Try our new research platform with insights from 80,000+ expert users

Acunetix vs Software Risk Manager ASPM comparison

Invicti and Black Duck are both solutions in the Static Application Security Testing (SAST) category. Invicti is ranked #12 with an average rating of 8.4, while Black Duck is ranked #34. Invicti holds a 3.2% mindshare in SAST, compared to Black Duck’s 0.4% mindshare. Additionally, 86% of Invicti users are willing to recommend the solution.
Acunetix
Read 33 Acunetix reviews
  • 5,943 Views
  • 3,863 Comparison Views
86% willing to recommend
Software Risk Manager ASPM
Read 1 Software Risk Manager ASPM review
  • 715 Views
  • 615 Comparison Views
0% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Sep 15, 2025

Acunetix and Software Risk Manager ASPM compete in web application security testing and software risk management. Acunetix leads in penetration testing support, while Software Risk Manager ASPM excels in risk assessment and management.

Features: Acunetix offers automated vulnerability scanning, robust penetration testing tools, and continuous monitoring with detailed reporting. Software Risk Manager ASPM provides application security posture management, advanced risk assessment, and integration with development pipelines.

Ease of Deployment and Customer Service: Acunetix supports both cloud and on-premise deployment with extensive integration capabilities and robust technical support. Software Risk Manager ASPM offers cloud-based and on-premise deployment with a focus on integrating within the software development life cycle, providing dedicated support for security policy implementation.

Pricing and ROI: Acunetix provides competitive pricing, offering good ROI by saving time in security assessments. Software Risk Manager ASPM, despite higher costs, justifies investment with detailed risk management and integration, appealing to enterprises focusing on a long-term security strategy.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Static Application Security Testing (SAST) Report (Updated: August 2025).
Buyer's Guide
Static Application Security Testing (SAST)
August 2025
Download the complete report
Helped 867,370 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Acunetix
Ranking in Static Application Security Testing (SAST)
12th
Average Rating
7.8
Reviews Sentiment
7.0
Number of Reviews
33
Ranking in other categories
Application Security Tools (16th), Vulnerability Management (21st), DevSecOps (6th)
Software Risk Manager ASPM
Ranking in Static Application Security Testing (SAST)
34th
Average Rating
0.0
Reviews Sentiment
7.0
Number of Reviews
1
Ranking in other categories
Software Composition Analysis (SCA) (27th), Application Security Posture Management (ASPM) (11th)
 

Mindshare comparison

As of September 2025, in the Static Application Security Testing (SAST) category, the mindshare of Acunetix is 3.2%, up from 2.7% compared to the previous year. The mindshare of Software Risk Manager ASPM is 0.4%, up from 0.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST) Market Share Distribution
ProductMarket Share (%)
Acunetix3.2%
Synopsys Software Risk Manager0.4%
Other96.4%
Static Application Security Testing (SAST)
 

Featured Reviews

KashifJamil - PeerSpot reviewer
Has enabled teams to improve security testing with smooth integration and high accuracy
Acunetix has a very good ratio of fewer false positives, so users don't need to retest everything. Acunetix operates smoothly with no interruptions required, and it performs at 100% efficiency without issues in scanning anything. The solution is excellent at detecting SQL injection and cross-site scripting vulnerabilities. Acunetix integrates with every type of tool, including CI/CD tools, offering 100% integration in DevOps environments. The main benefit of Acunetix is that at the first level, users can address security issues related to penetration testing, allowing them to expose vulnerabilities and ensure all required testing is completed with very few false positives.
Read full review
Saravanan_Radhakrishnan - PeerSpot reviewer
Facilitates continuous assessment of applications, covering both static and dynamic security aspects
Code Dx lacks one aspect, the dynamic security part, known as DAST. It's not an on-premise solution; it's in the cloud now. There are compliance standards and data standards where the customer might need to have the data on-premises for dynamic security testing. So that is one shortfall. An area of improvement could be developing an on-premise DAST solution. The current one is a complete cloud-based solution, and that can be one of the areas of improvement.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It generates automated reports."
"Acunetix has an awesome crawler. It gives a referral site map of near targets and also goes really deep to find all the inputs without issues. This was valuable because it helped me find some files or directories, like web admin panels without authentication, which were hidden."
"By integrating with CI/CD tools, it enables a shift-left approach in the development process."
"The solution is highly stable."
"We use the solution for the scanning of vulnerabilities like SQL injections."
"We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why."
"It's very user-friendly for the testing teams. It's very easy for them to understand things and to fix vulnerabilities."
"There is a lot of documentation on their website which makes setting it up and using it quite simple."
More Acunetix pros
"The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it."
 

Cons

"Acunetix needs to be dynamic with JavaScript code, unlike Netsparker which can scan complex agents."
"The jargon used makes it difficult for project managers to understand the issues, and the technical explanations used make it difficult for developers to understand issues. These things should be simplified much more. That would be very helpful for us when explaining to them what needs to be fixed. The report output needs to be simplified."
"We have had issues during upgrades where their scans worked on some apps better with previous versions. Then, we had to work with their tech support, who were great, to get it fixed for the next version."
"Acunetix needs to improve its cost."
"The vulnerability identification speed should be improved."
"It should be easier to recreate something manually, with the manual tool, because Acunetix is an automatic tool. If it finds something, it should be easier to manually replicate it. Sometimes you don't get the raw data from the input and output, so that could be improved."
"It would be nice to have a feature to "retest" only a single vulnerability that the customer reports as patched, and delete it from the next scans since it has already been patched."
"I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection."
More Acunetix cons
"The initial setup is a bit challenging because things are not easy. It needs a lot of technology adaptability plus the customer's environment-specific use cases."
 

Pricing and Cost Advice

"The price is exceptionally high."
"Acunetix was around the same price as all the other vendors we looked at, nothing special."
"I would say that Acunetix is expensive because there are products on the market with similar features that are equally or better-priced."
"Implementing Acunetix needs a medium or larger business agency, because you need some money to get Acunetix. It is costly, but if you care about your agency's security, then maybe it's a cost that might help you in the future."
"The cost is based on two types of licenses, ConsultLite, and ConsultPlus, as well as the number of domains that are scanned."
"The pricing is a little high, and moreover, it's kind of domain-based."
"The solution is expensive."
"All things considered, I think it has a good price/value ratio."
More Acunetix pricing and cost advice
"It is more of an enterprise solution for budget-conscious customers. So, it's moderately priced. It's not for everybody."
report
See which vendors are best for you
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
See recommendations
867,370 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
13%
Manufacturing Company
8%
University
8%
Financial Services Firm
18%
Manufacturing Company
12%
Computer Software Company
10%
Government
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business15
Midsize Enterprise5
Large Enterprise14
No data available
 

Questions from the Community

What do you like most about Acunetix Vulnerability Scanner?
The tool's most valuable feature is scan configurations. We use it for external physical applications. The scanning time depends on the application's code.
See all answers
What is your primary use case for Acunetix Vulnerability Scanner?
Most of the customers who use Acunetix are looking for security testing. The primary use case is performing penetration testing. The main use cases include vulnerability scanning, security testing,...
See all answers
What advice do you have for others considering Acunetix Vulnerability Scanner?
Acunetix supports multi-user environments effectively. Acunetix is targeted for small to mid-size teams in a DevSecOps environment, making it the best choice for small and mid-size companies, offer...
See all answers
What do you like most about Synopsys Code Dx?
The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartne...
See all answers
What is your experience regarding pricing and costs for Synopsys Code Dx?
I would rate the pricing model an eight out of ten, where one is low and ten is high. Because it is more of an enterprise solution for budget-conscious customers. So, it's moderately priced. It's n...
See all answers
What needs improvement with Synopsys Code Dx?
Code Dx lacks one aspect, the dynamic security part, known as DAST. It's not an on-premise solution; it's in the cloud now. There are compliance standards and data standards where the customer migh...
See all answers
 

Comparisons

OWASP Zap vs Acunetix Logo
OWASP Zap vs Acunetix
Compared 17% of the time
PortSwigger Burp Suite Professional vs Acunetix Logo
PortSwigger Burp Suite Professional vs Acunetix
Compared 10% of the time
HCL AppScan vs Acunetix Logo
HCL AppScan vs Acunetix
Compared 8% of the time
Invicti vs Acunetix Logo
Invicti vs Acunetix
Compared 8% of the time
Tenable.io Web Application Scanning vs Acunetix Logo
Tenable.io Web Application Scanning vs Acunetix
Compared 5% of the time
More Acunetix Competitors
Veracode vs Software Risk Manager ASPM Logo
Veracode vs Software Risk Manager ASPM
Compared 43% of the time
SonarQube Server (formerly SonarQube) vs Software Risk Manager ASPM Logo
SonarQube Server (formerly SonarQube) vs Software Risk Manager ASPM
Compared 22% of the time
Semgrep vs Software Risk Manager ASPM Logo
Semgrep vs Software Risk Manager ASPM
Compared 18% of the time
More Software Risk Manager ASPM Competitors
 

Product Reports

Buyer's Guide
Acunetix
September 2025
Acunetix reportDownload Acunetix product report
Buyer's Guide
Application Security Posture Management (ASPM)
August 2025
Software Risk Manager ASPM reportDownload Software Risk Manager ASPM product report
 

Also Known As

AcuSensor
Code Dx
 

Overview

Acunetix Web Vulnerability Scanner is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross site scripting, and other exploitable vulnerabilities.

Invicti

Software Risk Manager is an application security posture management (ASPM) solution that enables security and development teams to manage their application security programs at enterprise scale. By unifying policy, test orchestration, correlation, prioritization, and built-in static application security testing (SAST) and software composition analysis (SCA) engines, organizations can streamline their security activities across the enterprise.

Black Duck
 

Sample Customers

Joomla!, Digicure, Team Random, Credit Suisse, Samsung, Air New Zealand
Discover why companies like: CGI said, "Synopsys and Software Risk Manager have provided the results we’re looking for".
Buyer's Guide
Static Application Security Testing (SAST)
August 2025
Download Free Report
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST). Updated: August 2025.
DOWNLOAD NOW
867,370 professionals have used our research since 2012.
See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.