Acunetix Reviews

We use Acunetix for POC.

We have a scanner site website. We have two web applications, related to banking, that primarily serve our customers. We use Acunetix Vulnerability Scanner to ensure that the APAs that have been exposed to the customers are well-protected and don't have any major vulnerabilities.

We wanted to have some kind of vulnerability scanner which could evaluate our requests and tell us where any vulnerabilities may reside. For that purpose, we use Acunetix scanner.

Originally, we used version 3.12, but they provided us with different products including Acunetix premium and Acunetix 360. We figured Acunetix 360 would be much better suited for our solutions; that's why we are currently using the trial version of Acunetix 360 at the moment.

Within our company, there are around five to ten people using this solution. Some from DevOps, IT Security, and a few penetration testers use it.

The reporting is pretty good. I haven't seen reporting of that level in any other tool. It also allows for segregation. If I want to generate a report regarding vulnerabilities, I can simply select that particularly vulnerable section and it will generate a report with all the work in the web application. 

Similarly, for PCAD assisting, I can also generate a report — in multiple formats, including PDF, HTML, and doc files. 

Segregation of reports is really, really good with Acunetix; it provides us with a lot of in-depth details. This feature stood out when comparing Acunetix with other tools.

It provides me with a list of vulnerabilities that we weren't able to identify when doing manual penetration testing. It located and picked out some hidden vulnerabilities as well, which are hard to spot with the naked eye.

The scanning speed could be faster. It digs really deep, so that could be one of the reasons why it takes a while. If I want to scan an application, it's going to take over three to four hours. That's something I think they could improve.

Instead of posting hundreds of requests to find the vulnerability, if it simply had the capability to find that particular vulnerability in the payload itself, that would make a big impact.

The vulnerability identification speed should be improved. It takes more time compared to other tools I have used. 

Simply put, Acunetix passes too many payloads in order to identify one part of the ratio. That's probably why it can take a while to identify a particular issue. Other tools are able to identify vulnerabilities with just a few requests. Acunetix takes more time to make certain if a vulnerability exists. That's one of the areas which they can improve on.

The scan configuration could be improved. The first thing that we need to do is set up a site policy and a scan policy. By site policy, I mean we have to choose what kind of technology our site is developed with so that it will only pass payloads related to that technology.

For example, if I'm using MySQL or Python as my backend database, it will only check payloads related to MySQL or Python; it won't check Java or other programming languages.

We have to define the scanning configuration as well as the site configuration each and every time. This has to be done whenever we are adding a new set of sites or domains.

Other tools provide a list of predefined scan policies, but with Acunetix, we have to create our own every time. We have to spend a lot of time setting up these configurations, rather than just picking them from a vast variety of predefined sets of configurations, which is much easier.

We have been using a trial version of Acunetix for about a month.

The stability is good. The scans always produce consistent and reliable results.

We used Acunetix to scan three of our web applications.

I think it needs to expand to other operating systems because most organizations use a Linux- based environment, which it currently doesn't support. I think that's a big problem.

The technical support is really good. Whenever we experienced an issue, we just scheduled a call. It's not directly with Acunetix, their providers in India got in touch with us. 

They are the ones who told us about the product, its features, and its specifications. They are who we speak with if we have any issues or need support. They act as a middle-man between Acunetix and us — they are resellers.

Initially, I believe Acunetix provided us with two solutions. One was a SaaS, which means that they host it on their cloud. They also provide the option to host Acunetix on our internal servers, behind our firewalls, with an on-premise version.

The problem with the on-premise version is that it works only on Windows Servers. I can't install it on a Mac or a Linux-based machine. That was quite challenging for us because all of our cloud infrastructure has been AWS instance, which is of a Linux-based operating system. 

As far as security testing is concerned, we would prefer to host Acunetix, on-premise, because everything would be within our firewall. If we wanted to host it on the cloud, then we would have to sign a non-disclosure, because they know what vulnerabilities exist on our site.

For this reason, we generally prefer to host it on-premise so that they will have a restriction within our firewall, so no one can gain access from the outer wall. Setting up the on-premise version of Acunetix is quite challenging and it's not that straightforward because it only supports one operating system.

However, we found it so difficult to host on-premise that we actually had to stop. Instead, we have decided to go for the cloud version. All we have to do is send them our application to scan in their cloud.

We followed an implementation strategy. With our compliance and security team, we followed a procedure with Acunetix so that any vulnerable information that exists on our site remains safe and secure.

We didn't deploy it ourselves because we used their SaaS model. There is no deployment from our side. Initially, we thought of hosting it on our own server; if we did, we would have required a dedicated person to look after the deployment and setup.

Since we don't have a Windows Server, we opted for the SaaS model because the on-premise version is only compatible with a Windows Server. We don't have a license for a Windows Server so instead of purchasing all of the licensing, we just opted for the SaaS solution. 

The pricing is a little high, and moreover, it's kind of domain-based. For example, if I have one site that has a lot of sub-domains, they will register all of the sub-domains as individual sites. That caused problems for us.

We have three sites with 10 sub-domains each — so technically 30. We ended up having to purchase 30 licenses, which costs a lot. Instead of paying per site, I think it would be better if they proposed some other kind of pricing and licensing model, like Burp's model. That's why we preferred Burp over Acunetix.

With Burp,10 agents can scan 10 sites. Even if we scale our application, we don't have to purchase a new license. We can reshuffle the agents to scan multiple websites. One agent can scan our site today, and the same agent can scan another site tomorrow. This is the pricing model of Burp, which was perfect for us.

The Acunetix licensing and pricing model is somewhat complicated. If we calculated all of our domains and sub-domains, the sum would be huge. That's why we thought of leaving Acunetix.

I believe we also evaluated Zap and Portswigger Burp suite.

The false-positive rate is not that high, but it's not very low either. There were a few false-positive cases that were triggered when we scanned both of our web applications. So, they're not minimal, but they're not high either, they occur somewhere in between.

The time it takes to remediate issues with Acunetix depends on the type of issue. Minor issues can be resolved within a day. Bigger issues, involving debugging from scratch can take around a week.

In total, we experienced about five high-level vulnerabilities, three mid-level, and 17 low-level vulnerabilities. We also found a few DOM-based, cross-site scripting vulnerabilities.

If you're interested in this solution, you have to consider the pricing model, because when your application is scaling, the cost of Acunetix also spikes up. If you want to scale, you need to look into the cost of Acunetix as well.

Also, the on-premise version takes a lot of effort. Maintaining a Linux-based system is a lot easier; it's difficult for some engineers to maintain a Windows-based operating system. 

On a scale from one to ten, I would give this solution a rating of five.

On the positive side, they have a good reporting module and scanner, which is capable of identifying most vulnerabilities. On the negative side, I think the on-premise version needs to be improved. Rather than sticking to one operating system, it needs to support multiple operating systems.

Apart from that, the pricing model also needs to be revisited. If you want to scale an application, you have to spend more money with Acunetix because it uses a domain-based pricing model, which is not something I like using. For these reasons, I am giving Acunetix Vulnerability Scanner a rating of five. 

Our primary use case is scanning our websites for security flaws.

The usability and overall scan results are good.

The vendor messed up our contract when they changed the licensing scheme and downgraded our license without any notification. It was dropped from a premium license with unlimited scan targets to a professional license with 10 targets per year. This is insufficient for us because we have about 50 public websites, and twice that number between internal and development sites. We ran out of scanning targets after only two months, so we have been evaluating other products since then.

There is room for improvement with respect to technical support.

We were having trouble with our Active Directory Federation Services. They couldn't work out how to authenticate the websites.

There is room for improvement in website authentication because I've seen other products that can do it much better.

We have been using the Acunetic Vulnerability Scanner for seven years.

We have not had any problems with stability.

Scalability has not been a problem except when it comes to licensing.

Technical support was not overwhelmingly good, but it was okay. They couldn't provide solutions to every problem that we encountered, although they helped us from time to time.

The pricing is not as good as we expected. I would say that Acunetix is expensive because there are products on the market with similar features that are equally or better-priced.

When we started with Acunetix seven years ago, it was quite good in terms of being competitively priced. It was up to the task and financially suitable. Now, however, with the change in the licensing scheme, it is a rather large step in terms of price. It has gone up by a factor of 30 in the past two years.

Our experience with Acunetix has not been good, so we are in the process of switching solutions.

The product is quite good, but their sales techniques are poor and the sales teams need to be improved. They also should have provided a lot more information about the new licensing scheme when they changed it.

I would rate this solution an eight out of ten.

We have quite a few applications that we scan. We have a requirement to meet PCI DSS compliance and we deal with it by producing reports on a quarterly or a part-quarterly evaluation. We are customers of Acunetix and I'm the executive director of our company. 

We're happy with Acunetix although we're currently looking for a more cost effective solution. There might be a better product on the market and we're looking for that. What I gather from my colleagues who do the scanning is that this solution picks up any weaknesses in terms of our application setup as well as reading our application and finding the weaknesses. We need that PCI DSS report which is important for us. The solution is comprehensive and easy to use. 

The costs for the licensing have changed and it's not in our favor which is why we're now looking at other options. One of our issues is that Acunetix only supports web scanning, no mobile app for now. If they were to include that it would mean not having to work on two separate tools. 

I've been using this solution for three years. 

We've raised some minor issues with support. There are certain aspects that Acunetix cannot power and we haven't been able to resolve those problems yet. 

I don't believe there are issues with scaling.

I think that generally their customer service is quite responsive. Whenever we encounter problems or new external applications, they're willing to guide us through the process. 

I think the company previously used Netsparker and that was even more expensive than Acunetix. 

Licensing is on an annual basis and we pay the standard licensing fee directly to Acunetix.

The solution meets our requirements, it's just that we were moved from a perpetual license to an annual license and that has significantly increased our annual fees. Here in Bangladesh, we're trying to check comparable products in the same price range and see what they offer. 

I would rate this solution a seven out of 10. 

The most valuable feature of Acunetix is the UI and the scan results are simple.

There are some versions of the solution that are not as stable as others.

I have been using Acunetix for approximately two years.

The stability of Acunetix is good.

Acunetix is scalable.

We have approximately 50 engineers using Acunetix.

I have requested support from the vendor regarding our scan results that have false positives. The vendor double checks and adds a patch if needed. However, their response is too slow.

I have used previously used other solutions, such as Aspen and Laguna. We chose Acunetix because it is easy to use.

The initial installation of Acunetix was simple.

We did the deployment of the solution ourselves. We have approximately 20 people that do the support and deployment of Acunetix.

I rate Acunetix an eight out of ten.

The solution is primarily used purely as a web-based vulnerability scanning tool.

The solution is a very flexible tool.

Overall, it's a very good tool and a very good engine.

The product is very scalable.

We found the solution to be quite stable.

For the number of features on offer, the price point is quite good.

The installation is very straightforward.

The solution should work on dealing with the number of false positives it delivers.

While we do have it integrated with other solutions, it could still offer more integrations.

I've been dealing with the solution for the past two years.

The solution is very stable. There are no bugs or glitches. It does not crash or freeze. It's very good.

The solution is scalable. If a company needs to expand it, it can do so with relative ease.

Right now, we have four or five of our customers using the product.

The solution's technical support is okay. We have no complaints. They are helpful and responsive and we are satisfied with their level of service. 

The initial setup is not too complex. It is simple and straightforward. A company should be able to implement it with ease.

The price point is good. It offers very good value for money.

We are resellers.

We deal with various deployment models including on-premises and the cloud.

I'd recommend the solution to other companies. This is a very good tool for vulnerability assessment. Every organization who has their assets over the internet and are exposed to a public website needs to have vulnerability assessment using Acunetix.

In general, I would rate the solution at a seven out of ten.

Our primary use case is to secure web applications, especially against cross-scripting and other forms of malware that happen at an application level.

The scalability is good. The scalability is more than good because it can operate both as a standalone and it can be integrated as part of applications. So that really makes it a very, very versatile solution to have.

We want to see how much bandwidth usage it consumes. When we monitor traffic we have issues with the consumption and throttling of the traffic. 

We've been using Acunetix since 2017.

It is a stable solution. It doesn't have a lot of false positives. You get your logs and reports without any problems. 

I haven't contacted technical support because I'm supposed to be the first line of their support. If I need to contact their support, it's because I have problems beyond my scope. 

The initial setup was really straightforward. You can do it even if you're not an expert, you just need to download the appliance from their website and then you deploy. It took a few hours. 

I would recommend Acunetix.

Everything is going cloud-based. They should consider implementing SD-WAN abilities. It will give them the longevity they need.

I would rate it an eight out of ten. Even though some solutions are cloud-native by definition, they are not really next generation because the next generation is fully cloud and properly load balanced.

For the last two years, we've primarily used the solution for specific scanning of external web applications for some of our clients.

For us, the most valuable aspect of the solution is the log-sequence feature.

The main components covering most of the SQL injection findings are quite useful.

We've never faced any maintenance issues.

The solution limits the number of scans. It would be much better if we could have unlimited scans.

We've been using the solution for almost two years now.

We've found the solution to be quite stable. We haven't had any issues with it at all.

The scalability of the solution is quite good. We've never faced any issues with scaling.

Currently, 15 people use the solution in our organization. They're all developers and consultants. We use it every day.

For now, everything about the solution has been fine, so we haven't reached out to technical support.

Before switching to this solution we used the Burp Suite Pro. We switched because we found this solution's findings more accurate. It has better performance.

The initial setup was very straightforward. It was easy. We didn't find it complex at all. The initial setup only takes one to two hours.

I didn't implement the solution personally, however, one of my colleagues did. The installation was handled in-house.

We buy the license annually.

We're Acunetix customers. I'm not sure which version number we are using, but it is the latest one.

Overall, I believe Acunetix to be one of the best products on the market. I'd recommend it. it's very reliable.

I'd rate it seven out of ten.

This solution is a WAF (web application firewall). The primary use case of this solution is to secure web applications against cross-site scripting and other forms of malware that occur at the application level.

We last used Acunetix in December and we have switched to Barracuda.

The scalability is more than good. It can operate both as a standalone and it can be integrated with other applications, which makes it a very versatile solution to have. 

This solution is simple enough, especially with the cloud. You can download the client onto your machines and then you start filtering your traffic from there.

An area that we wanted to test was if it will tie bandwidth and does it throttle traffic?

How much bandwidth usage does it consume when it sorts out the traffic. When monitoring the traffic we always have issues with the bandwidth consumption and the throttling of traffic.

Everything now is moving to the cloud. If they would consider SD1 possibilities, it would give it the longevity that it needs in the market. They may not need it, as they would be able to integrate it with other SD1 platforms as an extra feature.

By definition, they are not next-generation. The next-generation is fully cloud, properly load-balanced, and you would want something that is tailored along those lines from the get-go. It would give you more deployment, less support, and less technical hands looking at the solution.

We have been dealing with Acunetix since 2017. 

We provide services to our clients.

It's a stable solution. It doesn't report a lot of false positives or false negatives. You can put it on and look at your logs and your reports.

This solution is scalable.

I haven't contacted technical support because I am supposed to be the first line of their support. Contacting them would mean that I have problems beyond my scope.

We are now doing a profile on Barracuda because we are partners but we don't have clients yet. It is very difficult to profile because we don't have a live environment. The only way we could have a live environment is if we deploy it in-house.

We deployed in-house to test the cloud solution and we are moving to LV1 solutions within our MSP.

We were bringing everything on top of a CASB, a cloud broker for security. We had to look at different solutions to see what could be brought on top of the CASBplatform and what we would be leaving out from the previous partnerships. We wanted to look at a different solution.

The initial setup is straightforward. You just need to download the client from the website or get a license from them, then you can deploy it.

It can take a couple of hours or less to deploy.

We have a team in the company.

This is a solution that I would recommend.

I would rate it an eight out of ten.