Acunetix Reviews & Pricing

by Acunetix | Founded 2005, Mriehel, Birkirkara, Malta

REQUEST WITH NO OBLIGATION$ Request Pricing Get Free Demo

Request Pricing Request Demo

Overview Pricing Benefits Reviews Features

Categories:

What is Acunetix?

Industry Specialties: Serves all industries

Acunetix is an application security testing platform that helps its users safeguard web applications, websites and APIs. It combines dynamic and static scanning technologies and utilizes a separate monitoring agent to detect vulnerabilities.

It offers vulnerability management and compliance reporting functionalities. It is designed for small businesses, pentesters, web professionals and enterprise customers to address vulnerabilities across their critical web assets.

PRICE

COMPANY SIZE

DEPLOYMENT

PLATFORM

Try Before You Buy.

Request a Free Demo Today!

Request Demo

It's completely free!

User Sentiment

Based on 64 reviews:

Add your rating:

Product Screenshots and Videos

Acunetix Pricing

Based on our most recent analysis, Acunetix pricing starts at $1,995 (Per User, Annually).

Get Price Quote

Price: $
$
$
$
$

i
Starting From: $1,995
Pricing Model: Per User, Annually
Free Trial: Yes, Request for Free

Training Resources

Acunetix is supported with the following types of training:

Documentation
In Person
Live Online
Videos
Webinars

Support

The following support services are available for Acunetix:

Email
Phone
Chat
FAQ
Forum
Help Desk
Knowledge Base
Tickets
Training
24/7 Live Support

Acunetix Benefits and Insights

Why use Acunetix?

Key differentiators & advantages of Acunetix

Vulnerability Scanner: Includes web vulnerability tests in SecDevOps processes to save resources and avoid late patching. Uses a unique scanning algorithm, SmartScan, to quickly find vulnerabilities and save resources during penetration testing due to low false-positive rates. It can be deployed locally on macOS, Microsoft Windows and Linux operating systems.
Manage Security: Discover multiple vulnerabilities, including weak passwords, misconfigurations, exposed databases, XSS, SQL injections and out of the band vulnerabilities. Scan complex multi-level forms and password-protected areas through advanced micro-level technology.
Improved Results: Verifies real vulnerabilities and assesses the severity of issues to provide actionable insights. Eliminates lengthy setups and onboarding times to facilitate quick scanning, preventing network hogging and server overloading.
Enables Automation: Schedule and prioritize full or incremental scans according to traffic load and business needs. Handle identified issues using built-in management functionality or integration with its current tracking systems. Scan new builds with the latest CI tools like Jenkins and import pre-seed crawl data from Burp, Fiddler, Postman, Paros and more.
Seamless Integrations: Track and protect against identified vulnerabilities through integrations with third-party applications. Development teams can streamline collaboration and manage work using issue trackers. Create appropriate rules to protect against attacks targeting vulnerabilities with web application firewall integrations. Offers a Jenkins plugin to discover and track vulnerabilities early on in the software development lifecycle.

Industry Expertise

Acunetix is a global web security leader that serves various industries, including IT and telecom, government, financial services, education and healthcare. It has been acknowledged as an October 2020 Gartner peer insights customer’s choice for application security testing.

Acunetix Reviews

Based on our most recent analysis, Acunetix reviews indicate a 'excellent' User Satisfaction Rating of 90% based on 64 user reviews from 2 recognized software review sites.

64 reviews

90%

of users would recommend this product

Synopsis of User Ratings and Reviews

Based on an aggregate of Acunetix reviews taken from the sources above, the following pros & cons have been curated by a SelectHub Market Analyst.

Pros

Automated Vulnerability Detection: Acunetix excels at automatically finding vulnerabilities like SQL injections and cross-site scripting, which are common ways hackers exploit websites.
API Security Testing: Acunetix can automatically test the security of RESTful APIs, including those without a web front end, ensuring comprehensive API protection.
Detailed Reporting and Remediation Guidance: Acunetix provides detailed reports with proof of exploit and clear remediation guidance, enabling developers to understand and fix security issues efficiently.
Integration with Development Workflows: Acunetix integrates with popular CI/CD pipelines and issue tracking systems like Jira and GitHub, streamlining security processes and facilitating DevSecOps practices.

Cons

Limited Customization: While Acunetix offers various scan types, users have reported limited control over specific vulnerability checks within those scans, potentially leading to less targeted assessments.
False Positives: Acunetix may occasionally flag vulnerabilities that are not genuine issues, requiring manual verification and potentially slowing down remediation efforts.
Scan Duration: Some users have found Acunetix scans to be time-consuming, particularly for large and complex applications, which could impact development and deployment cycles.
Supplementary Testing Required: Acunetix recommends additional security measures, such as manual testing and network mapping, suggesting its automated scans may not be as comprehensive as some users expect.

Researcher's Summary:

User reviews from the past year suggest that Acunetix, developed by Invicti, is a well-regarded tool for managing endpoint security, penetration testing, and website security. Users have praised its comprehensive vulnerability scanning capabilities, highlighting its ability to detect a wide range of threats, including SQL injection and cross-site scripting. One user commended Acunetix for its "good OWASP scans and reports and automation," emphasizing its effectiveness in identifying and addressing security risks. Another user lauded its user-friendliness, stating that it "makes me feel a part of the test."

However, some users have pointed out limitations. One criticism targets the licensing model, with a user describing it as "the worst I have ever used" due to its inflexibility in reallocating target URLs. Another user cautioned against relying solely on Acunetix, noting that "some vulnerabilities still can't be detected" and recommending manual vulnerability assessments as a supplementary measure. Despite these drawbacks, Acunetix is generally viewed favorably by users, who appreciate its robust features, accuracy, and ease of use.

Acunetix appears to be a suitable choice for organizations of all sizes that prioritize web application security. Its comprehensive scanning, automation features, and integration capabilities make it a valuable asset for security professionals and developers alike. However, potential users should carefully consider the licensing model and the need for manual vulnerability assessments to ensure it aligns with their specific requirements and risk tolerance.

Key Features

Automated Penetration Testing: Manually identify web application vulnerabilities like cross-site scripting, SQL injections and more before starting a penetration test. Allows vulnerability assessment and management with integration options, including an API for building personal integrations. Follow up with further manual tests using GUI-based and command-line penetration testing tools.
Website Security Scanner: Run scans to probe sites and find application risks. Examine web applications built with Java frameworks like Struts, Spring and Java Server Faces. Scan password-protected pages automatically using the Login Sequence Recorder. Utilizes AcuSensor technology to inspect web application’s source code. Replicates user actions to execute scripts like a browser. Employs black and gray box testing to focus on the entire attack surface.
External Vulnerability Scanner: Scans perimeters for network-layer vulnerabilities and misconfigurations. Provides options to schedule external vulnerability scans at a specific time to run regular scans. Generates technical, regulatory and compliance reports like OWASP top 10, PCI DSS, HIPAA and more. Export vulnerabilities to third-party issue trackers such as GitHub, GitLab, Atlassian JIRA, Bugzilla, Mantis and Microsoft TFS.
Web Application Security: Defends against known and website or web application vulnerabilities that include sites built with hard to scan HTML5 and JavaScript SPAs. Scan website files through custom form authentication or other access controls and session management. Assess and minimize security risks with out-of-the-box vulnerability management tools, including prioritization and historic trends.
AcuSensor Technology: Enables interactive application security testing and works with applications written in PHP, ASP.NET and Java. Provides additional information from the server back end during web application scanning to offer ease of remediation, greater precision and full coverage. It can be installed on staging servers to perform IAST analysis.
AcuMonitor Technology: Increases the scope of vulnerabilities detected by Acunetix scanner and enables out of the band detection. Identifies vulnerabilities like host header attacks, blind XSS, blind server-side XML/SOAP injection, out of the band remote code execution and SQL injection, email header injection, server-side request forgery and XML external entity injection.

Limitations

User feedback indicates the following limitations of Acunetix, as of the time of this review:

Comprehensive CSV file format downloads are not provided.
Scans take a longer time to complete.
Provides false-positive alerts at times.

Suite Support

Email: Email support isn’t mentioned.

Phone: Phone support isn’t available.

Training: It provides various training avenues such as blogs, webinars, white papers, case studies and videos.

Tickets: Customers can fill a form on its contact page to open a ticket and contact support for questions or technical issues or talk to sales for web application security solutions.