Acunetix Reviews

Our primary use case is scanning our websites for security flaws.

The usability and overall scan results are good.

The vendor messed up our contract when they changed the licensing scheme and downgraded our license without any notification. It was dropped from a premium license with unlimited scan targets to a professional license with 10 targets per year. This is insufficient for us because we have about 50 public websites, and twice that number between internal and development sites. We ran out of scanning targets after only two months, so we have been evaluating other products since then.

There is room for improvement with respect to technical support.

We were having trouble with our Active Directory Federation Services. They couldn't work out how to authenticate the websites.

There is room for improvement in website authentication because I've seen other products that can do it much better.

We have been using the Acunetic Vulnerability Scanner for seven years.

We have not had any problems with stability.

Scalability has not been a problem except when it comes to licensing.

Technical support was not overwhelmingly good, but it was okay. They couldn't provide solutions to every problem that we encountered, although they helped us from time to time.

The pricing is not as good as we expected. I would say that Acunetix is expensive because there are products on the market with similar features that are equally or better-priced.

When we started with Acunetix seven years ago, it was quite good in terms of being competitively priced. It was up to the task and financially suitable. Now, however, with the change in the licensing scheme, it is a rather large step in terms of price. It has gone up by a factor of 30 in the past two years.

Our experience with Acunetix has not been good, so we are in the process of switching solutions.

The product is quite good, but their sales techniques are poor and the sales teams need to be improved. They also should have provided a lot more information about the new licensing scheme when they changed it.

I would rate this solution an eight out of ten.

We have quite a few applications that we scan. We have a requirement to meet PCI DSS compliance and we deal with it by producing reports on a quarterly or a part-quarterly evaluation. We are customers of Acunetix and I'm the executive director of our company. 

We're happy with Acunetix although we're currently looking for a more cost effective solution. There might be a better product on the market and we're looking for that. What I gather from my colleagues who do the scanning is that this solution picks up any weaknesses in terms of our application setup as well as reading our application and finding the weaknesses. We need that PCI DSS report which is important for us. The solution is comprehensive and easy to use. 

The costs for the licensing have changed and it's not in our favor which is why we're now looking at other options. One of our issues is that Acunetix only supports web scanning, no mobile app for now. If they were to include that it would mean not having to work on two separate tools. 

I've been using this solution for three years. 

We've raised some minor issues with support. There are certain aspects that Acunetix cannot power and we haven't been able to resolve those problems yet. 

I don't believe there are issues with scaling.

I think that generally their customer service is quite responsive. Whenever we encounter problems or new external applications, they're willing to guide us through the process. 

I think the company previously used Netsparker and that was even more expensive than Acunetix. 

Licensing is on an annual basis and we pay the standard licensing fee directly to Acunetix.

The solution meets our requirements, it's just that we were moved from a perpetual license to an annual license and that has significantly increased our annual fees. Here in Bangladesh, we're trying to check comparable products in the same price range and see what they offer. 

I would rate this solution a seven out of 10. 

Our primary use case is to secure web applications, especially against cross-scripting and other forms of malware that happen at an application level.

The scalability is good. The scalability is more than good because it can operate both as a standalone and it can be integrated as part of applications. So that really makes it a very, very versatile solution to have.

We want to see how much bandwidth usage it consumes. When we monitor traffic we have issues with the consumption and throttling of the traffic. 

We've been using Acunetix since 2017.

It is a stable solution. It doesn't have a lot of false positives. You get your logs and reports without any problems. 

I haven't contacted technical support because I'm supposed to be the first line of their support. If I need to contact their support, it's because I have problems beyond my scope. 

The initial setup was really straightforward. You can do it even if you're not an expert, you just need to download the appliance from their website and then you deploy. It took a few hours. 

I would recommend Acunetix.

Everything is going cloud-based. They should consider implementing SD-WAN abilities. It will give them the longevity they need.

I would rate it an eight out of ten. Even though some solutions are cloud-native by definition, they are not really next generation because the next generation is fully cloud and properly load balanced.

For the last two years, we've primarily used the solution for specific scanning of external web applications for some of our clients.

For us, the most valuable aspect of the solution is the log-sequence feature.

The main components covering most of the SQL injection findings are quite useful.

We've never faced any maintenance issues.

The solution limits the number of scans. It would be much better if we could have unlimited scans.

We've been using the solution for almost two years now.

We've found the solution to be quite stable. We haven't had any issues with it at all.

The scalability of the solution is quite good. We've never faced any issues with scaling.

Currently, 15 people use the solution in our organization. They're all developers and consultants. We use it every day.

For now, everything about the solution has been fine, so we haven't reached out to technical support.

Before switching to this solution we used the Burp Suite Pro. We switched because we found this solution's findings more accurate. It has better performance.

The initial setup was very straightforward. It was easy. We didn't find it complex at all. The initial setup only takes one to two hours.

I didn't implement the solution personally, however, one of my colleagues did. The installation was handled in-house.

We buy the license annually.

We're Acunetix customers. I'm not sure which version number we are using, but it is the latest one.

Overall, I believe Acunetix to be one of the best products on the market. I'd recommend it. it's very reliable.

I'd rate it seven out of ten.

This solution is a WAF (web application firewall). The primary use case of this solution is to secure web applications against cross-site scripting and other forms of malware that occur at the application level.

We last used Acunetix in December and we have switched to Barracuda.

The scalability is more than good. It can operate both as a standalone and it can be integrated with other applications, which makes it a very versatile solution to have. 

This solution is simple enough, especially with the cloud. You can download the client onto your machines and then you start filtering your traffic from there.

An area that we wanted to test was if it will tie bandwidth and does it throttle traffic?

How much bandwidth usage does it consume when it sorts out the traffic. When monitoring the traffic we always have issues with the bandwidth consumption and the throttling of traffic.

Everything now is moving to the cloud. If they would consider SD1 possibilities, it would give it the longevity that it needs in the market. They may not need it, as they would be able to integrate it with other SD1 platforms as an extra feature.

By definition, they are not next-generation. The next-generation is fully cloud, properly load-balanced, and you would want something that is tailored along those lines from the get-go. It would give you more deployment, less support, and less technical hands looking at the solution.

We have been dealing with Acunetix since 2017. 

We provide services to our clients.

It's a stable solution. It doesn't report a lot of false positives or false negatives. You can put it on and look at your logs and your reports.

This solution is scalable.

I haven't contacted technical support because I am supposed to be the first line of their support. Contacting them would mean that I have problems beyond my scope.

We are now doing a profile on Barracuda because we are partners but we don't have clients yet. It is very difficult to profile because we don't have a live environment. The only way we could have a live environment is if we deploy it in-house.

We deployed in-house to test the cloud solution and we are moving to LV1 solutions within our MSP.

We were bringing everything on top of a CASB, a cloud broker for security. We had to look at different solutions to see what could be brought on top of the CASBplatform and what we would be leaving out from the previous partnerships. We wanted to look at a different solution.

The initial setup is straightforward. You just need to download the client from the website or get a license from them, then you can deploy it.

It can take a couple of hours or less to deploy.

We have a team in the company.

This is a solution that I would recommend.

I would rate it an eight out of ten.

I'm an IT Manager and we're a customer of Acunetix. We use the automatic tool to control the security of our applications. For the time being, we have two or three people in the company working with the solution, setting up all of the parameters, all the attacks. We have 15 separate groups in the company, most are testing the tool and learning how to use it. We will deploy the tool for the rest of the company at the beginning of next year.

The most important feature is that we are able to parameterize all of the attacks so that our developers can run the attacks directly from their environments and desktops. They don't need any expertise or to know the difficulties of the attacker; they just run the tool and get the results.

In general, this is a good tool to check the security from the attacker's standpoint. However, when thinking about improvements there are still some attacks that we are not able to control with this kind of tool because there are some things you do in the front-end that sometimes launch processes in the application at the back-end. We need to be able to tie all of the front-end activities with all of the back-end activities. That's a missing piece that no one is providing. 

In terms of additional features, we are currently missing some tools that would allow us to work more efficiently with the mobile environment, with Android and iOS. The tools that we evaluated in the past are not really good for mobile applications. You can control the static code, you can control all the dynamic applications, but not within the phone, or within the tablet.

We haven't had any problems so far. It's stable. 

We are still deploying the tool throughout the company, but that hasn't been completed yet. For now, it's just small groups. I hope it is scalable but I can't tell you that now.

We have a pretty good team here and we try to be as independent as possible. We needed some help for the initial setup but after that, we've done everything ourselves. 

For static analysis, we previously used different tools. 

We carried out an evaluation comparing different tools, and Acunetix was the one that most of us liked. 

Initial setup was quite straightforward, we didn't have any problems with it. 

We carried out the implementation ourselves. 

I'm not involved in the financial negotiations, but I believe it's not an expensive product and cheaper than other similar tools. I understand we bought 100 URLs. It's likely that we'll need to purchase more once we deploy the tool to the rest of the company but I wouldn't know the cost.

I would recommend the product. It's very easy to integrate with Jenkins, with ALM. The most important element for us is that it's very easy for developers to use. They don't need to have any knowledge about security, threats or anything. They just run the tool against their application, and that's it. They get the results.

I would rate this product a seven out of 10.

Our primary use case of this solution is to scan web vulnerabilities.

The vulnerability scanning option for analyzing the security loopholes on the websites is the most valuable feature of this solution. 

In terms of what needs improvement, the way the licensing model is currently is not very convenient for us because initially, when we bought it, the licensing model was very flexible, but now it restricts us.

The stability is very good. 

We currently have two users using this solution in my company. Their roles are in IT security. We only require one staff member for the deployment and maintenance of this solution. 

I haven't needed to contact their technical support. 

The initial setup of this solution was very straightforward. The implementation didn't take much time. 

We did the implementation ourselves. 

We have absolutely seen ROI. 

Licensing is on a yearly basis. don't remember the exact cost, it's not about the cost, it's about the flexibility. We have a lot of websites to scan and we are looking for fewer instances and to scan more websites.

The costs aren't very expensive. It costs around $3000 or $4000. There aren't additional costs.

We are in the process of evaluating other solutions. We are looking to switch because of the complex licensing. 

It's a very easy deployment and easy application. I don't think you need some kind of training or expertise to manage the solution. For us it just works, so we are happy about that. 

I would rate it an eight out of ten. 

I am a freelance consultant and I use this product to scan customer's web sites.

Most of the time, I use it to perform black-box analysis. The automated approach to these repetitive discovery attempts would take days to do manually and therefore it helps reduce the time needed to do an assessment.

It has helped me to discover some vulnerabilities in the web applications (like Cross-site scripting or SQL injection) and it helps to reduce the time it takes to perform a vulnerability assessment or a penetration test against a customer's web application.

This solution is easy and quick to set up and use. Most of the time, all it takes is entering a website's URL and clicking on the scan button.

Obviously, this is not usually the recommended way to use it, but to get an initial picture of the target's possible vulnerabilities it is a very comfortable starting point.

In fact, often a proper penetration test requires emulating a real user of the target application and logging in.

The vulnerabilities that can be discovered when logged in normally outnumber the ones that can be discovered by a "simple" black-box approach.

Acunetix allows recording a login session and replying it during its attack phase and this is quite convenient.

It would be interesting to do differential scans. Normally, after the initial scan, the customer will start patching the discovered vulnerabilities. It would be nice to have a feature to "retest" only a single vulnerability that the customer reports as patched, and delete it from the next scans since it has already been patched.

The executive summary reports could be improved with some graphs and a very short description of what has been discovered in a way that can be understood by C-level people.

So far I did not have any critical stability issue.

I have not yet used the product to test extremely huge and complex web sites. For "normal" ones the performance is acceptable, even if sometimes it seems "stuck" at a certain scan percentage. In this case, normally I just wait and later it will advance again.

The customer service is quite helpful. The time to fix issues is not too quick, so in the case of time-restricted projects for some customers, this might become a problem. Sometimes, identifying the exact issue to fix is not easy.

Previously I was using IBM Rational AppScan, Burp Suite, and some other open-source tools.

I switched from AppScan to Acunetix mainly because of a better price/value ratio when I had purchased my perpetual license (which now, unfortunately, is not available anymore).

The initial setup is very easy and straightforward.

I implemented it myself.

After two years it's about 300%.

When I first purchased my license the price/value was very good because I purchased a perpetual license and the annual maintenance fee was extremely competitive. Now, unfortunately, my perpetual license does not exist anymore and my maintenance costs will increase in the next years.

All things considered, I think it has a good price/value ratio.

I tried some of the other commercial web vulnerability scanners such as Burp Professional embedded and IBM Rational AppScan.