Invicti

In a typical enterprise environment, Acunetix  is mainly used for visibility, detection, and investigation across network traffic. The main use cases usually fall into a few core areas, with primary focus on network traffic visibility and behavioral analysis.

In one simulated enterprise web environment, the security team was running Acunetix  scans against a customer-facing login portal and an internal API gateway. The primary goal was vulnerability discovery, but what became interesting was the traffic pattern correlating during authenticated scanning. During the scan, Acunetix started triggering abnormal server responses on a specific API endpoint that was not documented in the official API spec. The scanner was not just flagging vulnerabilities like SQLi or XSS; it was also generating a behavioral pattern.

These unexpected behavioral findings usually become more valuable than initial expectations. Continuing with realistic scenarios around Acunetix, here is how a small typical security team would act once they noticed those abnormal API behaviors. First is immediate triage, where the first step was not rushing into patching but rather classification. Second is cross-correlation with telemetry where it got interesting. Third is root cause discovery, the real win. Fourth is what changed after that discovery. The kind of finding usually changes operational behavior more than tooling.

Continuous vulnerability detection, not one-off scanning, is valuable. CI/CD integration becomes always-on security, meaning it is always on and never off. Attack surface discovery is also helpful. API-first scanning reflects modern reality, and reporting plus prioritization are important features.

When teams evaluate Acunetix, the best features are not just about how many vulnerabilities it finds. They are about how reliably it reduces manual work and false positives while fitting into modern delivery pipelines. For example, a report might say possible SQL injection detected, which forces a security engineer to retest manually in Burp  or similar tools. When a developer pushes code with new API endpoints added, the pipeline triggers a scan automatically.

Attack surface discovery is a very strong feature. Another useful aspect is scan management at scale. The integration ecosystem it has is also worth mentioning. The reporting and compliance outputs are often a practical advantage.

In my company, there are positive impacts. Acunetix gives a faster vulnerability detection cycle. Before adoption, security testing was often manual or periodic. After Acunetix came, scans run continuously or per deployment, and issues are caught in staging or CI/CD stages. The outcome is a shorter feedback loop between development and security.

Better handling of complex modern authentication flows would be an improvement. API discovery could be more adaptive. Performance impact on large-scale scans is a concern. False positives still exist in edge cases.

There are a few additional practical improvements areas that often come up in real-world usage, especially in mature security teams. Right now, vulnerability severity is mostly technical CVSS style scoring, but teams often want more context. Teams want to know what assets are revenue critical or low impact, and whether the vulnerable endpoint is internal facing or internet facing. Improved collaboration features for large teams would also be beneficial.

Acunetix is a very strong enterprise-grade scanner that significantly improves security coverage and efficiency, but it still works best when paired with skilled manual testing and good DevSecOps  practices. Complex authentication flows still need tuning. Large scale scan optimization can take effort. Business logic vulnerabilities still require human testing.

I have been working in my current field for two and a half years.

Acunetix is stable in my experience and highly stable.

Acunetix handles growth in my company.

I have interacted with the support team, and they were very supportive and resolved all my issues within a fraction of seconds. The support team is very helpful.

The options that teams commonly used before Acunetix were Burp  Suite and manual heavy testing. Many teams start with Burp Suite, which is very powerful but highly manual. Open source scanners like OWASP ZAP are also used for scanning and provide basic coverage.

A common deployment model is on-premises, which is very common in regulated environments. In my company, the setup is typically on-premises. Acunetix is installed on a dedicated VM or security server, connected to internal network segments with scans running against staging plus production replicas.

I am using only Acunetix and did not choose any other tools apart from before Acunetix.

Money was saved by using Acunetix. It is very helpful and has saved a lot of money from other tools.

Everything is perfect and good, including the pricing and all related aspects.

I have interacted with the support team, and they were very supportive and resolved all my issues within a fraction of seconds.

I advise that Acunetix is the best option. Invest time in proper initial configuration and scope definitions. The tool is powerful, but its effectiveness depends heavily on how the authenticated areas, scan policies, and excluded paths are defined. I would rate this review an 8.

My main use of Acunetix  is to scan my web application. I mostly deal with web applications and with Acunetix  Network Security Component, but I have not activated the network component before and will not use it.

Acunetix provides the benefit of saving time for an end user. I would not say it saves money because the cost and license of Acunetix is far more than what others offer. Acunetix charges according to the number of scans, but other solutions do not; you do not pay according to the number as it is unlimited. However, I appreciate the features that Acunetix has for the speed and the fact that it is in the cloud, which does not put any resources in my network. I can set up a scan, go to bed, come back and see the reports in my email. That is great.

I appreciate the upload function in Acunetix that allows me to upload so many targets at the same time in a CSV file. I also love the comprehensive reports that can generate a single report to capture all my scans, irrespective of the numbers. I appreciate the scheduling feature; when I want to schedule my scan, maybe weekly or quarterly, it scans and produces a report for me and sends it to my email. On the latest platform, Invicti , I appreciate the speed, which is quite fast, and the interface is also great.

The continuous scanning feature in Acunetix is one of the features I appreciate most because I can use it to schedule my scans and be notified if there are any changes. I can do comparative scans to know if I scan this Monday and send a report to my engineer, and they can do remediation. I can do comparison to know the aging of any vulnerability that has existed for a period of time. I can track what they have closed and what they have not closed within the relevant application scope.

Every product needs to do continuous improvements. For now, if Acunetix could help me do automatic penetration tests for my APIs, that would be beneficial. I could supply it with maybe a Swagger file or a JSON file, and Acunetix would pick it up, scan all the endpoints according to the OWASP Top Ten, and give me remediation and actionable remediation reports.

I have been working with Acunetix for as far as I can recall, maybe five to seven years now.

For stability, I would rate the product as an eight out of ten.

For scalability, I would also give it an eight out of ten.

I would rate technical support from the vendor as very good. Their customer support representative supports very well. Once I send an email, they respond quickly and without delay, so I would say they are quite supportive.

I have used a couple of vulnerability management solutions, such as InsightVM  and Tenable's Tenable.io  and Tenable.sc , before using Acunetix.

The initial setup for Acunetix is very simple because we use the cloud now, so we do not do any setup lately; just a sign-up.

I would say the pricing is average, but still, it is higher than low.

I use Acunetix and Burp  Suite together and they are both quite good. I use them to validate one another. If I want to compare Acunetix, I could also compare it with some other penetration test assessment tools, such as the one by Invicti , Netsparker, which I used to love, but I do not know if it is still around.

I am still working with Acunetix, and we have even moved to their new platform, Invicti. I have requested a demo for Acunetix DeepScan technology, but I have yet to go through DeepScan. That was the next step we wanted to take right now. I have been speaking to the customer service team, and I would like to have a demo of Acunetix because right now we use Azure DevOps . I would have liked to see how it can be integrated with our Azure DevOps  in the SaaS environment so it can be used as a task from the CI/CD pipeline. I met Acunetix through a reseller at my current workplace, who provided the quotation. Overall, I would give Acunetix an eight out of ten.