what I like most is that it is perfectly designed to find security holes in web applications, holes that attackers can exploit to cause damage or loss of money, it should be noted that it detects different vulnerabilities, such as sql injection, crlf injection, execution of malicious scripts among many others.
when I try to spy on a connection, it tends to stay a bit underhanded, consuming excess resources of my computer, but nevertheless it does not stop fulfilling its functions if I am in full scan of vulnerabilities and the internet access fails me also tends to stay overlapped, generating a crash in the application in some cases.
keep your applications stable and free from attackers, you should periodically analyze your applications to look for any anomaly or vulnerability that may arise. I invite you to use this wonderful software.
currently we use this vulnerability search engine with great care, our experts in information security execute it to look for a back door in our servers, network or web application that will go out to production.
I like the level of the auristica, which has this sensor detects me almost all the vulnerabilities that my application, server or web page may have, in addition to having an extensive library where it explains where it comes from and what to do in front of that vulnerability, besides analyzing , each part of the source code to find back doors.
when I scan and I put the auria uy high, tends to consume many hardware resources of my computer, sometimes overlapping the other applications that I run for the consumption of memory, in addition, sometimes recognize false positives.
without a doubt it is one of the best scanners that exist today, detects almost all kinds of existing vulnerabilities and mainly the dangerous sql injections. I highly recommend its use.
in our company before an application is put into production is scanned for any vulnerability that endangers, the data there are handled and manipulated, thus preventing intrusions by outsiders.
I like it because it detects several types of vulnerabilities among them the most annoying for my web applications, such as the sql injection, among other types of intrutions it keeps my platform protected, since I perform exhaustive scans every time one of my applications goes to production.
one of the things that I dislike about this powerful software is that it uses the physical resources of my machine like ram memory, processors etc, when I am doing a scanner and my internet connection fails, it slows down due to the auristica that applies its sensor generating that my computer, hangs on some occasions.
the security in our applications is something fundamental since their success depends on them, an application with vulnerabilities can become lost for the company so before being put into production use the best acunetix I recommend it widely...
in our company we protect ourselves a lot from hackers and implement different security mechanisms including the constant monitoring of our platforms, through different applications including acunetix, its sensor detects any anomaly or strange behavior that my application has due to any failure within of its source code or simply by backdoors left by some programmers, it is necessary that each application that will go to production is scanned by this wonderful tool to diagnose that it is stable and can go to production.
I like it for the ability to detect SQL injection vulnerabilities in all SQL commands, including SQL INSERT commands. You can not find SQL injection vulnerabilities with a black box scanner,
the ability to test creation vulnerabilities and arbitrary file deletion. For example: through a vulnerable script a malicious user can create a file in the directory of the web application and execute it to have access permissions or delete sensitive files of the web application.
when AcuSensor Technology is used, it communicates with the web server to know the configuration of the web application and the platforms, this generates an important consumption of the recourses of my machine, generating a latency, between my machine and the applications.
I like it because unlike other vulnerability search engines AcuSensor Technology contains much more detailed information about the anomalies that can be achieved in scanned applications.
I use this application to look for vulnerabilities, of the different applications before being put into production, it is worth noting that we take great care of our server and our web applications.
The built in Login Sequence Recorder and verification is nice. It has the ability to ingest Burp files to enumerate endpoints. When it works, it gets good coverage. The price is VERY cheap for what you get. Works great for multiple page sites.
Support is based overseas and is not available 24/7. If you are in the US and you need help, the best you'll get is a single reply per day, unless you stay up all night to fix an issue. With version 12, Acunetix has stopped being able to parse our Burp files. It also does very poorly with actually crawling our single page web application. If you want to set up scheduled scans, you have to reset the schedule after every run. It'll revert back to Disabled. The only way to get it to run again is by redoing the entire schedule. Support is no help when it comes to issues. It performs very poorly on single page web applications as the version numbers increase. v10 was okay, v11 was a bit worse, v12 is unusable.
If you've moved to single page web applications, stay far, far away. Acunetix might work, but probably won't. If it doesn't, you may very well find yourself with little to no support to get it functioning. Most features don't seem to function at all. If you have a multiple page web application, it'll probably work for you.
Acunetix helped us to find vulnerabilities in our web application. This is helpful not only for finding and eliminating vulnerabilities, but also for providing evidence of doing so to our customers and compliance auditors.
The interface is fairly straight forward and intuitive. Junior staff can easily start working with the product and get quick results, even without extensive assessment knowledge. It is a good product to start with when beginning a web application assessment program as opposed to outsourcing. The cost is very reasonable when starting an assessment program.
Options around automatic login can be frustrating when using captchas and challenge response questions. Best to use embedded accounts. Perhaps an interactive popup might be useful for one-off assessments.
Directory mapping and discovery could be improved but manual input can be used to resolve this issue.
We are just starting our web application assessment program. We were able to get a quick start on assessing a large number of our web sites and resolve many basic issues. As we become more familiar with our own sites we are now able to track improvements over time of the in overall risk.
I like the ease of doing the analysis, just copy the address I want to analyze and configure some parameters about the type of vulnerability I want to find or find, and the ease to configure the sensor that uses.
sometimes it consumes a lot of resources, from the computer as a processor and ram, when the internet connection falls, it tends to hang up not every time but occasionally.
is very easy and practical to use has an intuitive interface, great ability to detect SQL injections, and other types of vulnerabilities I highly recommend.
it is currently used to analyze and show results of the applications before being put into production, going through an extensive analysis to determine open ports, and some backdoor that some developer wants to leave behind.
the facility for scanning vulnerabilities and the easy adaptation of their environment, makes it user-friendly, the different levels of auristica during scanning makes it possible to deepen the search within an objective, or within an analysis.
one of its disadvantages would be the cost of the application, since there are tools in the market based on free operating systems such as owasp among others, its relationship to analyze the objectives sometimes consumes ram memory and processing.
I highly recommend this software for all those experts in network security, since it has multiple tools such as port scanning and protocols among other
within our company any application that is created by our developers is tested in different security areas this applies the use of this software for SQL injection testing
It's really easy to use. Some of the good things are how fast does the scan takes to complete.
Hmm, well, I think there are a lot of improvements to work on, specially in the Front end.
Well, if youa are looking to implement web security assesment Acunetix can help a lot. Easy to use, confortable, results are really good after running the scans. Some if the questions we as web security auditors might come up with is How much does a scan really take? Acunetix has implements a new version (v12) which completing a scan only takes around 1 or 2 hours, refering to a complex website. But you will definitely enjoy to work with this tool.
Well, one of the biggest problems we have resolve is preventing our application to be exposed with certain vulnerabilities and having our developers to come back and fix them. Our attempt is to scan everything before going live.
The Acunetix WVS scanner is a great tool for conducting dynamic web application vulnerability scans. The tool is very thorough and the reports are detailed and intuitive. The tool performs just as well as some of the much higher priced competitors and is certainly a leader in the space. The login sequence recorder has been greatly improved since previous versions but still has a lot of room for improvement in comparison to some of the other tools available in this space.
A couple revisions ago (I believe when the product went from v10 to v11) the thick-client was replaced with a web UI for accessing the scanner. The downside is that running a scan often creates a DoS condition of its own web UI due to all of the scanner requests going out, which prevents not only access to the UI but also from being able to monitor scan progress. If it were possible to split off the web UI from the scanning engine to separate hosts, this would alleviate the issue. Acunetix also recently moved away from an unlimited scanning license to limiting the number of applications which will be forcing us to consider alternative tools.
This a great product that provides a high amount of "bang for your buck" and will certainly complement other components of an overall application security program. Manual testing should be used in conjunction with the automated scanner. Acunetix also provides several manual testing tools to assist with this testing as well (these are free to download for anyone).
The Acunetix WVS is part of our overall application security program, used to perform dynamic security testing of applications prior to deployment into production.
The simplicity to add your targets and scan them right away. The schedule is fantastic and just means I don't have to worry about it. The reports pop up in my inbox every month to review and take action on
Target limit for the tier I am on. I can only add 5 targets and once I have added them I cannot change them, so if a customer changed their website address, the target becomes useless until I renew my subscription, at which point I can re-do my targets again.
Easy to use if you manage lots of web servers that are public facing
We need a quick online scanner to scan websites that we manage at various customer sites with no VPN available. This software allows us to do this easily and quickly with clear results so we can take action fast.
If you're spending on vulnerability scanning - as in, if business needs have moved beyond being able to trust ZAP - then you don't need to look any farther. Especially as an almost-medium-sized small business completely dependent on up time and functionality of our webapps, Acunetix will help you sleep easier - and you won't lose any sleep getting it running. Particularly helpful if you're an IT pro who has to wear many hats and security is not your primary role and you need to manage it anyway.
There's almost nothing to complain about, except that initial scans tend to generate dozens of false alerts while you tweak the settings.
Generating reports is a bit more complicated than it needs to be.
Any database administrator worth his salt will be able to set it up appropriately. That, combined with a reasonable price, is a savings in terms of staffing and loss prevention.
It automates vulnerability testing!
There are alternatives that are cheaper (or even free) but the investment is quite low considering the benefits, along with the ensuring the potential to avert disaster
Affordable, fast and accurate scans, detailed reports.
The user interface is the worst. No ability to search nor sort by columns. Their are no page views - instead, you are faced with endless scrolling. No global/holistic reporting capabilities. It is unable to handle too many HTTP requests; we encounter HTTP 429 errors just for performing bulk/sequential deletes/”mark as” operations, or even navigating from one page to another within a restricted time frame. It forces you to manually mark each vulnerability as fixed, ignored, or false positive. It has no intelligence to analyze the delta between scans to determine and report which ones have been remediated.
Consider other products that offer a UI that has much more functionality and is much more intuitive.
Addressing publicly-exposed application vulnerabilities.
The ease of setting a scan schedule and the report format of the vulnerabilities. The report format is very informative and provides information on fixes.
Setting up scan targets is cumbersome at times. The downloaded text file that needed to be stored in the root of the web server did not always work correctly via HTTP or HTTPS.
Vulnerability scanning has become a mandate from PCI and other auditing industries. Acunetix provides a means to satisfy these requirements as well as providing critical infrastructure security weaknesses.
I like the fact the software is specialised website vulnerability scanner and that it can find security flaws In websites without significant user interaction
Very expensive to have paid version and it takes a long time to complete some scans.
I think it's okay software but it's so expensive and burp suite is a lot cheaper even the free community version is adequate.
For acunetix make your product cheaper and give more fine control over scans and results and make it easier to setup the add ons.
It helped me learn skills more fully so I could do more manual testing.. for instance if it found a vulnerability I would learn how to find that manually without needing the program by reviewing code.
Acunetix is simple to install offline and to use.
With a few clicks, one can receive a detailed report on the state of security of a website.
We experienced some troubles with the auto login password tool (needed for Acunetix to log in to the test website) but they could be overcome.
Alternative options could be Nessus, openvas, nexpose. But Actunetix proved to be the easiest to install and use.
We are using Acunetix Scanner to test the web interfaces of our embedded products.
Thanks to the automatically generated reports, we can provide our customers (and developers) a tailored information that allows understanding the potential risks.
It's easy to use and understand with no hidden functions. Many functions to apply and a large updated database with all the vulnerabilities. You can get a trial from their site.
The price and the subscription model based on license per use. There is a trial is just for 14 days.
I would say that this company (based on Spain) is one of the best companies about security and they has made a great effort to get this status. Totally recommend
I have done vulnerability scans over hundred sites to provide my clients the best experience in security through my datacenter where I host my clients.
I like how easy it is to setup scanning and generate the reports. Adding a new URL to scan and starting the scan is just a few clicks of the mouse, and then waiting. Not much customization is required to get some great information.
The scan times can take longer, if it is doing a full audit of websites with a lot of content. Some of the scans have taken upwards of 7 days to complete. However the reports are quite extensive.
We are using it to scan for security issues on our website products.
Acunetix makes web application scanning simple. Once purchased, it takes less than two minutes to install the software and begin running a scan. Acunetix has exceeded our expectations. The tool is extremely user-friendly, without sacrificing any of the power or flexibility. Vulnerability scans allow you to get very granular with your web app and can be customized to meet your specific need. At the most basic level, you can throw the default settings at your whole app, or select specific files, directories, and components of your site that you want to scan or not scan, and you can optimize the scan for certain technologies. We are primarily a .NET shop, although we also utilize Java, PHP, and a minimal amount of several other frameworks and we couldn't be happier with the results we are getting. Scanning prior to production is big for us, and fixing the issues early saves us a lot of time in the long run. If we modify part of one of our apps, we can quickly re-scan only that portion without having to re-do an entire scan. The biggest attraction with Acunetix is definitely the results. It yields more results for web application vulnerabilities than any other scanner that we have used in the past and what is shocking is that the scans are very time efficient. The reporting capabilities are great and provide comprehensive remediation information on all the results that are found. Technical questions or issues have been few and far between, but when they do arise, the support team has been very easy to work with and responds to our requests very quickly. New versions of the tool consistently bring in new functionality and continue to excite us. We can't wait for the next release!
While Acunetix is fantastic for dynamic web app scanning, that is all it does. There is rather minimal support for other types of vulnerability detection techniques and other layers of security. The tool has started to evolve and provide some interactive capabilities. We utilize the AcuSensor feature which gives us the exact line of source code where the scan found a vulnerability, and is very useful. However, it is only available for .NET and PHP, and it doesn't currently support Java.
Be sure to install the ancillary Acunetix features such as AcuSensor and AcuMontior. We discovered them after having used the product for quite a while and our experience has been significantly enhanced. Make sure you stay up to date with the newest versions. As new vulnerability checks are added to the tool, a notification pops up within the Acunetix interface when you open it, and prompts you to update. When a new version is released, Acunetix sends you an email (to the email you provided when you first activate your license, unless you provide them with contact info change) and then you re-download the full version of the software. It is a simple, less than two minute download, but can be confusing if you don't know that you need to re-download the license to capture the new version update (especially if you aren't getting the emails since you didn't activate the license yourself).
The price point of Acunetix has allowed us to get licenses in the hands of most of our developers, engineers, and consultants, which has been a real benefit to us. We've been able to integrate vulnerability scans into our development process , and nothing gets deployed without getting scanned first. Instead of having to make changes and fix problems after the fact and then re-deploy to the production environment once completed, we are now able to do most of the work on the front-end. We also host application for clients in our data-center and have starting scanning their sites for any issues as well. That practice is currently in it's infancy, but so far our clients have been thrilled with the results and we are excited to see it expand!
The API and the speed are much better than what we used to use, and the number of false positives has gone down tremendously.
The upgrade process was a bit difficult to go to their latest version, and we weren't getting updates for a few months.
Get it. Make sure you get support and access to API tools too.
Using AVS to scan websites before we allow them to be put on the Internet, and going back and scanning existing ones to make sure Applications are secure.
It used to be a good DAST tool. Recent releases have more or less the same features Acunetix used to have 10 years ago.
Lack of response details in reports. An analyst has no possibility to double check the reason for a specific finding without reexecuting the attack.
We use it together with Burp Pro to perform initial web application vulnerability scanning
User friendly UI, easy installation, comprehensive report, all these make my work effective
somehow it takes time for scanning, especially for any servers which are out-dated, and in using older platform
Enhance a better environment in network and server farm security.
Protecting from vulnerability scanning, so as to establish a more comprehensive schedule and manpower of system update/upgrade and patching
Excellent tool to check web applications, it works excellent in a DevOps scheme in the company has helped us a lot to the security reviews of web applications
It could be better the amount of parallel applications that can scan at the same time since the deployments we have are many
Yes
Integration with DevOps and CI/CD scheme
The level of detail and Risk KPI's and The autou-pdate Functionality .
The Re-Test funtionality, it doesn't clear the "vulnerabilty" whe it has fixed, or the "Re-Test" result goes clear.
Be aware on your business needs and targets, the licencing coudl be tricky if you can't justify the ROI.
Lowering the web risk and testing times.
Scan all the things in your code that you think are right. I think is really easy to use.
I think really nothing, for now nothing. I think its a useful tool
its a good tool for analysis. Helps to get your code secure and safe for users.
Many problems, I have a secure code and that really counts.
+ One of the best tools on the market
+ Extremly easy to use
+ Great login recorder
+ Vulnerability signatures are updated often
- Sometimes the tool will not end the scan (when dynamic URLS are used)
- Can be slow for large websites
- Expensive when used for multiple targets
Acunetix WVS is a great fire-and-forget tool. It allows for a quick verification/assesment of a website. It also gives a good overview what kind of vulnerabilities can be found for specific target by using automated tools.
The continual improvements. The team constantly makes updates available, making flaw remediation easy, accurate and accessible for the entire the IT team.
Some of the usability enhancements seem to put some of the engine processes behind a curtain. It just might be a misunderstanding on my point however.
Acunetix is a sweet spot for price/features right now.
Allowing the development staff access to the tool during the development process. This greatly reduces the amount of time between final testing and general deployment for many of our web apps.
If security of your web apps is absolutely vital, this goes above and beyond the industry standard.
There are sometimes false or pointless alerts - it's obviously thorough, but the out of the box setup setup especially can make you think the sky is falling
Our business would collapse if our web apps went down.
comprehensive scan option and detailed analysis log
the UI is a little bit messy that sometime it's hard to find those button
I used Acunetix to scan my own website to make sure there is no more serious level vulnerabilities left
The way you can get your team to work with Acunetix, and the ability to have differents groups of targets.
theres no much to dislike about acunetix, i think its great.
Vulnerability Management, we could see what we couln't see before acunetix.
The Acunetix Vulnerability tool is a fast scan utility for searching cibersecurity vulnerabilities on our websites. You can automate tasks to work easily with it.
The license pricing it is a little bit higher than the competence.
Finding website vulnerabilities and fixing bugs.
It was easy to install and run. Updates where easy to install.
The authenticated scanning recorder did not work and support was no help.
Authenticated scanning is hard to configure and did not work for me.
Application scanning.
Investigated using this software to help us do some internal audits on web apps being developed. Seemed like it would be a good way to seek out flaws in the code but not necessarily what we needed, which was really more of a manual audit from a ux perspective.
Couldn't find anything obvious to dislike.
Ultimately we decided to go another route though this wasn't really a fault of the Acunetix software
simplicity with the product, easy to do a short scan
too less performance tuning options, it takes much to long on huge websites
website pentesting
It's best tool for finding vulnerabilities of the systems
it's not have more scanning algorithms for finding vulnerabilities
It's best tool to find vulnerabilities
I've find vulnerability of system in our company before launching our apps
how simple but yet complex it can get for using security
sometimes i wish it had more vulnerability hands on testing like burp
finding vulns in our network to stop attackers
I loved the detailed http vulnerability analysis of the product. It also has detailed instructions on how to mitigate those vulnerabilities.
The price is a bit steep for startups. It should provide special discounts for them for faster market adoption.
We use it in our security framework as part of the final testing in QA environment before pushing to production.
Scheduling and executing standard scans is easy to implement utilizing the hosted solution and the associated reports provide detailed information which is highly beneficial in addressing any identified threats. Affordability.
Managing vulnerabilities has proven a bit cumbersome and have been unable to complete an full web scan to date due to the size/complexity of our application.
Threat Identification
Acunetix has very many plugins, therefore , it is able to evaluate a wide range of vulnerabilities.
That it's not possible to group similar targets together, in order to scan them at the same time.
Ability to pinpoint web application vulnerabilities. Acunetix suggests possible ways to fix the vulnerabilities.
Good UI at front end and easily compatible
The toner and cloud operations hangup sometimes
Nothing
The way it secures application network traffic
Some flaws like not capturing based on customization
Improper intrusion
Acunetix was very easy to use and provided a wealth of information in the results.
Acunetix does not allow the user to scan IP ranges
I used acunetix to gauge 3rd Party Risk.
Easiness of configuration and accuracy of results
Easy interface
Good support
Scheduler for application scans is not the best.
We use it in penetration tests and scanning of new web apps before they go dlive.
Easy deployment and quick scanning. Good Reports with simple información.
Licesing problems, and price Scale with Lots of diferent options
Fast and easy
Perimeter scanning
Fast, accurate, easy to Use. Low false positive rates. Highest SQL Injection and XSS Detection Rate.
It is not that good as a network scanner.
Web application testing.
Ease of use and settup the Acunetix to test the application.
Reliability. Sometimes the scanner abort along the way
Web appalication security
On premise installation for privacy/security.
Too many false positives. Not enough details about what's going on during a scan.
WebApp testing.
Better than most at validating vulnerabilities
Expensive and UI needs to be more intuitive
Web vulns