We performed a comparison between Acunetix and CodeSonar based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The usability and overall scan results are good."
"We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why."
"It's very user-friendly for the testing teams. It's very easy for them to understand things and to fix vulnerabilities."
"The most valuable feature of the solution is the speed at which it can scan multiple domains in just a few hours."
"The scalability is good. The scalability is more than good because it can operate both as a standalone and it can be integrated as part of applications. So that really makes it a very, very versatile solution to have."
"The most valuable feature of Acunetix is the UI and the scan results are simple."
"Overall, it's a very good tool and a very good engine."
"Their technical support has been very active. If I have an issue, I can reach out to them and get an answer pretty quick."
"It has been able to scale."
"What I like best about CodeSonar is that it has fantastic speed, analysis and configuration times. Its detection of all runtime errors is also very good, though there were times it missed a few. The configuration of logs by CodeSonar is also very fantastic which I've not seen anywhere else. I also like the GUI interface of CodeSonar because it's very user friendly and the tool also shows very precise logs and results."
"The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful."
"CodeSonar’s most valuable feature is finding security threats."
"There is nice functionality for code surfing and browsing."
"The tool is very good for detecting memory leaks."
"The most valuable feature of CodeSonar is the catching of dead code. It is helpful."
"Tools that would allow us to work more efficiently with the mobile environment, with Android and iOS."
"You can't actually change your password after you've set it unless you go back into the administration account and you change it there. Thus, if you're locked out and don't remember your password, that's a thing."
"It should be easier to recreate something manually, with the manual tool, because Acunetix is an automatic tool. If it finds something, it should be easier to manually replicate it. Sometimes you don't get the raw data from the input and output, so that could be improved."
"I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection."
"Currently only supports web scanning."
"Acunetix needs to include agent analysis."
"There are some versions of the solution that are not as stable as others."
"In terms of what needs improvement, the way the licensing model is currently is not very convenient for us because initially, when we bought it, the licensing model was very flexible, but now it restricts us."
"CodeSonar could improve by having better coding rules so we did not have to use another solution, such as MISRA C."
"It would be beneficial for the solution to include code standards and additional functionality for security."
"The scanning tool for core architecture could be improved."
"It was expensive."
"In terms of areas for improvement, the use case for CodeSonar was good, but compared to other tools, it seems CodeSonar isn't a sound static analysis tool, and this is a major con I've seen from it. Right now, in the market, people prefer sound static analysis tools, so I would have preferred if CodeSonar was developed into a sound static analysis tool formally, in terms of its algorithms, so then you can see it extensively used in the market because at the moment, here in India, only fifty to sixty customers use CodeSonar. If the product is developed into a sound static analysis tool, it could compete with Polyspace, and from its current fifty customers, that number could go up to a hundred."
"There could be a shared licensing model for the users."
"In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category."
Acunetix is ranked 17th in Application Security Tools with 26 reviews while CodeSonar is ranked 21st in Application Security Tools with 7 reviews. Acunetix is rated 7.6, while CodeSonar is rated 8.2. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of CodeSonar writes "Nice interface, quick to deploy, and easy to expand". Acunetix is most compared with OWASP Zap, Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan and Fortify WebInspect, whereas CodeSonar is most compared with SonarQube, Coverity, Klocwork, Polyspace Code Prover and Semgrep Code. See our Acunetix vs. CodeSonar report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.