Acunetix Web Vulnerability Scanner is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross site scripting, and other exploitable vulnerabilities.
| Type | Title | Date | |
|---|---|---|---|
| Category | Application Security Tools | Aug 11, 2025 | Download |
| Product | Reviews, tips, and advice from real users | Aug 11, 2025 | Download |
| Comparison | Acunetix vs SonarQube Server (formerly SonarQube) | Aug 11, 2025 | Download |
| Comparison | Acunetix vs Veracode | Aug 11, 2025 | Download |
| Comparison | Acunetix vs Checkmarx One | Aug 11, 2025 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| SonarQube Server (formerly SonarQube) | 4.0 | 22.4% | 81% | 116 interviewsAdd to research |
| GitLab | 4.2 | 2.6% | 97% | 85 interviewsAdd to research |
Acunetix was previously known as AcuSensor.
Joomla!, Digicure, Team Random, Credit Suisse, Samsung, Air New Zealand
We use it for internal penetration testing, for security reviews.
Acunetix is just one tool of many that we use. We try to cover as much as possible during assessments. We do security assessments of all the code and everything we develop internally. When we do a security assessment, we do a manual code review and we use different kinds of tools, as well as manual testing against the application, etc. It's just one tool within many that we use. It has been very useful in that it's found things that we otherwise might have missed.
As a team, it's helped us to deliver better security assessments. There are only two of us here who do the penetration testing, and we've been providing better results from our testing.
The most important feature is that it's a web-based graphical user interface. That is a great addition. Also, the ability to schedule scans is great.
The speed of Acunetix has been pretty good. It's been the same as most other tools that we use, but it's been good.
It should be easier to recreate something manually, with the manual tool, because Acunetix is an automatic tool. If it finds something, it should be easier to manually replicate it. Sometimes you don't get the raw data from the input and output, so that could be improved. That's the main concern for me.
I would like to see some more advanced settings when it comes to authentication and authorization, and other fine-grain adjustments you could do to the scan engine. The advanced functionality could be a little bit better.
We haven't had any issues with the stability. It's been very good.
Since we only have two small licenses, I cannot judge the scalability. I haven't tried out how it scales.
Technical support has been good. We had some issues or comments, mostly, on the features. We have asked for features and support has been pretty good. They've been very responsive.
The speed of Acunetix would be about the same as previous solutions we've used. Most of the time I just kick it off, walk away, come back later, and check it out. The speed is not the most important thing for us. Of course, we don't want it to drag on too long.
The false-positive rate has also been comparable to most other tools we use. I wouldn't say that it's best-in-class. One of the biggest problems I've had with Acunetix is that it's hard to replicate things manually because you don't get the raw packet. Its debugging functionality hasn't been the best.
The initial setup was very straightforward. The deployment took a couple of minutes. It didn't take long at all. There wasn't really an implementation strategy. We just installed it - nothing special - on our work station.
There are just the two of us who take care of the deployment and maintenance.
We did it ourselves.
I can't share data points, but we have seen ROI. Otherwise, we wouldn't have renewed the license. Every year we evaluate if we're going to keep a vendor or not. Since we have renewed our license, we think it has ROI value.
It's impossible to answer whether it has saved us money in the long-term, but of course, since we use automatic tools, we don't need as many personal testers. However, personal testers also find a lot of bugs that automatic tools don't find. You need a combination of both.
Acunetix was around the same price as all the other vendors we looked at, nothing special.
We just did a PoC with a couple of different vendors, and we liked Acunetix the most.
Think about the usage of the product. What are you going to use it for? Try to see the whole picture. It's very important to see the whole picture: This is one component in web application security testing. It's not only the security scanner.
If you ask how long it takes to complete a scan using this solution, it's like asking, "How long is a rope?" It's very dependent on the applications. It can be anything from 20 minutes to many hours, even 12 to 18 hours.
We use it for ten or 15 websites or locations. We just do a test and then we come back. We have many applications that we test yearly, but we don't do continuous scanning with Acunetix. We just use it for our security assessments. In terms of increasing usage of Acunetix, I think we're happy where we are now. It's being used all the time during assessments, every week, almost daily.
Because we don't do continuous scanning of production environments, we can't say how long it takes to remediate problems. We only do scanning when we do code development. Remediation could be anything from hours to weeks, depending on the developers. And it's nothing that's in production, so it doesn't matter if it's one or two or five days or hours.
We haven't found many high-level vulnerabilities, more mediums, and a lot of lows.
I would give Acunetix a seven out of ten. It's been a great tool for doing dynamic web application security testing, but it's not as versatile as Burp, which is more focused on manual testing. On the other hand, it has a lot more tests than Burp's active scanning has. I think it's a good product and it's being actively developed.
