Coming October 25: PeerSpot Awards will be announced! Learn more

Acunetix vs Invicti comparison

Cancel
You must select at least 2 products to compare!
Veracode Logo
47,211 views|27,532 comparisons
Invicti Logo
9,191 views|6,741 comparisons
Invicti Logo
5,219 views|3,526 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Acunetix and Invicti based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Acunetix vs. Invicti report (Updated: September 2022).
635,987 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The static scan is the feature that we use the most, as it gives us insight into our source code. We have it integrated with our continuous integration, continuous delivery system, so we can get insight quickly.""The centralized view of different testing types helps reduce our risk exposure. The development teams have the freedom to choose their own libraries and languages. What happens is sometimes developers feel like a particular library is okay to use, then they will start using it, developing some functionality around it. However, as per our mandate, for every new repository that gets added and scanned, a report gets published. Based on that report, we decide if we can continue. In the past, we have found, by mistake, some developers have used copyleft licenses, which are a bit risky to use. We immediately replace these with more permissive, open-source licenses, so we are safe in the end.""The solution's ability to prevent vulnerable code from going into production is perfectly fine. It delivers, at least for the reports that we have been checking on Java and JavaScript. It has reported things that were helpful.""The dynamic scanning tool is what I like the best. Compared to other tools that I've used for dynamic scanning, it's much faster and easier to use.""The findings of their security analysis are wonderful. You can easily go through all the analyses done by Veracode. You can see what are the flaws and what could be the best possible resolution to minimize those flaws in the application. When an application is being used by the public, security is a challenge. Veracode helps us to analyze all the security flaws, discrepancies, and vulnerabilities inside the application. It provides good reports.""Good static analysis and dynamic analysis.""The time savings has been tremendous. We saw ROI in the first six months.""Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. If we have any outstanding issues, they get serviced and addressed."

More Veracode Pros →

"There is a lot of documentation on their website which makes setting it up and using it quite simple.""It's very user-friendly for the testing teams. It's very easy for them to understand things and to fix vulnerabilities.""Acunetix has an awesome crawler. It gives a referral site map of near targets and also goes really deep to find all the inputs without issues. This was valuable because it helped me find some files or directories, like web admin panels without authentication, which were hidden.""The most valuable feature of Acunetix is the UI and the scan results are simple.""Overall, it's a very good tool and a very good engine.""Acunetix is the best service in the world. It is easy to manage. It gives a lot of information to the users to see and identify problems in their site or applications. It works very well.""I haven't seen reporting of that level in any other tool."

More Acunetix Pros →

"This tool is really fast and the information that they provide on vulnerabilities is pretty good.""It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms.""The solution generates reports automatically and quickly.""I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool. It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy.""The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support."

More Invicti Pros →

Cons
"The policies you have, where you can tune the findings you get, don't allow you not to file tickets about certain findings. It will always report the findings, even if you know you're not that concerned about a library writing to a system log, for example. It will keep raising them, even though you may have a ticket about it. The integration will keep updating the ticket every time the scan runs.""I think if they could improve the operations around accepted vulnerabilities, we would see improvements in our productivity.""I would like to see them provide more content in the developer training section. This field is really changing each day and there are flaws that are detected each day. Some sort of regular updates to the learning would help.""Third-party library scanning would be very useful to have. When I was researching this a year ago, there was not a third-party library scan available. This would be a nice feature to have because we are now running through some assessments and finding out which tool can do it since this information needs to be captured. Since Veracode is a security solution, this should be related.""Sometimes the scans are not done quickly, but the solutions that it provides are really good. The quality is high, but the analysis is not done extremely quickly.""We tried to create an automatic scanning process for Veracode and integrate it into our billing process, but it was easier to adopt it to repositories based on GIT. Until now, our source control repository was Azure DevOps Server (Microsoft TFS) to managing our resources. This was not something that they supported. It took us some sessions together before we successfully implemented it.""Another problem we have is that, while it is integrated with single sign-on—we are using Okta—the user interface is not great. That's especially true for a permanent link of a report of a page. If you access it, it goes to the normal login page that has nothing that says "Log in with single sign-on," unlike other software as a service that we use. It's quite bothersome because it means that we have to go to the Okta dashboard, find the Veracode link, and log in through it. Only at that point can we go to the permanent link of the page we wanted to access.""If the dynamic scan is improved, then the speed might go up. That is somehow not happening. We have raised this concern. It might also help if they could time limit scans to 24 hours instead of letting them go for three days. Then, whatever results could be shared, even if the scan is not complete, that would definitely help us."

More Veracode Cons →

"The only problem that they have is the price. It is a bit expensive, and you cannot change the number of applications for the whole year.""While we do have it integrated with other solutions, it could still offer more integrations.""I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection.""The pricing is a bit on the higher side.""The jargon used makes it difficult for project managers to understand the issues, and the technical explanations used make it difficult for developers to understand issues. These things should be simplified much more. That would be very helpful for us when explaining to them what needs to be fixed. The report output needs to be simplified.""There are some versions of the solution that are not as stable as others.""The vulnerability identification speed should be improved."

More Acunetix Cons →

"Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product.""The license could be better. It would help if they could allow us to scan multiple URLs on the same license. It's a major hindrance that we are facing while scanning applications, and we have to be sure that the URLs are the same and not different so that we do not end up consuming another license for it. Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted. If you have a URL that you scanned once, like a website, you cannot retry that same license. If you are scanning the same website but in a different domain or different URL, you might end up paying for a second license. It would also be better if they provided proper support for multi-factor authentications. In the next release, I would like them to include good multi-factor authentication support.""The scannings are not sufficiently updated.""Right now, they are missing the static application security part, especially web application security.""They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one."

More Invicti Cons →

Pricing and Cost Advice
  • "Veracode's price is high. I would like them to better optimize their pricing."
  • "If I compare the pricing with other software tools, then it is quite competitive. Whatever the price is, they have always given us a good discount."
  • "Veracode is expensive. Some of its products are expensive. I don't think it's way more expensive than its competitors. The dynamic is definitely worth it, as I think it's cheaper than the competitors. The static scan is a little bit more expensive, around 20 percent more expensive. The manual pen test is more expensive, but it is an expensive service because it's a manual pen test and we also do retests. I don't think it is way more expensive than the competitors, but it's about 15 to 20 percent more expensive."
  • "We use this product per project rather than per developer... Your development model will really determine what the best fit is for you in terms of licensing, because of the project-based licensing. If you do a few projects, that's more attractive. If you have a large number of developers, that would also make the product a little more attractive."
  • "The pricing is really fair compared to a lot of other tools on the market."
  • "It is very reasonably priced compared to what we were paying our previous vendor. For the same price, we are getting much more value and reducing our AppSec costs from 40 to 50 percent."
  • "Veracode is one of the more expensive solutions in the market, but it is worth the expense because of the eLearning and the security consultations; everything is included in the license."
  • "Licensing cost is on a yearly basis and there are no additional costs, the pricing is straightforward."
  • More Veracode Pricing and Cost Advice →

  • "The pricing is a little high, and moreover, it's kind of domain-based."
  • "When compared with other products, the pricing is a little bit high. But it gives value for the price. It serves the purpose and is worthwhile for the price we pay."
  • "Implementing Acunetix needs a medium or larger business agency, because you need some money to get Acunetix. It is costly, but if you care about your agency's security, then maybe it's a cost that might help you in the future."
  • "It is a bit expensive. If you need to check five applications, you have to pay almost 14,000. It is an agreement for two years at 7,000 per year for only five applications. You cannot change the applications in the license. So, you are stuck with the same license for the five applications for one full year."
  • More Acunetix Pricing and Cost Advice →

  • "Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
  • More Invicti Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    635,987 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis… more »
    Top Answer:The findings of their security analysis are wonderful. You can easily go through all the analyses done by Veracode. You… more »
    Top Answer:It is quite good. If you adapt it for the whole organization, it is quite affordable. The pricing plans are good as… more »
    Top Answer:The most valuable feature of Acunetix is the UI and the scan results are simple.
    Top Answer:It is a bit expensive. If you need to check five applications, you have to pay almost 14,000. It is an agreement for two… more »
    Top Answer:There are some versions of the solution that are not as stable as others.
    Top Answer:It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms.
    Top Answer:The pricing of the license is compatible with our budget.
    Top Answer:Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but… more »
    Comparisons
    Also Known As
    AcuSensor
    Mavituna Netsparker
    Learn More
    Overview

    Veracode covers all your Application Security needs in one solution through a combination of five analysis types; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline, and empowers developers to find and fix security defects.

    Acunetix Web Vulnerability Scanner is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross site scripting, and other exploitable vulnerabilities.

    Netsparker finds and reports web application vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) on all types of web applications, regardless of the platform and technology they are built with. Netsparker's unique and dead accurate Proof-Based scanning technology does not just report vulnerabilities, it also produces a Proof of Concept to confirm they are not false positives, freeing you from having to double check the identified vulnerabilities.

    Offer
    Keep your software secure

    Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

    Learn more about Acunetix
    Learn more about Invicti
    Sample Customers
    State of Missouri, Rekner
    Joomla!, Digicure, Team Random, Credit Suisse, Samsung, Air New Zealand
    Samsung, The Walt Disney Company, T-Systems, ING Bank
    Top Industries
    REVIEWERS
    Financial Services Firm31%
    Insurance Company11%
    Computer Software Company11%
    Healthcare Company7%
    VISITORS READING REVIEWS
    Computer Software Company21%
    Financial Services Firm15%
    Comms Service Provider12%
    Manufacturing Company7%
    REVIEWERS
    Financial Services Firm36%
    Comms Service Provider14%
    Insurance Company7%
    Non Tech Company7%
    VISITORS READING REVIEWS
    Computer Software Company23%
    Comms Service Provider21%
    Financial Services Firm9%
    Government7%
    REVIEWERS
    Computer Software Company25%
    Aerospace/Defense Firm13%
    Real Estate/Law Firm13%
    Insurance Company13%
    VISITORS READING REVIEWS
    Computer Software Company24%
    Comms Service Provider14%
    Financial Services Firm11%
    Government8%
    Company Size
    REVIEWERS
    Small Business24%
    Midsize Enterprise27%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise13%
    Large Enterprise71%
    REVIEWERS
    Small Business41%
    Midsize Enterprise18%
    Large Enterprise41%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise16%
    Large Enterprise64%
    REVIEWERS
    Small Business50%
    Midsize Enterprise6%
    Large Enterprise44%
    VISITORS READING REVIEWS
    Small Business20%
    Midsize Enterprise13%
    Large Enterprise66%
    Buyer's Guide
    Acunetix vs. Invicti
    September 2022
    Find out what your peers are saying about Acunetix vs. Invicti and other solutions. Updated: September 2022.
    635,987 professionals have used our research since 2012.

    Acunetix is ranked 12th in Application Security Tools with 7 reviews while Invicti is ranked 14th in Application Security Tools with 5 reviews. Acunetix is rated 7.6, while Invicti is rated 7.8. The top reviewer of Acunetix writes "We are getting notably fewer false positives than previously, but reporting output needs to be simplified". On the other hand, the top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". Acunetix is most compared with OWASP Zap, PortSwigger Burp Suite Professional, Tenable.io Web Application Scanning, SonarQube and HCL AppScan, whereas Invicti is most compared with OWASP Zap, PortSwigger Burp Suite Professional, HCL AppScan, Tenable.io Web Application Scanning and Fortify WebInspect. See our Acunetix vs. Invicti report.

    See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.