Acunetix Reviews

We are a consultant company. 

Just by scanning, Acunetix provides proof of exploit and gives the specific code affected. You can also see a categorized list of vulnerabilities. From there, you can easily create a report.

It integrates with multiple tools in the CI/CD pipeline, like Jira and web application firewalls.

Acunetix automation improved our customer's security testing process. By integrating with CI/CD tools, it enables a shift-left approach in the development process. This helps find vulnerabilities earlier rather than after the application is published.

The interactive transaction feature is a winning point for us. It's a great selling point. Also, the ability to provide an inventory of currently used APIs is very helpful.

There is room for improvement in the pricing. 

Tenable is better integrated and offers many tools in a bundle. I would like to see the same thing in Acunetix. Otherwise, I'm satisfied with Acunetix's performance.

I have been using it for three years. 

We propose this product for smaller or bigger businesses. 

But mostly to bigger enterprises. It's because of the reputation it has with bigger companies.

Acunetix provides good support. No complaints. 

Positive

Acunetix stands out with its metrics, features, and Proof of Exploit. Other solutions we've used don't have those.

There is also Tenable.io Web App Scanning. Tenable's advantage is how it handles vulnerability management. For example, if you have Ansible vulnerability management, you can see both sets of information in a single pane. The only other difference might be pricing, but I'm not entirely sure about that.

The initial setup is straightforward. Considering everything is in place, it will take about two weeks.

We usually help our customers implement the product.

The price is reasonable. We don't have many complaints from customers.

I would recommend Acunetix to others for their web vulnerability scanning needs.

Overall, I would rate it a nine out of ten. 

It is top-rated and widely employed for conducting security assessments on networks, websites, and applications. It is considered the gold standard for evaluating security measures and identifying vulnerabilities in websites, networks, and applications. The tool's extensive capabilities make it a go-to choice for ensuring security. It is renowned for its comprehensive scanning and assessment of networks and websites, but it is also known for its significant cost, particularly for deploying it on large clusters.

One of its primary features is its ability to offer automated solutions for application security. It comes equipped with an internal applicator, which automatically identifies and addresses vulnerabilities within the program. It then provides insights on how to rectify these issues, even showcasing the payloads and other relevant information in the report. Occasionally, it may generate some false positives, but for the most part, it delivers reports that are approximately 80% accurate. This allows users to manually test the function and ascertain its functionality. It also allows for communication with external entities, vendors, and servers used by the application. This information encompasses server hosting details, the status of open or closed ports, and insights into Indian Palantir, among others. These features make it an invaluable resource for those seeking to comprehensively understand their website's infrastructure and potential vulnerabilities.

The initial concern that comes to mind is the cost as the pricing structure is significantly high, especially for the average user. It amounts to approximately $2,000 per year, excluding additional expenses. There's a clear need for a reduction in pricing to make the service more accessible. Another critical enhancement should focus on the tool's ability to bypass Web Application Firewalls. Currently, it falls short in this aspect, which can be a significant limitation.

I have been working with it for nine years now.

It provides good stability abilities.

It offers excellent scalability capabilities. You have the flexibility to adjust your usage based on workload demands and it becomes a valuable and frequently used tool to accommodate the increased workload when multiple projects come in. I would rate it nine out of ten.

I am not very satisfied with the customer support they provide. It tends to be quite time-consuming. When I raised a ticket seeking assistance with a simple issue, their response time was notably delayed. They mentioned having a backlog of inquiries, and it took a while for them to address my specific question. There seems to be a disconnect between the amount of money they charge for their support services and the level of support they provide.

Neutral

The initial setup was straightforward. I would rate it nine out of ten.

You can easily download the application and install it on your desktop. The setup algorithm simplifies the application installation on your computer, it automatically configures itself on your system, eliminating the need for any manual configuration. It's a quick and hassle-free installation, taking just about five minutes to set up and configure. The deployment management is quite efficient and it can be handled by a single individual.

The price is exceptionally high. They offer various categories of services, but the problem lies in the lack of transparency. Before purchasing, they don't clearly outline the available versions or their limitations, and they don't display their pricing on the website. They should have a standardized pricing structure readily available on their website for all potential users to see. This lack of pricing information is a rarity and an issue that needs to be addressed.

To effectively utilize this tool on a monthly basis, users must possess a certain level of expertise. It is crucial that individuals who wish to employ this tool have experience in both programming and networking to make the most of its functionalities. I would rate it eight out of ten.

The primary use is mainly related to vulnerability assessment, including both public and internal IP addresses.

By using this tool, we have reduced the workload and increased the productivity of users.

It generates automated reports. This feature is beneficial when sharing reports with clients as it works as a unique selling point due to how attractive and descriptive the reports are.

The interface API and other functionalities are very good. However, the cost can be reduced as management has noted it to be on the higher side.

I have been working with Acunetix for almost two years.

The technical support provided by Acunetix is absolutely great. We received support from them at every point in time.

Positive

I used Nessus in one of my previous organizations due to cost reasons. However, my current organization decided to go with Acunetix.

The initial setup was easy because we had a proper software team consisting of developers, database administrators, and application teams. With the help of the vendor, we were able to implement it successfully. It took approximately three to four months.

The implementation was carried out with the help of a consultant.

The cost is being handled by the procurement team, yet it is on the higher side, and there is a recommendation to reduce it.

I would generally recommend Acunetix to any organization in the IT-enabled sector. However, I have not worked for a non-IT organization, so I cannot comment on that.

I'd rate the solution nine out of ten.

We use the product for dynamic analysis. It also helps us to scan web applications. 

The tool's most valuable feature is scan configurations. We use it for external physical applications. The scanning time depends on the application's code. 

Acunetix needs to include agent analysis. 

I have been using the product for four years. 

I rate the tool's stability a nine out of ten. 

I rate Acunetix's scalability a seven out of ten. My company has five to four users. 

I rate the tool's deployment a nine out of ten. 

We have seen good ROI with the tool's use. 

Acunetix is good and helps to scan properly. I rate it a nine out of ten. 

The primary use case of the solution is to scan our web applications for vulnerabilities.

The most valuable feature of the solution is the speed at which it can scan multiple domains in just a few hours.

The solution can be improved by adding the ability to scan subdomains automatically, and by providing reports that can be exported to external databases to share with other solutions. The solution is also costly and can use a price reduction.

I have been using the solution for two years.

The initial setup is not complex. You can be set up and start your first scan within an hour.

The implementation was done in-house.

The cost is based on two types of licenses, ConsultLite, and ConsultPlus, as well as the number of domains that are scanned. The minimum package is five domains or subdomains.

The other options I evaluated are AppSpider, Netsparker, and HCL AppScan.

I give the solution nine out of ten.

The solution is faster than AppSpider when scanning primary domains but it does not scan subdomains. If you require a solution that does a more in-depth scan I don't recommend the solution.  

Acunetix is the best service in the world. It is easy to manage. It gives a lot of information to the users to see and identify problems in their site or applications. It works very well. 

The only problem that they have is the price. It is a bit expensive, and you cannot change the number of applications for the whole year.

We have been partners for two years.

For such services, scalability is not relevant because you just scan your service and make a document of the problems that you have. After that, you have to take care of them and fix them. So, it's not like other services that have to be working 24/7. You only run it and receive information.

Its users vary because in some companies, the web is under the IT team, and in some companies, the web is under security, CISO, or something like this. It depends on how much personnel the company has to manage these tools.

The Acunetix team is in Malta. They are very good, and they provide support over the phone. They are available 24 hours a day, and they answer your queries very fast. They're very active and good.

It is a bit complicated, but their support is very good in case of any issues. It can be on-prem or on the cloud. It depends on what the customer wants.

You don't need more than one person for its maintenance.

It is a bit expensive. If you need to check five applications, you have to pay almost 14,000. It is an agreement for two years at 7,000 per year for only five applications. You cannot change the applications in the license. So, you are stuck with the same license for the five applications for one full year. 

In terms of additional costs, you may need an expert in applications/sites to write the code and fix the code problems. You can do all the things by yourself because it tells you what to do, how to fix, and what to change, but you have to give your people time to take care of those things.

For SMB customers, it is a good tool to take care of the applications and the website of the company. It works well, but it is a bit expensive. I would advise others to prepare the money for it.

I would rate it a nine out of ten.

We needed it to scan our internal network and web applications. 

Our security team of five people used it. We scheduled some monthly scans for web applications, which were not being used, to check for vulnerabilities and also vulnerabilities on new features.

Where I worked was a big group where there were many agencies under it, and we did the security for all other agencies. With Acunetix, we cut the time to make infrastructures and web applications (for our colleagues) more secure.

For one application with two or three critical vulnerabilities and some other vulnerabilities, it took like a week to remediate issues because the scan and findings were really fast. 

What I found to be valuable was the fully automated scanner because it is really fast. 

Acunetix has an awesome crawler. It gives a referral site map of near targets and also goes really deep to find all the inputs without issues. This was valuable because it helped me find some files or directories, like web admin panels without authentication, which were hidden.

Acunetix saves on the cost of time because it is fast.

When Acunetix finds a vulnerability, it also checks for a false positive so it can be a 100 percent sure about the issue that it found. The false positives are really low, maybe one percent.

I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection. 

They need more customized scans along with a way to edit their default payloads. While you can select which check to do, you can't add which payload to use.

I used Acunetix 20 months ago at the last agency where I worked.

The scalability was okay. We didn't need to do much work to implement it into the network or some web applications, so I think it's really easy to scale. We didn't need to do work on it because the solution is adaptable to every environment.

There were about 20 websites and other web applications.

I never needed to talk to the Acunetix technical support.

They were previously using Fortify WebInspect, which was good, but very costly.

It was very easy to set up Acunetix, as they give you an installer that does everything. You just need to click: "Install".

It takes a maximum of 10 minutes to deploy, if you want to read everything.

We did other configurations to enable the IP address to talk to all the networks.

We also used Acunetix on a Linux server. The deployment process was the same as Windows. It was just another installer, but for Linux.

It saved us many weeks of work.

We didn't sell anything with Acunetix, so it was just an improvement for ourselves.

If someone would have hacked us, they probably would have caused much damage. However, now with Acunetix, they shouldn't be able to cause to damage.

I think all the scanners, except Burp Suite, are a bit costly.

Implementing Acunetix needs a medium or larger business agency, because you need some money to get Acunetix. It is costly, but if you care about your agency's security, then maybe it's a cost that might help you in the future.

Acunetix is the fastest scanner available compared to applications like Netsparker and Fortify WebInspect. The longest scan with Acunetix, and it was for a huge web application, took only four hours. Other scanners did the job in six to eight hours. 

While I like Netsparker, it is really slow compared to other scanners.

We found 50 unexpected, high vulnerabilities for three web applications. This made our principal a bit mad.

We found three or four DOM-based XSS vulnerabilities using this solution.

It did not require maintenance on our part. We just needed to give it some credentials.

I would rate it as a nine out of 10.

We use the product for application security.

The tool's most valuable feature is performance.

Acunetix needs to improve its cost.

I have been using the product for a year.

The tool is stable.

Acunetix is scalable.

The tool's support is good.

Positive

I rate the product a nine out of ten.