Acunetix Reviews

We use the solution for the scanning of vulnerabilities like SQL injections. 

Acunetix needs to be dynamic with JavaScript code, unlike Netsparker which can scan complex agents. 

I have been working with the solution for three years. 

Acunetix is very stable. 

The solution is scalable if you use the cloud version. You will face limitations with RAM and processor on the desktop. 

We have not faced any issues to complain about. 

I have used Netsparker before. 

Acunetix is easy to install and took only two minutes to deploy. For desktop applications, you need to download an EXE file. Deployment over the cloud requires API. 

I would rate Acunetix an eight out of ten. I don't recommend it for dynamic websites. It is recommended for static pages. 

We use the product for dynamic analysis. It also helps us to scan web applications. 

The tool's most valuable feature is scan configurations. We use it for external physical applications. The scanning time depends on the application's code. 

Acunetix needs to include agent analysis. 

I have been using the product for four years. 

I rate the tool's stability a nine out of ten. 

I rate Acunetix's scalability a seven out of ten. My company has five to four users. 

I rate the tool's deployment a nine out of ten. 

We have seen good ROI with the tool's use. 

Acunetix is good and helps to scan properly. I rate it a nine out of ten. 

Acunetix is the best service in the world. It is easy to manage. It gives a lot of information to the users to see and identify problems in their site or applications. It works very well. 

The only problem that they have is the price. It is a bit expensive, and you cannot change the number of applications for the whole year.

We have been partners for two years.

For such services, scalability is not relevant because you just scan your service and make a document of the problems that you have. After that, you have to take care of them and fix them. So, it's not like other services that have to be working 24/7. You only run it and receive information.

Its users vary because in some companies, the web is under the IT team, and in some companies, the web is under security, CISO, or something like this. It depends on how much personnel the company has to manage these tools.

The Acunetix team is in Malta. They are very good, and they provide support over the phone. They are available 24 hours a day, and they answer your queries very fast. They're very active and good.

It is a bit complicated, but their support is very good in case of any issues. It can be on-prem or on the cloud. It depends on what the customer wants.

You don't need more than one person for its maintenance.

It is a bit expensive. If you need to check five applications, you have to pay almost 14,000. It is an agreement for two years at 7,000 per year for only five applications. You cannot change the applications in the license. So, you are stuck with the same license for the five applications for one full year. 

In terms of additional costs, you may need an expert in applications/sites to write the code and fix the code problems. You can do all the things by yourself because it tells you what to do, how to fix, and what to change, but you have to give your people time to take care of those things.

For SMB customers, it is a good tool to take care of the applications and the website of the company. It works well, but it is a bit expensive. I would advise others to prepare the money for it.

I would rate it a nine out of ten.

We needed it to scan our internal network and web applications. 

Our security team of five people used it. We scheduled some monthly scans for web applications, which were not being used, to check for vulnerabilities and also vulnerabilities on new features.

Where I worked was a big group where there were many agencies under it, and we did the security for all other agencies. With Acunetix, we cut the time to make infrastructures and web applications (for our colleagues) more secure.

For one application with two or three critical vulnerabilities and some other vulnerabilities, it took like a week to remediate issues because the scan and findings were really fast. 

What I found to be valuable was the fully automated scanner because it is really fast. 

Acunetix has an awesome crawler. It gives a referral site map of near targets and also goes really deep to find all the inputs without issues. This was valuable because it helped me find some files or directories, like web admin panels without authentication, which were hidden.

Acunetix saves on the cost of time because it is fast.

When Acunetix finds a vulnerability, it also checks for a false positive so it can be a 100 percent sure about the issue that it found. The false positives are really low, maybe one percent.

I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection. 

They need more customized scans along with a way to edit their default payloads. While you can select which check to do, you can't add which payload to use.

I used Acunetix 20 months ago at the last agency where I worked.

The scalability was okay. We didn't need to do much work to implement it into the network or some web applications, so I think it's really easy to scale. We didn't need to do work on it because the solution is adaptable to every environment.

There were about 20 websites and other web applications.

I never needed to talk to the Acunetix technical support.

They were previously using Fortify WebInspect, which was good, but very costly.

It was very easy to set up Acunetix, as they give you an installer that does everything. You just need to click: "Install".

It takes a maximum of 10 minutes to deploy, if you want to read everything.

We did other configurations to enable the IP address to talk to all the networks.

We also used Acunetix on a Linux server. The deployment process was the same as Windows. It was just another installer, but for Linux.

It saved us many weeks of work.

We didn't sell anything with Acunetix, so it was just an improvement for ourselves.

If someone would have hacked us, they probably would have caused much damage. However, now with Acunetix, they shouldn't be able to cause to damage.

I think all the scanners, except Burp Suite, are a bit costly.

Implementing Acunetix needs a medium or larger business agency, because you need some money to get Acunetix. It is costly, but if you care about your agency's security, then maybe it's a cost that might help you in the future.

Acunetix is the fastest scanner available compared to applications like Netsparker and Fortify WebInspect. The longest scan with Acunetix, and it was for a huge web application, took only four hours. Other scanners did the job in six to eight hours. 

While I like Netsparker, it is really slow compared to other scanners.

We found 50 unexpected, high vulnerabilities for three web applications. This made our principal a bit mad.

We found three or four DOM-based XSS vulnerabilities using this solution.

It did not require maintenance on our part. We just needed to give it some credentials.

I would rate it as a nine out of 10.

We use the product for application security.

The tool's most valuable feature is performance.

Acunetix needs to improve its cost.

I have been using the product for a year.

The tool is stable.

Acunetix is scalable.

The tool's support is good.

Positive

I rate the product a nine out of ten.

The solution's most valuable feature is its capability to scan the rest APIs. 

They should include the features for reporting in the solution's next release. Also, a dashboard feature could help us view scanning targets segregated into different categories. In addition, there should be a feature to export the data into Excel Spreadsheet.

We have been using the solution for 15 years.

The solution is highly stable. I rate its stability an eight out of ten.

I rate the solution's scalability a four out of ten. Our clients are enterprise businesses. Also, we have two solution users in our organization.

For standard use cases, we deploy it on a notebook or a desktop machine. In case of integration with a development system, we deploy it on a server or a virtual memory machine. I rate the solution's initial setup process a five out of ten.

The solution is expensive. Its price is based on the number of targets. It has an annual subscription plan and costs around HK$500,000. I rate its pricing a nine out of ten.

I advise others to stay connected to the solution online to ensure the license is up-to-date. I rate it an eight out of ten.

The solution is mostly used for vulnerability scanning purposes. 

I'm drawn to Information Security. I immediately look for security threats vulnerabilities. Therefore, the report generation, the reports that are being monitored are great in that they were very easy to read and understand. 

It's user-friendly and the language that they use is pretty good. 

Overall, the tool is very good in context. It's definitely helpful from a tech intelligence perspective and for identifying vulnerabilities. I like that we can sort the vulnerabilities based on severity levels. 

The initial setup is easy.

There is a lot of documentation on their website which makes setting it up and using it quite simple.

Technical support is available 24/7.

Normally, the product asks for the URL address before scanning a certain application. Acunetix is immediately used for web application scanning purposes for vulnerability assessment. However, it doesn't seem very helpful or useful for scanning web services, and that has what I feel that the organization could work better on that.

The pricing is a bit on the higher side.

I've been using the solution for about two years at this point.

The solution is very stable. There are no bugs or glitches. It doesn't crash or freeze. it's reliable. 

The solution is scalable in the sense that it can be easily migrated.

We have about 50 to 55 users on the solution currently.

Technical support is fine. Whenever we have any queries the support is available. We have the paid version. We have paid for it, however, it's great due to the fact that it's available 24/7.

Although we are working with Acunetix, we are planning to migrate to Nessus in the future. We used Nessus around seven or so years ago. The current solution is a good one, however, my organization wants to try a new, different product. That is the reason we now moving to Nessus.

The initial setup is not overly complex or difficult. It's very straightforward and very easy. On their website, they have lots of documentation that walks you through the process. 

For deployment or maintenance, you only need a maximum of four or five people.

We do pay extra for technical support, however, it's 24/7 support which means we always have access to them if we need them.

The pricing is on the higher side. That could be okay for certain organizations. That said, if they could lower it, that would be ideal. Yeah. To me, it actually all depends upon the companies. My organization is not too big, and we're using it for managing a small set of people. If I have to spend much more, it wouldn't make any sense. 

We are into telecommunications, we have bought this product from the vendors.

We're using the latest version of the solution. We try to only use the most up-to-date option.

Overall, the tool is efficient enough to identify and track your vulnerabilities and it's good for intelligence scanning purposes. I'd advise users to just be cautious while the installation happens in terms of what logins are included and what are missing. 

The main thing is that users have to define their scope and objectives and only on the basis of that will the tool work. 

That said, you always have choices in the market - if this one does not fit your needs.

I'd rate the solution at a seven out of ten.

Our company has more than 300 employees and we have regional offices in Japan and Malaysia. We are in the FinTech industry. We do banking solutions, mobile, branch-based, and agent banking. We are also into government projects.

We have two lines of application testing. One is for internal application deployments. Before all these deployments, we conduct testing with Acunetix and, based on the report generated, we do remediation. Once the remediation is done we will do more testing. Only once all the vulnerabilities have been fixed is it allowed to be deployed in the organization's environment. 

The second use case is that we do application development for banks. Whenever we develop backend applications or web applications, they are all tested for vulnerability. In addition, the mobile application code is tested using Acunetix.

We didn't have much in the way of exposure to this kind of information when I joined the organization. I introduced this system to test all the applications that were going to be released to customers, as well as for our internal vulnerability assessment and penetration testing purposes.

The number of "high" and "medium" vulnerabilities found using this solution will depend on the development process. But when we started using Acunetix, and other testing tools as well, we had a lot of vulnerabilities. We had to invest a lot of time in fixing vulnerabilities in those days, about two years back. Now, we don't get that many vulnerabilities because the developers and the application testers have improved a lot. They code in a way that results in fewer vulnerabilities.

Most of the vulnerability standards we've used give a fair number of false positives. But with the latest version of Acunetix, we have seen a good standard of false positive rates. Sometimes, customers actually want to have a list of false positives, but the number of false positives we now get is much less than earlier.

It's very user-friendly for the testing teams. It's very easy for them to understand things and to fix vulnerabilities. For anyone who does development, Acunetix is going to be a very powerful tool, and very easy to use. It gives all the required information for fixing your vulnerabilities.

The jargon used makes it difficult for project managers to understand the issues, and the technical explanations used make it difficult for developers to understand issues. These things should be simplified much more. That would be very helpful for us when explaining to them what needs to be fixed. The report output needs to be simplified.

We've been using Acunetix Vulnerability Scanner for the last three years and we don't have a reason to change to a different solution.

We haven't come across unexpected downtime or unexpected issues.

We don't scan more than 35 solutions, but we are always working on improving them and, whenever an improvement comes up, we scan it.

We initially decided that it was going to be deployed on a central server and we didn't look into the scalability. We set up the environment and we have been using it for some time. We haven't come across the need for scalability.

We have five usernames for Acunetix, but most of the time only two of them are being used. Generally, in a week, we may conduct five or six tests. We don't have much load on it. We do intend to expand the number of users in another six months' time with an additional three or four users, as we are expecting more application testing in that time.

We had to contact technical support some ago but not since then. Sometimes the blog provides support very well, and we have also attended certain webinars.

We would really appreciate it if they would provide training on advanced usage or technical knowhow. That would help us to attend to things and sort them out.

The company had been using InMap and was using manual vulnerability assessment practices, using Kali Linux and some open source applications. But once I joined the company, we changed to a different level because we are an ISO 27000 certified company as well as being PCI DSS application certified with a PCI DSS certified data center. We host payment applications on behalf of Sri Lankan and Malaysian banks. Because of that we introduced these automation systems. We use Acunetix and we use PortSwigger and some other tools.

We used Nessus and we have experience with QualysGuard as well, but Acunetix gives us code-level identification of vulnerabilities and a good understanding of the code-level vulnerability fixes. It is much more helpful for us because we can understand how to fix the vulnerabilities at the code level. The vulnerability identification is much more powerful in Acunetix than in any other tool.

The initial setup is very simple. 

We use this application for testing in different environments, such as production and DR, and implementing of scanning in those environments can sometimes be a little bit tough. But that is not due to the complexity of the application but more because of the complexity of the environments that we maintain, to keep our compliance level high.

The way we set it up is that once development is over, we push it to a single location. For that, it's not a very complex environment, it's a single PC. We do the scanning on that PC so that development is actually on a single server. The setup for that didn't take much time. Within two to three days, the complete setup was finished and the initial testing was run.

We have seen ROI with Acunetix. That's the most convincing point I have to prove to my management when it comes to the next budgeting cycle. The ROI is seen in the fact that, at the time of application releases, we hold off the risk. When we do the assessment, we see that the distributed cost of Acunetix, across all our releases reduces our risk. It's a very convincing point.

When compared with other products, the pricing is a little bit high. But it gives value for the price. It serves the purpose and is worthwhile for the price we pay. Other than the licensing, we haven't come across any other costs.

We are very comfortable with the granularity of tests. Sometimes, for certain specific areas, we use different tools, but we feel that Acunetix is much more helpful for all the development teams in understanding the output of the system. In certain cases, the scope of the application and the exposure of the application is varied and then, for additional security measures, we use different tools to evaluate these applications. That makes us much more comfortable in explaining to our customers that we don't only rely on a single tool, that we use multiple tools to identify things in complex environments. Customers want to have different views, not only a single view, of application testing. 

Acunetix provides the primary vulnerability assessment. Once we believe we can rely on Acunetix, we will be able to save money on other licenses. The most interesting part is that the application security vulnerability reports of Acunetix are much more explainable in simple terms, for developers.

Also, the jargon that some of the applications that I have looked at—certain open source applications—use and the setup required are highly technical. You have to do a lot of maintenance to keep the environment up and running. Acunetix is a lot more comfortable. Newly recruited people and project managers can easily understand it. This is one of the winning points of Acunetix.

In our tests of Acunetix, we didn't find much difference, performance-wise, when comparing it with other applications. It's lightweight but it doesn't matter if it is a little bit heavy, since it provides a much broader spectrum of vulnerabilities. Acunetix is much more customizable for granular levels of testing.

In terms of the amount of time it takes to complete a scan using Acunetix, a web application, for example, with two or three endpoints takes between half an hour and 40 minutes. If I use the Kali Linux, it will take more time, and then you have to do much more customization which requires heavy technical knowledge. Other solutions take time to scan and may give a much more broader spectrum, but they do not identify vulnerabilities for the purpose of fixing them. They identify them to explore them. Acunetix scans for most commonly identified issues. The problem with other solutions is that, while we may be able to see a lot of vulnerabilities, if the solution has not been identified we end up with questions as to whether we are able to release it or not. We don't come up against that issue with Acunetix.

I would definitely recommend Acunetix to anyone who wants to do one vulnerability assessment from an application development perspective.

The amount of time it takes to remediate something will depend on the developer's knowledge and ability to fix vulnerabilities. That doesn't depend on the solution, on Acunetix, but rather on the technical knowhow of the people who engage in that.

But that particular jargon and the technical explanations we have for fixing vulnerabilities need to be improved, so that managers who don't have technical knowhow, can easily understand what needs to be done to fix the vulnerabilities.

Overall, I would rate the solution as a seven out of 10. While we use this tool for application testing, we need another tool to test application traffic interception. Acunetix doesn't have that ability. If it did, I would definitely rate it as nine or 9.5. After using Acunetix for application and code-level testing, the same application will be tested again for application traffic interception. With the results of the traffic interception, we again go back to the code level and then identify where the issues are. If Acunetix had that capability, I would be able to raise it as a nine or 9.5.