Acunetix vs Checkmarx One vs OpenText Dynamic Application Security Testing comparison

Invicti and Checkmarx are both solutions in the DevSecOps category. Invicti is ranked #6 with an average rating of 8.3, while Checkmarx is ranked #5 with an average rating of 8.3. Invicti holds a 9.3% mindshare in DSO, compared to Checkmarx’s 16.1% mindshare. Additionally, 86% of Invicti users are willing to recommend the solution, compared to 87% of Checkmarx users who would recommend it.

Acunetix

Read 33 Acunetix reviews

6,393 Views
703 Comparison Views

86% willing to recommend

Checkmarx One

Read 71 Checkmarx One reviews

21,636 Views
1,515 Comparison Views

87% willing to recommend

OpenText Dynamic Applicatio...

Read 21 OpenText Dynamic Application Security Testing reviews

3,718 Views
706 Comparison Views

82% willing to recommend

Acunetix

Checkmarx One

OpenText Dynamic Applicatio...

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Acunetix, Checkmarx One, and OpenText Dynamic Application Security Testing based on real PeerSpot user reviews.

Find out what your peers are saying about GitLab, Snyk, GitGuardian and others in DevSecOps.

To learn more, read our detailed DevSecOps Report (Updated: July 2025).

Buyer's Guide

DevSecOps

July 2025

Download the complete report

Helped 862,543 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Mindshare comparison

As of July 2025, in the DevSecOps category, the mindshare of Acunetix is 9.3%, down from 10.9% compared to the previous year. The mindshare of Checkmarx One is 16.1%, down from 21.8% compared to the previous year. The mindshare of OpenText Dynamic Application Security Testing is 6.7%, down from 11.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

DevSecOps

Featured Reviews

KashifJamil

CEO at Xcelliti

Has enabled teams to improve security testing with smooth integration and high accuracy

Acunetix has a very good ratio of fewer false positives, so users don't need to retest everything. Acunetix operates smoothly with no interruptions required, and it performs at 100% efficiency without issues in scanning anything. The solution is excellent at detecting SQL injection and cross-site scripting vulnerabilities. Acunetix integrates with every type of tool, including CI/CD tools, offering 100% integration in DevOps environments. The main benefit of Acunetix is that at the first level, users can address security issues related to penetration testing, allowing them to expose vulnerabilities and ensure all required testing is completed with very few false positives.

Read full review

Syed Hasan

Specialist Leader at Deloitte

Partner experiences excellent technical support and seamless initial setup

In my opinion, if we are able to extract or show the report, and because everything is going towards agent tech and GenAI, it would be beneficial if it could get integrated with our code base and do the fix automatically. It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from. This would be really helpful.

Read full review

Navin N

Global ISO 27001 Program Lead at DXC Technology

Effective scanning of diverse file extensions with fast reporting and issue resolution

We develop software packages for clients, and these clients are mostly in the BFSI sector. The packages need to be scanned, and we engage Fortify WebInspect for this. Customers typically perform their own application pen tests, but in some cases, we have engagements where customers want us to scan…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The scalability is good. The scalability is more than good because it can operate both as a standalone and it can be integrated as part of applications. So that really makes it a very, very versatile solution to have."

"We use the solution for the scanning of vulnerabilities like SQL injections."

"It can operate both as a standalone and it can be integrated with other applications, which makes it a very versatile solution to have."

"The most valuable feature of Acunetix is the UI and the scan results are simple."

"The most important feature is that it's a web-based graphical user interface. That is a great addition. Also, the ability to schedule scans is great."

"It generates automated reports."

"Picks up weaknesses in our app setups."

"By integrating with CI/CD tools, it enables a shift-left approach in the development process."

More Acunetix pros

"The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."

"The report function is the solution's greatest asset."

"It gives the proper code flow of vulnerabilities and the number of occurrences."

"Our static operation security has been able to identify more security issues since implementing this solution."

"It is a stable product."

"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."

"Helps us check vulnerabilities in our SAP Fiori application."

"The user interface is modern and nice to use."

More Checkmarx One pros

"Technical support has been good."

"The transaction recorder within WebInspect is easy to use, which is valuable for our team."

"Fortify WebInspect is a scalable solution, it is good for a lot of applications."

"The tool provides comprehensive vulnerability assessments which help ensure our deliverables are as free from vulnerabilities as possible. It has also streamlined our web application vulnerability assessments, assisting us in delivering secure applications to our clients."

"The user interface is ok and it is very simple to use."

"Guided Scan option allows us to easily scan and share reports."

"It's a well-known platform for doing dynamic application scanning."

"The most valuable feature of this solution is the ability to make our customers more secure."

More OpenText Dynamic Application Security Testing pros

Cons

"It should be easier to recreate something manually, with the manual tool, because Acunetix is an automatic tool. If it finds something, it should be easier to manually replicate it. Sometimes you don't get the raw data from the input and output, so that could be improved."

"The only problem that they have is the price. It is a bit expensive, and you cannot change the number of applications for the whole year."

"Integration into other tools is very limited for Acunetix. While we're trying to incorporate a CI/CD process where we're integrating with JIRA and we're integrating with Jenkins and Chef, it becomes problematic. Other tools give you a high integration capability to connect into different solutions that you may already have, like JIRA."

"Acunetix should improve by further reducing false positives and providing more customized reports, plus better integration with newer tools such as GitHub and Azure DevOps."

"We have had issues during upgrades where their scans worked on some apps better with previous versions. Then, we had to work with their tech support, who were great, to get it fixed for the next version."

"Currently only supports web scanning."

"The solution limits the number of scans. It would be much better if we could have unlimited scans."

"There are some versions of the solution that are not as stable as others."

More Acunetix cons

"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."

"The validation process needs to be sped up."

"They could work to improve the user interface. Right now, it really is lacking."

"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."

"If it is a very large code base then we have a problem where we cannot scan it."

"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."

"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."

"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."

More Checkmarx One cons

"Not sufficiently compatible with some of our systems."

"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."

"The solution needs better integration with Microsoft's Azure Cloud or an extension of Azure DevOps. In fact, it should better integrate with any cloud provider. Right now, it's quite difficult to integrate with that solution, from the cloud perspective."

"We have often encountered scanning errors."

"The initial setup was complex."

"The main area for improvement in Fortify WebInspect is the price, as it is too high compared to the market rate."

"Lately, we've seen more false negatives."

"I'm not sure licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools also with similar functionalities."

More OpenText Dynamic Application Security Testing cons

Pricing and Cost Advice

"The cost is based on two types of licenses, ConsultLite, and ConsultPlus, as well as the number of domains that are scanned."

"The solution is expensive."

"The pricing and licensing are reasonable to a point. In order to run multiple scans at a time, we are going to have to purchase a 100 count license, which is an overkill. Though, compared to what we were paying for, the cost seems reasonable."

"All things considered, I think it has a good price/value ratio."

"The price is exceptionally high."

"Implementing Acunetix needs a medium or larger business agency, because you need some money to get Acunetix. It is costly, but if you care about your agency's security, then maybe it's a cost that might help you in the future."

"The costs aren't very expensive. It costs around $3000 or $4000."

"The pricing is a little high, and moreover, it's kind of domain-based."

More Acunetix pricing and cost advice

"Be cautious of the one-year subscription date. Once it expires, your price will go up."

"Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive."

"We're using a commercial version of Checkmarx, and we paid for the solution for one year. The price is high and could be reduced."

"It is a good product but a little overpriced."

"Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."

"I believe pricing is better compared to other commercial tools."

"We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."

"We have purchased an annual license to use this solution. The price is reasonable."

More Checkmarx One pricing and cost advice

"The price is okay."

"This solution is very expensive."

"Its price is almost similar to the price of AppScan. Both of them are very costly. Its price could be reduced because it can be very costly for unlimited IT scans, etc. I'm not sure, but it can go up to $40,000 to $50,000 or more than that."

"Our licensing is such that you can only run one scan at a time, which is inconvenient."

"The pricing is not clear and while it is not high, it is difficult to understand."

"Fortify WebInspect is a very expensive product."

"It’s a fair price for the solution."

See which vendors are best for you

Use our free recommendation engine to learn which DevSecOps solutions are best for your needs.

See recommendations

862,543 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

17%

Financial Services Firm

13%

Manufacturing Company

Government

Financial Services Firm

20%

Computer Software Company

14%

Manufacturing Company

10%

Government

Financial Services Firm

15%

Government

15%

Manufacturing Company

12%

Computer Software Company

12%

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Acunetix Vulnerability Scanner?

The tool's most valuable feature is scan configurations. We use it for external physical applications. The scanning t...

See all answers

What is your primary use case for Acunetix Vulnerability Scanner?

Most of the customers who use Acunetix are looking for security testing. The primary use case is performing penetrati...

See all answers

What advice do you have for others considering Acunetix Vulnerability Scanner?

Acunetix supports multi-user environments effectively. Acunetix is targeted for small to mid-size teams in a DevSecOp...

See all answers

What alternatives are there for Fortify WebInspect and Fortify SCA?

I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as ...

See all answers

What do you like most about Checkmarx?

Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.

See all answers

What is your experience regarding pricing and costs for Checkmarx?

The pricing is relatively expensive due to the product's quality and performance, but it is worth it.

See all answers

What do you like most about Fortify WebInspect?

The solution's technical support was very helpful.

See all answers

What is your experience regarding pricing and costs for Fortify WebInspect?

The price of Fortify WebInspect is high, with the cost depending on the number of virtual users. It is approximately ...

See all answers

What needs improvement with Fortify WebInspect?

The main area for improvement in Fortify WebInspect is the price, as it is too high compared to the market rate. The ...

See all answers

Comparisons

OWASP Zap vs Acunetix

Compared 17% of the time

PortSwigger Burp Suite Professional vs Acunetix

Compared 11% of the time

HCL AppScan vs Acunetix

Compared 9% of the time

Invicti vs Acunetix

Compared 7% of the time

ImmuniWeb vs Acunetix

Compared 2% of the time

More Acunetix Competitors

SonarQube Server (formerly SonarQube) vs Checkmarx One

Compared 38% of the time

Veracode vs Checkmarx One

Compared 11% of the time

Checkmarx SAST vs Checkmarx One

Compared 7% of the time

OpenText Core Application Security vs Checkmarx One

Compared 5% of the time

GitLab vs Checkmarx One

Compared 1% of the time

More Checkmarx One Competitors

PortSwigger Burp Suite Professional vs OpenText Dynamic Application Security Testing

Compared 19% of the time

OWASP Zap vs OpenText Dynamic Application Security Testing

Compared 11% of the time

Qualys Web Application Scanning vs OpenText Dynamic Application Security Testing

Compared 8% of the time

OpenText Core Application Security vs OpenText Dynamic Application Security Testing

Compared 8% of the time

GitLab vs OpenText Dynamic Application Security Testing

Compared 2% of the time

More OpenText Dynamic Application Security Testing Competitors

Product Reports

Buyer's Guide

Acunetix

July 2025

Download Acunetix product report

Buyer's Guide

Checkmarx One

July 2025

Download Checkmarx One product report

Buyer's Guide

OpenText Dynamic Application Security Testing

July 2025

OpenText Dynamic Application Security Testing report

Download OpenText Dynamic Application Security Testing product report

Also Known As

AcuSensor

No data available

Micro Focus WebInspect, WebInspect

Overview

Acunetix Web Vulnerability Scanner is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross site scripting, and other exploitable vulnerabilities.

Invicti

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
API security
Dynamic Application Security Testing (DAST)
Container security
IaC security
Correlation, prioritization, and risk management
Codebashing secure code training
AI security
Tech partnerships extending AppSec into runtime analysis
Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Checkmarx

OpenText Dynamic Application Security Testing offers robust scalability, ease of use, and high accuracy in scanning, making it a valuable tool for enterprises.

This security testing platform is known for its centralized dashboard, guided scans, and comprehensive reporting. It integrates seamlessly with tools like Fortify code scanner and supports extensive vulnerability detection and analysis, enhancing efficiency in security management. Despite its strengths, users suggest improvements in cloud integration, cost-effectiveness, and installation processes. Faster scans, reduced false positives, and improved mobile testing features are also desired.

What are the key features of OpenText Dynamic Application Security Testing?

Scalability: Easily adapts to changing enterprise needs.
Ease of Use: User-friendly interface with guided scans.
Comprehensive Reporting: Detailed vulnerability analysis and reporting.
Integration Capabilities: Works with Fortify code scanner and user authentication scanning.
Wide Vulnerability Detection: Identifies extensive security vulnerabilities.

What benefits should users expect from reviews?

Efficient Vulnerability Management: Streamlines security management in development environments.
Detailed Analysis: Provides in-depth insights into security issues.
Quick Setup: Easy to deploy within existing systems.
Enterprise Preference: Supports enterprise environments efficiently.

In industries like BFSI, OpenText Dynamic Application Security Testing is employed for performance network application testing, dynamic and static application security testing, and code checks. Security and QA teams use it in development processes to ensure application security prior to release, proving integral in both enterprise and testing environments.

OpenText

Sample Customers

Joomla!, Digicure, Team Random, Credit Suisse, Samsung, Air New Zealand

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC

Aaron's

Find out what your peers are saying about GitLab, Snyk, GitGuardian and others in DevSecOps. Updated: July 2025.

DOWNLOAD NOW

862,543 professionals have used our research since 2012.