Sold by: Invicti SecurityÂ
Deployed on AWS
Invicti Security leads in modern application security with best in class DAST at the core of a platform built for risk posture management. Proof based scanning delivers 99.98 percent accuracy by validating real exploitable vulnerabilities cutting false positives and streamlining remediation. AI innovations and engine upgrades make the worlds best DAST even better helping teams uncover more critical issues across web apps and APIs faster and with less noise keeping security focused on what matters most.
4.1
Overview
Invicti merged DAST market leaders Netsparker and Acunetix into a new scalable Application Security Platform. By combining both solutions with AI enhancements and expanded capabilities the industrys leading DAST solutions are now a powerful complete AppSec platform featuring:
Dynamic interactive and static security testing within a single platform
Web app shadow API and LLM discovery and scanning
Detection of more high and critical vulnerabilities with the help of AI
All vulnerabilities in a single view with remediation orchestration for complete risk posture management
Invicti combines its industry leading coverage accuracy and speed with visibility and orchestration integrated into every step of your SDLC at the scale you need. With DAST at the center you are not just getting another security tool you are getting a runtime force multiplier for your entire AppSec program.
For Enterprise customers with custom pricing EULA or a private offer please contact tackle@invicti.com .
Highlights
- AI-powered proof-based scanning verifies over 94% of direct-impact vulnerabilities with 99.98% accuracy, eliminating false alarms and enabling teams to fix issues without wasting time on verification.
Details
Sold by
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Acunetix Online Premium | QTY 5 Targets (FQDN = website, web application, API, or web services) | $7,000.00 |
Acunetix MSSP License | Acunetix Managed Security Service Provider License | $15,960.00 |
Invicti Ent On Demand | QTY 50 Targets (FQDN = website, web application, API, or web services) | $37,000.00 |
Invicti Ent On Premise | QTY 50 Targets (FQDN = website, web application, API, or web services) | $37,000.00 |
Premium Support | Premium Support | $150,000.00 |
Prem SPT & Guided Suc | Premium Support and Guided Success | $300,000.00 |
Invicti ASPM | License for Invicti ASPM offering. 150 Users and Targets. | $60,000.00 |
Vendor refund policy
Fees will be due and payable as set forth on the Order Form, and Customer agrees to timely pay all fees. Payment obligations are non-cancelable, and fees paid are non-refundable.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Invicti Security
By SAINT
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Dynamic Application Security Testing
Advanced DAST scanning capabilities with AI-powered vulnerability detection across web applications and APIs
Vulnerability Verification
Proof-based scanning methodology that validates real exploitable vulnerabilities with 99.98% accuracy
Multi-Layer Security Testing
Integrated dynamic, interactive, and static security testing within a single platform
API and LLM Discovery
Comprehensive scanning and discovery of web application shadow APIs and Large Language Model vulnerabilities
AI-Enhanced Vulnerability Detection
AI-driven technology to detect more high and critical vulnerabilities with advanced algorithmic analysis
Web Application Firewall
Advanced protection against OWASP Top 10 threats using machine learning and behavioral analytics
Bot Protection
Proactive defense using fingerprinting, challenge/response techniques, and behavioral analysis to block automated attacks
Threat Intelligence
IP Intelligence threat feed with regular updates to block malicious IP traffic and threat campaign signatures
Traffic Management
Load balancing functionality supporting 1 VIP and up to 3 virtual servers with per-app deployment model
Automation Integration
Supports integration with automation and CI/CD tools through Automation Toolchain, CloudFormation Templates, and Quick Start Guides
Vulnerability Scanning
Integrated vulnerability scanning with comprehensive network and system assessment capabilities
Penetration Testing
Advanced penetration testing functionality with multiple scanning approaches and methodologies
Compliance Reporting
Supports multiple compliance standards including PCI, FISMA, HIPAA, NERC CIP, and SOX through predefined report templates
Scan Policy Management
Configurable scan policies with 20 built-in policies and support for custom policy creation
Asset Discovery
Automated asset tagging and discovery with powerful dashboards and analytics for comprehensive security management
Standard contract
No
No
No
Customer reviews
Mohamed Fouad
Accurate web vulnerability scans have strengthened our critical application security posture
Reviewed on Dec 02, 2025
Review provided by PeerSpot
What is our primary use case?
What is most valuable?
Acunetix's best features are scalability and accuracy on provided vulnerabilities.
The scalability of Acunetix is impressive, and accuracy is one of the best features because I do not waste time verifying each provided vulnerability from Acunetix.
Acunetix has positively impacted my organization by providing updates on vulnerabilities in our web security and web application servers.
Since implementing Acunetix, I have seen improvements as we have discovered real vulnerabilities and threats on our web application server, which is very critical to our organization.
What needs improvement?
Acunetix may need to reconsider the cost or price compared to other vendors.
For how long have I used the solution?
I have been using Acunetix for three years.
What do I think about the stability of the solution?
Acunetix is stable.
What do I think about the scalability of the solution?
Acunetix has great scalability.
How are customer service and support?
I did not need to reach customer support because the product is very effective.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I previously used Nessus, and I stopped using it and switched to Acunetix.
What was our ROI?
I have seen a return on investment with Acunetix, including time saved and cost reduction, because it provides us threats on our web application servers.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing is that it is somewhat high.
What other advice do I have?
I would rate Acunetix a 10 out of 10.
I gave Acunetix a 10 because of its accuracy.
My advice to others looking into using Acunetix is that it will be one of the best web vulnerability scanners, providing accuracy on proposed vulnerabilities and discovered vulnerabilities.
My overall review rating for Acunetix is 10.
sai kiran narayana .
Excellent Security Tool with Continuous Improvements
Reviewed on Nov 24, 2025
Review provided by G2
What do you like best about the product?
This is one of the best security tools available on the market today. It continues to evolve and improve. By using it, web applications become more secure. Additionally, it helps identify most hidden pages on any website, especially those concealed through cookies.
What do you dislike about the product?
The vulnerability detection is inconsistent, and the scanning process tends to be slow.
What problems is the product solving and how is that benefiting you?
The process of identifying probable vulnerabilities is crucial for maintaining security. It allows for early detection of potential risks, helping to prevent issues before they become serious problems.
Himanshu_Tyagi
Saves significant assessment time with automated scans but requires manual effort to filter false positives
Reviewed on Nov 24, 2025
Review from a verified AWS customer
What is our primary use case?
Acunetix has primarily been used for application security, and it has also been used for vulnerability management, though not as extensively because Qualys Guard Total Cloud solution was being used for scanning cloud assets.
Qualys Total Cloud was used to scan cloud assets. Earlier, when using CLI tools like Troller, there was not much visibility because the reporting section from the CLI tool was not that helpful. However, when using Qualys Guard, the Total Cloud offered advanced reporting features and had the option to share vulnerability reports directly via email, allowing the end participant's email address to be entered for automatic report delivery.
What is most valuable?
The crawling option in Acunetix is really good because whenever a scan is initiated, the crawling option provides good coverage about the vulnerabilities identified in the application. The attack option that comes after crawling is quite good. When the application is configured in authenticated scan mode with Acunetix, it provides good visibility about the security vulnerabilities in the application.
The experience with Qualys Total Cloud was really good, as when Qualys Guard was used to scan cloud security assets, it identified the vulnerabilities and helped differentiate between valid findings and invalid findings. Qualys Guard is called Total Cloud, which means cloud assets are scanned regardless of any environment, whether it is GCP, AWS , or Azure .
What needs improvement?
Improving the handling of false positives would be beneficial because it can be challenging to trust the findings flagged by Acunetix, and those findings must be manually validated. Sometimes the scanner shows a vulnerability count exceeding 100, and manually assessing the findings can be quite a challenge.
The main concern is related to false positives; Acunetix needs to work on identifying valid and invalid findings. While Checkmarx has very good coverage, its pricing is quite high. If Acunetix improves in handling false positives, it will make a significant impact in the security world.
For how long have I used the solution?
Acunetix has been used for a long time, about five to six years, along with Netsparker and other automated scanners.
What do I think about the stability of the solution?
The experience has been pretty smooth without crashes, downtimes, or performance issues with Acunetix.
What do I think about the scalability of the solution?
Acunetix is quite scalable.
How are customer service and support?
The tech support from Invicti for Acunetix is really good. Whenever a support ticket is raised, their SLA is quite nice. For high-severity issues, they reach out within two to three hours, and for critical issues, a response is received within 15 minutes.
The tech support would be rated an eight out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
As far as experience is concerned, only Checkmarx SAST tool has been worked on, and no other Checkmarx products like Checkmarx One are used.
Rapid7 Nexpose has been used, but no other Rapid7 products have been explored. Additionally, Qualys Guard and Qualys VMDR Vulnerability Management Detection Response solution have been worked on.
How was the initial setup?
The setup process for Acunetix is not that complicated, and Acunetix support can always be reached out to. Whenever Acunetix is onboarded in the environment, the Acunetix team assists with the installation, making the setup quite easy.
What's my experience with pricing, setup cost, and licensing?
The pricing cost is affordable for small and mid-sized organizations, and when compared to Checkmarx, it is significantly affordable, as Checkmarx is quite expensive.
The cost-effectiveness is really good because it comes under the budget of organizations looking to use automated scanners, which really helps and saves time.
What other advice do I have?
Currently, work is being done with AWS cloud security and application security tools such as Burp Suite, and various automated scanners such as Netsparker and Acunetix are also being used, along with vulnerability scanning tools such as Nessus Professional and Rapid7 Nexpose.
Acunetix is good, even though there have been some issues related to false positives. Whenever an automated scanner like Netsparker or Acunetix is used, it takes time to run the scan. Once the scan is completed, the false positives flagged by the scan need to be identified. Acunetix is a good tool because if there is less time and the team needs to perform the security assessment, a manual assessment will take almost a week to assess a large application. However, when an automated scanner like Acunetix is used, the same task can be done within three to four days. Authenticated scans are usually preferred with any automated scanner like Acunetix because it provides much visibility about the application on which the scan is initiated, and the results from authenticated scans are very good compared to unauthenticated scans.
Acunetix was used recently, about three months ago.
Acunetix was not used for AWS because various other AWS solutions are available to determine the vulnerabilities for cloud, primarily using AWS Inspector to scan the AWS cloud. Security Hub is also used to measure cloud security posture management, so when it comes to scanning the cloud, AWS Inspector is primarily used.
Acunetix was hosted on the AWS cloud because when the application was scanned, it was not an on-premises solution; the applications hosted in AWS cloud were scanned using Acunetix.
The integration part has not been explored much because other tools are available, but Acunetix supports YAML files that can be used to integrate those scans into the CI/CD pipeline. However, Acunetix scans have not been integrated into the CI/CD pipeline.
The Acunetix network security component has not been used.
If there is less time to perform manual security assessments, Acunetix is a good option because if a manual security assessment takes almost a week, the same task with Acunetix can be completed within three to four days, which really saves time for the entire team. The results are faster and interactive reports generated by the dashboard can be shared. This helps improve the overall security posture.
The features present in Acunetix are quite good and serve the purpose well.
Acunetix is definitely recommended for scanning, and if someone asks whether they should use Acunetix to mitigate the threats identified in their applications hosted in AWS cloud, it would definitely be recommended.
When the continuous scan approach is used for security compliance, it really helps because the scan is not paused for any reason, like if the application goes down. With the continuous scan operation, the application is continuously assessed by the scan engine of Acunetix, and the results from the continuous scan feature are quite good. The continuous scanning feature has been used.
If an organization has 100 plus applications and wants to use an automated scanner, they should definitely go ahead with Acunetix because it is very cost-effective and will save time compared to focusing on other solutions and performing manual security assessments.
The recommendation for other organizations considering Acunetix depends upon their requirements.
This review has been given a rating of 7 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Deepesh V.
Powerful Security Scanning Made Easy with Acunetix
Reviewed on Nov 17, 2025
Review provided by G2
What do you like best about the product?
Acunetix is a powerful tool for security scanning and it's ease of use and setup. I frequently use this because this helps identify vulnerabilities like SQL injection, along with its ease of implementation and integration with CI/CD and it easily integrated with the web application in hand. The customer support is great and provides answers to queries quickly.
What do you dislike about the product?
It could improve in few areas like setting up demos on how some complex configurations work and what are the use cases it solves. It can also resource intensive for large applications.
What problems is the product solving and how is that benefiting you?
Acunetix makes web application security testing much easier by automating most of the work. It quickly finds serious issues like SQL injection, XSS, weak authentication, and configuration problem things that would take a lot of time and effort to catch manually. What I really appreciate is that everything is handled in one place: the scans, the results, and the steps to fix the vulnerabilities. It saves a lot of time and eliminates the need to juggle multiple tools.
Rahul Kumar
Identifies vulnerabilities across bulk web applications but needs better support and cleaner reports
Reviewed on Nov 16, 2025
Review provided by PeerSpot
What is our primary use case?
I have been using Acunetix for more than five years, as I used it in both my previous company and my current company.
My day-to-day use of Acunetix involves scanning web applications, scanning multiple files, and conducting gray-box scanning of the applications to identify any automated issues related to outdated libraries.
I rely primarily on Acunetix for bulk scanning of multiple web applications, which includes gray-box and white-box assessments as well as black-box assessments of web applications in terms of security.
One specific example of a recent assessment I did with Acunetix involved a large customer-facing application with many modules and functionalities that cannot be done manually, so it was very efficient; we included active scanning of Acunetix through gray-box credentials and identified a few vulnerabilities that were not found manually.
What is most valuable?
The best feature Acunetix offers is the centralized dashboard and the quality of reports it generates, which includes various options for selecting reports and developer options for directly sharing the reports with developers.
The centralized dashboard of Acunetix gives visibility into the security aspects of mass applications; for instance, with more than 200 applications, it provides a valuable overview of findings and necessary fixes, along with a high-level summary that helps us achieve compliance through monthly and sometimes weekly scanning.
In terms of reporting, Acunetix is excellent because it can generate different types of reports, such as an executive summary report, detailed reports, and developer reports that can be shared directly with developers.
Acunetix positively impacts my organization by helping identify outdated libraries and applications, including legacy applications vulnerable to old attacks based on OWASP Top 10, thus aiding in compliance checks for PCI DSS and OWASP.
Acunetix provides a centralized report with compliance-related aspects and a vulnerability timeline, effectively helping reduce vulnerabilities and save time.
What needs improvement?
I believe Acunetix can improve customer support, as the dedicated support staff are often unfamiliar with problems and troubleshooting, leading to communication gaps that delay issue resolution.
Regarding the needed improvements, I find that there are too many duplicate findings in reports; for example, if there are numerous XSS vulnerabilities reported, they are shown individually instead of being grouped together.
For how long have I used the solution?
I have been working in my current field for more than eight years.
What do I think about the stability of the solution?
Acunetix is pretty stable in my experience.
What do I think about the scalability of the solution?
Acunetix can handle increasing workloads and more applications easily.
How are customer service and support?
Acunetix customer support responds on time, but resolution can take longer due to involving stakeholders who are not relevant and the support staff not being familiar with the problem.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
Before Acunetix, we used a different solution called ImmuniWeb , which did not provide good findings or customer support, prompting the switch.
What was our ROI?
I have seen a return on investment, as Acunetix helps reduce the man-days and effort needed for scanning bulk applications through automated assessments, allowing good dashboard visualization that can be reported easily to management, providing complete visibility on vulnerability metrics.
What's my experience with pricing, setup cost, and licensing?
In terms of pricing, setup cost, and licensing, I find it good and not overpriced, plus there are discounts offered.
Which other solutions did I evaluate?
We evaluated several options, including Checkmarx, Acunetix, Burp Suite, and ImmuniWeb before making our choice.
What other advice do I have?
My advice for those looking into using Acunetix is to utilize it effectively due to its good features, especially its APIs and other functionalities. My company does not have a business relationship with this vendor beyond being a customer. I would rate this review as a seven out of ten.