Acunetix
About Acunetix
Acunetix (by Invicti) is a cyber security and web vulnerability scanner solution offering automatic web security testing technology that enables organizations to scan and audit complex, authenticated, HTML5 and JavaScript-heavy websites. Acunetix provides the ability to detect over 6,500 web vulnerabilities such as XSS, XXE, SSRF, SQL Injection, host header injection, and more, which can compromise the company’s website and data.
Acunetix’s vulnerability scanner helps accurately detect critical web application vulnerabilities, including open-source software and custom-built applications. The solution’s innovative technologies include DeepScan, which enables the crawling of AJAX-heavy client-side SPAs (single page applications), AcuSensor, which combines black box scanning techniques with feedback from sensors placed in the source code, as well as SQL injection and cross-site scripting testing. Acunetix also has the ability to scan WordPress installations for over 1000 known vulnerabilities in the platform’s core, plugins, and themes, while the login sequence recorder tool automates the scanning of complex password protected areas.
A combination of black-box and white-box testing helps enhance a scan’s detection rate, and helps reduce false positive rates, along with the automatic verification of several high-severity vulnerabilities. Line of code visibility indicates which is the vulnerable line of code, pinpointing what needs to be fixed, and where. Acunetix also scans perimeter network services to help avoid any data breaches, and tests networks for vulnerabilities and misconfigurations. Advanced features include manual penetration testing tools, automatic web application firewall (WAF) configuration, and a REST API to integrate Acunetix into other custom workflows and processes.
Key benefits of Acunetix
Images
Not sure about Acunetix?
Compare with a popular alternative
Starting Price
Pricing Options
Features
Integrations
Ease of Use
Value for Money
Customer Service
Alternatives
Tenable.io
CloudWize
Orca Security
EcoTrust
Reviews
Already have Acunetix?
Software buyers need your help! Product reviews help the rest of us make great decisions.
- Industry: Computer & Network Security
- Company size: 11–50 Employees
- Used Daily for 6-12 months
-
Review Source
Overall rating
- Value for Money
- Ease of Use
- Likelihood to recommend 7.0 /10
Vulnetability scanner
Reviewed on 2019/05/04
Cool tool and deserves to get tried once.
Cool tool and deserves to get tried once.
Pros
- No doubt, easy to setup
- Easy to manage vulnerabilities
- Network level scanning is cool
- Good for Blackbox testing
Cons
- I believe post authentication scripts need improvement as it still throws duplicates and few bugs are duplicates the accuracy rate is quite high but still need improvement in existing scripts.
- Needs more modern vulnerabilities detection it might got lots of vulnerabilities in the existing database and its good but not sufficient.
Response from Invicti
Thank you for your feedback. We will look into improving our vulnerability detection.
- Industry: Information Technology & Services
- Company size: 201–500 Employees
- Used Weekly for 6-12 months
-
Review Source
Overall rating
- Value for Money
- Ease of Use
- Customer Support
- Likelihood to recommend 8.0 /10
Simple, but very powerful web vunlerability scanner
Reviewed on 2018/08/13
Good thing for a web application pentesting, can give You insight of a present vulnerabilities....
Good thing for a web application pentesting, can give You insight of a present vulnerabilities. Would recommend using in tandem with infrastructure scanner (like Nessus) to create a complete testing solution. Also presence of continous scanning and scheduler could be used for a regular security assesment of Your web applications.
Pros
Ease of use, good customer support, very insightful reports (especially Developer raport), good vulnerability management. Also continous scanning option is an interesting thing for having continous security awareness of Your vulnerability level. Also login sequence recorder is an awesome tool.
Cons
Not a lot of scan options to configure - especially in comparison to Nessus - every check is done in default, You can't choose specifically which test is done in selected scan, only the type of scan (full, high-risk vulnerabilities, xss, sqli, weak passwords, crawl only ) or technology in which the scanned web app is written.
Response from Invicti
Thank you for your feedback ¿ we¿re glad that Acuneix is working for you.
Regarding your comment about choosing what to scan for ¿ you can already do this in Acunetix, although the feature is slightly hidden away in Settings > Scan Types. Here you can create your own custom Scan Types, and you will be able to choose which vulnerabilities to check for. When creating a new custom Scan Type, you can filter the vulnerability checks from the top right hand corner of the page.
Remember that you can also easily retest for a specific vulnerability identified in a previous scan.
- Industry: Computer & Network Security
- Company size: 11–50 Employees
- Used Daily for 2+ years
-
Review Source
Overall rating
- Value for Money
- Ease of Use
- Customer Support
- Likelihood to recommend 7.0 /10
Ok tool, but fix your business model and add more settings to the interface
Reviewed on 2018/08/17
Continuation of the cons section (number of chars was limited).
* Settings are sometimes unclear,...
Continuation of the cons section (number of chars was limited).
* Settings are sometimes unclear, an info icon with a popup would be nice.
Example 1: In the "Site Structure" of a scan it is possible to press "exclude", does it exlude the path from futre scans? If so why don't I see anything in the target settings? Or does "exlude" exclude vulnerabilities from the report? BTW after pressing exlude I'm not able to "include" it again.
Example 2: "scan speed", how many threads per setting are we talking about?
* Would definitly like to get some more feedback from scans directly in the interface, what is it doing, why did it fail, did all the "allowed hosts" got scanned etc. I know you can debug a target, but this is not what I mean.
Pros
* The number of checks that take place.
* The quality of the issues found.
* After years it is finally possible to pause a scan, hallelujah.
Cons
* As a pentester I absolutely miss a more flexible way to configure settings like it was possible in v10. The interface is built as "point a shoot", idiot proof. Currently, If I want to configure things I need to change xml config files on the server and reload acunetix...
* After the release of v12 we were called by a sales agent as we suddently couldn't add targets anymore. The license model suddenly changed completely. The entire business model is now based on scanning an applications continuously over the year. However, as a pentesting business for we mostly scan apps just 1 time for our security assessments. It absolutely makes no sense to apply the same costs! Just like Netsparker, acunetix should have plans for pentesters and consultants.
* Scanning an app that spans multiple domains always results in problems. Currently you have the "Allowed hosts" settings which is crappy in setting up. I need to set all (sub) domains to a different target. And ofcourse with the current business model you are charged per target, lol.
Response from Invicti
Thank you for your honest feedback:
As you rightly say, we try to keep an easy to use interface, with the intention of automatically detecting the best way to scan the site. There are some settings which are not used by most of our customers, and which can be manually tweaked from the settings file.
I think you might have missed the little help icon at the top right corner of the Acunetix interface. When clicked, this provides help on the settings loaded in the current page. But to answer your queries:
Example 1 - When you Exclude a path from the Site Structure, the exclusion will be stored with the Target, and will affect subsequent scans. You can delete the exclusion from the Target settings.
Example 2: this is explained on our website at https://www.acunetix.com/blog/docs/configure-scan-speed-acunetix/. I have forwarded your comment about the scan feedback to the product team.
Regarding licensing, I would suggest that you get in touch with our sales team, who can work
- Industry: Financial Services
- Company size: 51–200 Employees
- Used Weekly for 2+ years
-
Review Source
Overall rating
- Value for Money
- Ease of Use
- Customer Support
- Likelihood to recommend 8.0 /10
Easy to setup, nice results
Reviewed on 2018/08/13
As a scanner it is quite good, relevant and well described findings, so far no false positives....
As a scanner it is quite good, relevant and well described findings, so far no false positives. Following an initial trial and PoC with couple of competitors, Acunetix had the best features, most suitable licensing model, good support, so we purchased a three year license. However, at some point, it all changed. The license became based on other criteria, the testing and verification tools were removed, there is no support or way of reverting to a previous version, after you realise that the changes introduced and making the software unusable or insufficient. Overall, unless there are guarantees that it won't happen again, I will be very reluctant to renew.
Pros
Very easy to setup initially, running scans quite fast, good crawler, very nice and understandable results.
Cons
The license model changed somehow in the middle of the three years, so it became impossible to continue to use it as planned without paying much more. Tools were removed.
Response from Invicti
Thank you for your feedback.
You can download the free Acunetix Manual Pentesting Tools from https://www.acunetix.com/vulnerability-scanner/free-manual-pen-testing-tools/. You can copy the Request done by Acunetix from the Vulnerability details, and use this in the Acuneix Manual Tools
- Company size: 501–1,000 Employees
- Used Daily for 1+ year
-
Review Source
Overall rating
- Value for Money
- Ease of Use
- Customer Support
- Likelihood to recommend 9.0 /10
Great for developers for self evaluation
Reviewed on 2018/07/19
Pros
I have been using acunetix web vulnerability scanner since last 2 years as I develop Web apps and Websites in my professional career so I like to test it by myself for the vulnerabilities.
It gives me scope for improvement in my programming skills.
As it gives the developer report as a part of the report its very indepth report and very useful for me to develop secure web apps
I really like the web interface they have provided It reduces the dependancy of a device to carry.
really good.
Cons
There is nothing so far to dislike this software.
As my needs are getting fulfilled by the available functionalities.
Looking forward to new updates.
Response from Invicti
Thank you for your feedback
Acunetix FAQs
Below are some frequently asked questions for Acunetix.Q. What type of pricing plans does Acunetix offer?
Acunetix offers the following pricing plans:
- Starting from: US$1,995.00/year
- Pricing model: Subscription
- Free Trial: Available
For 3 targets (websites)
Q. Who are the typical users of Acunetix?
Acunetix has the following typical customers:
2–10, 11–50, 51–200, 201–500, 501–1,000, 1,001–5,000
Q. What languages does Acunetix support?
Acunetix supports the following languages:
English
Q. Does Acunetix support mobile devices?
Acunetix supports the following devices:
Q. What other apps does Acunetix integrate with?
Acunetix integrates with the following applications:
Bugzilla, GitHub, GitLab, Jira
Q. What level of support does Acunetix offer?
Acunetix offers the following support options:
Email/Help Desk, FAQs/Forum, Knowledge Base, Phone Support
Related categories
See all software categories found for Acunetix.
Vulnerability Scanner Tools
