Try our new research platform with insights from 80,000+ expert users

Acunetix vs Checkmarx One vs Synopsys Defensics comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Mindshare comparison

Application Security Tools
Application Security Tools
Fuzz Testing Tools
 

Featured Reviews

KashifJamil - PeerSpot reviewer
Has enabled teams to improve security testing with smooth integration and high accuracy
Acunetix has a very good ratio of fewer false positives, so users don't need to retest everything. Acunetix operates smoothly with no interruptions required, and it performs at 100% efficiency without issues in scanning anything. The solution is excellent at detecting SQL injection and cross-site scripting vulnerabilities. Acunetix integrates with every type of tool, including CI/CD tools, offering 100% integration in DevOps environments. The main benefit of Acunetix is that at the first level, users can address security issues related to penetration testing, allowing them to expose vulnerabilities and ensure all required testing is completed with very few false positives.
Syed Hasan - PeerSpot reviewer
Partner experiences excellent technical support and seamless initial setup
In my opinion, if we are able to extract or show the report, and because everything is going towards agent tech and GenAI, it would be beneficial if it could get integrated with our code base and do the fix automatically. It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from. This would be really helpful.
SK
Product security tests for switches and router sections
Codenomicon Defensics should be more advanced for the testing sector. It should be somewhat easy and flexible to install. What I see in the documentation isn't that. Even if something doesn't malfunction, sometimes it is hard to install and execute. The product needs video documentation. This would help a lot more.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We use the solution for the scanning of vulnerabilities like SQL injections."
"Picks up weaknesses in our app setups."
"For us, the most valuable aspect of the solution is the log-sequence feature."
"The product is really easy to use."
"The scalability is good. The scalability is more than good because it can operate both as a standalone and it can be integrated as part of applications. So that really makes it a very, very versatile solution to have."
"By integrating with CI/CD tools, it enables a shift-left approach in the development process."
"Our developers can run the attacks directly from their environments, desktops."
"It's very user-friendly for the testing teams. It's very easy for them to understand things and to fix vulnerabilities."
"From my point of view, it is the best product on the market."
"We use the solution for dynamic application testing."
"It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"Helps us check vulnerabilities in our SAP Fiori application."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."
"The tool's valuable features include integrating GPT and Copilot. Additionally, the UI web representation is very user-friendly, making navigation easy. GPT has made several improvements to my security code."
"We have found multiple issues in our embedded system network protocols, related to buffer overflow. We have reduced some of these issues."
"The product is related to US usage with TLS contact fees, i.e. how more data center connections will help lower networking costs."
"Whatever the test suit they give, it is intelligent. It will understand the protocol and it will generate the test cases based on the protocol: protocol, message sequence, protocol, message structure... Because of that, we can eliminate a lot of unwanted test cases, so we can execute the tests and complete them very quickly."
 

Cons

"The solution's pricing could be better."
"The solution can be improved by adding the ability to scan subdomains automatically, and by providing reports that can be exported to external databases to share with other solutions."
"While we do have it integrated with other solutions, it could still offer more integrations."
"We want to see how much bandwidth usage it consumes. When we monitor traffic we have issues with the consumption and throttling of the traffic."
"Acunetix should improve by further reducing false positives and providing more customized reports, plus better integration with newer tools such as GitHub and Azure DevOps."
"The cost can be reduced as management has noted it to be on the higher side."
"The jargon used makes it difficult for project managers to understand the issues, and the technical explanations used make it difficult for developers to understand issues. These things should be simplified much more. That would be very helpful for us when explaining to them what needs to be fixed. The report output needs to be simplified."
"Acunetix needs to be dynamic with JavaScript code, unlike Netsparker which can scan complex agents."
"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"We can run only one project at a time."
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
"The solution sometimes reports a false auditable code or false positive."
"I would like to see the tool’s pricing improved."
"I would like to see the DAST solution in the future."
"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."
"Codenomicon Defensics should be more advanced for the testing sector. It should be somewhat easy and flexible to install."
"Sometimes, when we are testing embedded devices, when we trigger the test cases, the target will crash immediately. It is very difficult for us to identify the root cause of the crash because they do not provide sophisticated tools on the target side. They cover only the client-side application... They do not have diagnostic tools for the target side. Rather, they have them but they are very minimal and not very helpful."
"It does not support the complete protocol stack. There are some IoT protocols that are not supported and new protocols that are not supported."
 

Pricing and Cost Advice

"It is a bit expensive. If you need to check five applications, you have to pay almost 14,000. It is an agreement for two years at 7,000 per year for only five applications. You cannot change the applications in the license. So, you are stuck with the same license for the five applications for one full year."
"When compared with other products, the pricing is a little bit high. But it gives value for the price. It serves the purpose and is worthwhile for the price we pay."
"When we looked at all other vendors and what they were asking for, to provide a third of what Acunetix was capable of doing, it was an easy decision... But now that it's coming to a cost where it's line with market value, it becomes more of a competition... Acunetix is raising the cost of licensing. It's 3.5 times what we were initially quoted."
"All things considered, I think it has a good price/value ratio."
"The pricing and licensing are reasonable to a point. In order to run multiple scans at a time, we are going to have to purchase a 100 count license, which is an overkill. Though, compared to what we were paying for, the cost seems reasonable."
"Implementing Acunetix needs a medium or larger business agency, because you need some money to get Acunetix. It is costly, but if you care about your agency's security, then maybe it's a cost that might help you in the future."
"The cost is based on two types of licenses, ConsultLite, and ConsultPlus, as well as the number of domains that are scanned."
"The price is exceptionally high."
"The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."
"The price of Checkmarx could be reduced to match their competitors, it is expensive."
"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."
"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."
"The interface used to create custom rules comes at an additional cost."
"It is a good product but a little overpriced."
"It's relatively expensive."
"It is an expensive solution."
"Licensing is a bit expensive."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
861,803 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
14%
Manufacturing Company
9%
Government
8%
Financial Services Firm
21%
Computer Software Company
14%
Manufacturing Company
10%
Government
6%
Computer Software Company
20%
Manufacturing Company
14%
Financial Services Firm
9%
University
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about Acunetix Vulnerability Scanner?
The tool's most valuable feature is scan configurations. We use it for external physical applications. The scanning t...
What is your primary use case for Acunetix Vulnerability Scanner?
Most of the customers who use Acunetix are looking for security testing. The primary use case is performing penetrati...
What advice do you have for others considering Acunetix Vulnerability Scanner?
Acunetix supports multi-user environments effectively. Acunetix is targeted for small to mid-size teams in a DevSecOp...
What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as ...
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
Ask a question
Earn 20 points
 

Also Known As

AcuSensor
No data available
Defensics, Codenomicon Defensics
 

Overview

 

Sample Customers

Joomla!, Digicure, Team Random, Credit Suisse, Samsung, Air New Zealand
YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Coriant, CERT-FI, Next Generation Networks
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools. Updated: June 2025.
861,803 professionals have used our research since 2012.