS solution and it's just an annual subscription."

"We're very comfortable with their model. We think they're a good value. We worked very closely with Veracode on understanding their license model, understanding what comprises the fee and what does not. With their assistance in design, we decomposed our application in a way where we are scanning a very significant amount of code without wasting their capacity and generating redundant reported issues. You scan in profiles, per se. And we work with them, in their offices, to design the most effective approach. So the advice I would have for customers is, you can get up and live fast, but work closely with Veracode to refine the method you use for scanning and the way you compile the applications. There's a concept called entry-point scanning, and that's probably not used well by the rest of their customers. We see our licensing as a good value because we leverage it heavily."

"I believe the price is fair according to market standards."

"I'm unfamiliar with the solution's pricing, but it must be worth the cost from a company perspective, as we have been using it for years and have no plans to move away from it."

"I don't really get too involved in the cost sides of things that's in my job, I'm more of a technical focus, but I have heard from my manager and a couple other people that the solution is quite expensive."

"It is an expensive solution, but it's the best solution available on the market. If you want something at the top, you have to pay a bit more than the average."

More Veracode pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

824,053 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

17%

Financial Services Firm

13%

Government

Manufacturing Company

Financial Services Firm

18%

Computer Software Company

16%

Manufacturing Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Acunetix Vulnerability Scanner?

The tool's most valuable feature is scan configurations. We use it for external physical applications. The scanning time depends on the application's code.

What is your primary use case for Acunetix Vulnerability Scanner?

I use Acunetix for penetration testing purposes. This is the primary use case.

What advice do you have for others considering Acunetix Vulnerability Scanner?

I rate the overall solution nine out of ten. I prefer Acunetix for its more precise and accurate results.

Which gives you more for your money - SonarQube or Veracode?

SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...

What do you like most about Veracode?

The SAST and DAST modules are great.

What is your experience regarding pricing and costs for Veracode?

The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.

PortSwigger Burp Suite Professional vs Acunetix

Comparisons

OWASP Zap vs Acunetix

Compared 16% of the time

Compared 12% of the time

HCL AppScan vs Acunetix

Compared 10% of the time

Tenable.io Web Application Scanning vs Acunetix

Compared 8% of the time

Fortify WebInspect vs Acunetix

Compared 5% of the time

More Acunetix Competitors

SonarQube Server (formerly SonarQube) vs Veracode

Compared 24% of the time

Checkmarx One vs Veracode

Compared 12% of the time

Fortify on Demand vs Veracode

Compared 7% of the time

Snyk vs Veracode

Compared 6% of the time

More Veracode Competitors

Product Reports

Download Acunetix product report

Acunetix

December 2024

Download Veracode product report

November 2024

Also Known As

AcuSensor

Crashtest Security , Veracode Detect

Learn More

Invicti

Overview

Acunetix Web Vulnerability Scanner is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross site scripting, and other exploitable vulnerabilities.

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
Scalability - Supports organizations with large-scale application portfolios.
Compliance support - Ensures applications meet various security standards and regulations.
Developer training - Provides tools for educating developers on secure coding practices.
Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.

Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Sample Customers

Joomla!, Digicure, Team Random, Credit Suisse, Samsung, Air New Zealand

Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.