Application Vulnerability Scanner with a great ROI
Overall Satisfaction with Acunetix
Acunetix is used to support our customer's vulnerability management and application security programs.
Pros
- Fast.
- Easy-to-use.
- Great customer support.
- Reporting features.
- Supports importing state files from other popular application testing tools.
- Has other features built-in beyond just scanning for vulnerabilities.
Cons
- Does not support multiple endpoints well (e.g. apps and services that do not reside at the same URL).
- Has authentication problems with modern enterprise apps which involve a lot of redirects to unrelated endpoints, federated IDs, SSO, etc. This is related to the first point.
- The vulnerability detection capability is not as robust as Burp Suite Pro + extensions, Metasploit + auxiliary modules, Nmap + scripts, etc.
- Saved money compared to other commercial scanners, especially over the long run.
- Scan speed seems to be pretty good compared to some of the bulkier commercial products out there. However, that largely has to do with proper configuration.
- A downside is that is requires a bit of extra work just to get it set up to scan APIs, web services, etc.
Every year, we re-evaluate the tools we are using and licensing. We balance the ever-changing vendor licensing-models, costs, tool features/usability, etc. For the last few years, this has been the best overall commercial tool for our specific use case. However, this is only one of many tools that we use and need.
Comments
Please log in to join the conversation