We performed a comparison between Acunetix and Invicti based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The tool's most valuable feature is scan configurations. We use it for external physical applications. The scanning time depends on the application's code."
"Picks up weaknesses in our app setups."
"Overall, it's a very good tool and a very good engine."
"The automated approach to these repetitive discovery attempts would take days to do manually and therefore it helps reduce the time needed to do an assessment."
"We use the solution for the scanning of vulnerabilities like SQL injections."
"Acunetix has an awesome crawler. It gives a referral site map of near targets and also goes really deep to find all the inputs without issues. This was valuable because it helped me find some files or directories, like web admin panels without authentication, which were hidden."
"Our developers can run the attacks directly from their environments, desktops."
"The scalability is good. The scalability is more than good because it can operate both as a standalone and it can be integrated as part of applications. So that really makes it a very, very versatile solution to have."
"High level of accuracy and quick scanning."
"It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms."
"It correctly parses DOM and JS and has really good support for URL Rewrite rules, which is important for today's websites."
"The scanner and the result generator are valuable features for us."
"The scanner is light on the network and does not impact the network when scans are running."
"Invicti is a good product, and its API testing is also good."
"Invicti's best feature is the ability to identify vulnerabilities and manually verify them."
"I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool. It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy."
"While we do have it integrated with other solutions, it could still offer more integrations."
"Tools that would allow us to work more efficiently with the mobile environment, with Android and iOS."
"The solution can be improved by adding the ability to scan subdomains automatically, and by providing reports that can be exported to external databases to share with other solutions."
"The jargon used makes it difficult for project managers to understand the issues, and the technical explanations used make it difficult for developers to understand issues. These things should be simplified much more. That would be very helpful for us when explaining to them what needs to be fixed. The report output needs to be simplified."
"There is room for improvement in website authentication because I've seen other products that can do it much better."
"The pricing is a bit on the higher side."
"Acunetix needs to include agent analysis."
"Currently only supports web scanning."
"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
"The custom attack preparation screen might be improved."
"The scanning time, complexity, and authentication features of Invicti could be improved."
"The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."
"Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product."
"The solution's false positive analysis and vulnerability analysis libraries could be improved."
"They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one."
"I think that it freezes without any specific reason at times. This needs to be looked into."
Acunetix is ranked 16th in Application Security Tools with 26 reviews while Invicti is ranked 20th in Application Security Tools with 25 reviews. Acunetix is rated 7.6, while Invicti is rated 8.2. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". Acunetix is most compared with OWASP Zap, Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan and SonarQube, whereas Invicti is most compared with OWASP Zap, PortSwigger Burp Suite Professional, Tenable.io Web Application Scanning, Fortify WebInspect and HCL AppScan. See our Acunetix vs. Invicti report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.