External reviews are not included in the AWS star rating for the product.
I use Acunetix by running scans against websites, reviewing detected vulnerabilities, and then prioritizing and fixing issues based on severity before releasing updates.
Acunetix serves as part of our website quality and security review process, helping us identify potential issues early and reduce security risk before deployment.
Automated vulnerability scanning benefits my team by quickly identifying potential security issues without requiring fully manual review, saving time, providing consistent checks across applications, and helping the team focus on fixing high-priority vulnerabilities.
Reporting is particularly helpful because it provides clear details about identified vulnerabilities and their severity. Actionable reports make it easier for teams to prioritize fixes and track security improvements over time.
Acunetix has positively impacted my organization by improving our security review process, identifying vulnerabilities earlier in the deployment cycle, reducing the risk of security issues reaching production, and helping the team address potential threats more efficiently.
I would appreciate more integration with CI/CD and developer tools along with more flexible reporting dashboards. An easier way to export, customize, and share security findings across teams would improve collaboration and remediation workflows.
Additionally, when deploying with CI/CD, we can identify risks and security concerns, which are the main features I believe need improvement.
I rate the customer support a 10 because I can contact them at any time, and the response time is very quick.
In a typical enterprise environment, Acunetix is mainly used for visibility, detection, and investigation across network traffic. The main use cases usually fall into a few core areas, with primary focus on network traffic visibility and behavioral analysis.
In one simulated enterprise web environment, the security team was running Acunetix scans against a customer-facing login portal and an internal API gateway. The primary goal was vulnerability discovery, but what became interesting was the traffic pattern correlating during authenticated scanning. During the scan, Acunetix started triggering abnormal server responses on a specific API endpoint that was not documented in the official API spec. The scanner was not just flagging vulnerabilities like SQLi or XSS; it was also generating a behavioral pattern.
These unexpected behavioral findings usually become more valuable than initial expectations. Continuing with realistic scenarios around Acunetix, here is how a small typical security team would act once they noticed those abnormal API behaviors. First is immediate triage, where the first step was not rushing into patching but rather classification. Second is cross-correlation with telemetry where it got interesting. Third is root cause discovery, the real win. Fourth is what changed after that discovery. The kind of finding usually changes operational behavior more than tooling.
Continuous vulnerability detection, not one-off scanning, is valuable. CI/CD integration becomes always-on security, meaning it is always on and never off. Attack surface discovery is also helpful. API-first scanning reflects modern reality, and reporting plus prioritization are important features.
When teams evaluate Acunetix, the best features are not just about how many vulnerabilities it finds. They are about how reliably it reduces manual work and false positives while fitting into modern delivery pipelines. For example, a report might say possible SQL injection detected, which forces a security engineer to retest manually in Burp or similar tools. When a developer pushes code with new API endpoints added, the pipeline triggers a scan automatically.
Attack surface discovery is a very strong feature. Another useful aspect is scan management at scale. The integration ecosystem it has is also worth mentioning. The reporting and compliance outputs are often a practical advantage.
In my company, there are positive impacts. Acunetix gives a faster vulnerability detection cycle. Before adoption, security testing was often manual or periodic. After Acunetix came, scans run continuously or per deployment, and issues are caught in staging or CI/CD stages. The outcome is a shorter feedback loop between development and security.
Better handling of complex modern authentication flows would be an improvement. API discovery could be more adaptive. Performance impact on large-scale scans is a concern. False positives still exist in edge cases.
There are a few additional practical improvements areas that often come up in real-world usage, especially in mature security teams. Right now, vulnerability severity is mostly technical CVSS style scoring, but teams often want more context. Teams want to know what assets are revenue critical or low impact, and whether the vulnerable endpoint is internal facing or internet facing. Improved collaboration features for large teams would also be beneficial.
Acunetix is a very strong enterprise-grade scanner that significantly improves security coverage and efficiency, but it still works best when paired with skilled manual testing and good DevSecOps practices. Complex authentication flows still need tuning. Large scale scan optimization can take effort. Business logic vulnerabilities still require human testing.
I have been working in my current field for two and a half years.
Acunetix is stable in my experience and highly stable.
Acunetix handles growth in my company.
I have interacted with the support team, and they were very supportive and resolved all my issues within a fraction of seconds. The support team is very helpful.
The options that teams commonly used before Acunetix were Burp Suite and manual heavy testing. Many teams start with Burp Suite, which is very powerful but highly manual. Open source scanners like OWASP ZAP are also used for scanning and provide basic coverage.
A common deployment model is on-premises, which is very common in regulated environments. In my company, the setup is typically on-premises. Acunetix is installed on a dedicated VM or security server, connected to internal network segments with scans running against staging plus production replicas.
I am using only Acunetix and did not choose any other tools apart from before Acunetix.
Money was saved by using Acunetix. It is very helpful and has saved a lot of money from other tools.
Everything is perfect and good, including the pricing and all related aspects.
I have interacted with the support team, and they were very supportive and resolved all my issues within a fraction of seconds.
I advise that Acunetix is the best option. Invest time in proper initial configuration and scope definitions. The tool is powerful, but its effectiveness depends heavily on how the authenticated areas, scan policies, and excluded paths are defined. I would rate this review an 8.
Acunetix provides the benefit of saving time for an end user. I would not say it saves money because the cost and license of Acunetix is far more than what others offer. Acunetix charges according to the number of scans, but other solutions do not; you do not pay according to the number as it is unlimited. However, I appreciate the features that Acunetix has for the speed and the fact that it is in the cloud, which does not put any resources in my network. I can set up a scan, go to bed, come back and see the reports in my email. That is great.
I appreciate the upload function in Acunetix that allows me to upload so many targets at the same time in a CSV file. I also love the comprehensive reports that can generate a single report to capture all my scans, irrespective of the numbers. I appreciate the scheduling feature; when I want to schedule my scan, maybe weekly or quarterly, it scans and produces a report for me and sends it to my email. On the latest platform, Invicti, I appreciate the speed, which is quite fast, and the interface is also great.
The continuous scanning feature in Acunetix is one of the features I appreciate most because I can use it to schedule my scans and be notified if there are any changes. I can do comparative scans to know if I scan this Monday and send a report to my engineer, and they can do remediation. I can do comparison to know the aging of any vulnerability that has existed for a period of time. I can track what they have closed and what they have not closed within the relevant application scope.
Every product needs to do continuous improvements. For now, if Acunetix could help me do automatic penetration tests for my APIs, that would be beneficial. I could supply it with maybe a Swagger file or a JSON file, and Acunetix would pick it up, scan all the endpoints according to the OWASP Top Ten, and give me remediation and actionable remediation reports.
I have been working with Acunetix for as far as I can recall, maybe five to seven years now.
For stability, I would rate the product as an eight out of ten.
For scalability, I would also give it an eight out of ten.
I would rate technical support from the vendor as very good. Their customer support representative supports very well. Once I send an email, they respond quickly and without delay, so I would say they are quite supportive.
I have used a couple of vulnerability management solutions, such as InsightVM and Tenable's Tenable.io and Tenable.sc, before using Acunetix.
The initial setup for Acunetix is very simple because we use the cloud now, so we do not do any setup lately; just a sign-up.
I would say the pricing is average, but still, it is higher than low.
I use Acunetix and Burp Suite together and they are both quite good. I use them to validate one another. If I want to compare Acunetix, I could also compare it with some other penetration test assessment tools, such as the one by Invicti, Netsparker, which I used to love, but I do not know if it is still around.
I am still working with Acunetix, and we have even moved to their new platform, Invicti. I have requested a demo for Acunetix DeepScan technology, but I have yet to go through DeepScan. That was the next step we wanted to take right now. I have been speaking to the customer service team, and I would like to have a demo of Acunetix because right now we use Azure DevOps. I would have liked to see how it can be integrated with our Azure DevOps in the SaaS environment so it can be used as a task from the CI/CD pipeline. I met Acunetix through a reseller at my current workplace, who provided the quotation. Overall, I would give Acunetix an eight out of ten.
Acunetix has primarily been used for application security, and it has also been used for vulnerability management, though not as extensively because Qualys Guard Total Cloud solution was being used for scanning cloud assets.
Qualys Total Cloud was used to scan cloud assets. Earlier, when using CLI tools like Troller, there was not much visibility because the reporting section from the CLI tool was not that helpful. However, when using Qualys Guard, the Total Cloud offered advanced reporting features and had the option to share vulnerability reports directly via email, allowing the end participant's email address to be entered for automatic report delivery.
The crawling option in Acunetix is really good because whenever a scan is initiated, the crawling option provides good coverage about the vulnerabilities identified in the application. The attack option that comes after crawling is quite good. When the application is configured in authenticated scan mode with Acunetix, it provides good visibility about the security vulnerabilities in the application.
The experience with Qualys Total Cloud was really good, as when Qualys Guard was used to scan cloud security assets, it identified the vulnerabilities and helped differentiate between valid findings and invalid findings. Qualys Guard is called Total Cloud, which means cloud assets are scanned regardless of any environment, whether it is GCP, AWS, or Azure.
Improving the handling of false positives would be beneficial because it can be challenging to trust the findings flagged by Acunetix, and those findings must be manually validated. Sometimes the scanner shows a vulnerability count exceeding 100, and manually assessing the findings can be quite a challenge.
The main concern is related to false positives; Acunetix needs to work on identifying valid and invalid findings. While Checkmarx has very good coverage, its pricing is quite high. If Acunetix improves in handling false positives, it will make a significant impact in the security world.
Acunetix has been used for a long time, about five to six years, along with Netsparker and other automated scanners.
The experience has been pretty smooth without crashes, downtimes, or performance issues with Acunetix.
Acunetix is quite scalable.
The tech support from Invicti for Acunetix is really good. Whenever a support ticket is raised, their SLA is quite nice. For high-severity issues, they reach out within two to three hours, and for critical issues, a response is received within 15 minutes.
The tech support would be rated an eight out of ten.
Positive
As far as experience is concerned, only Checkmarx SAST tool has been worked on, and no other Checkmarx products like Checkmarx One are used.
Rapid7 Nexpose has been used, but no other Rapid7 products have been explored. Additionally, Qualys Guard and Qualys VMDR Vulnerability Management Detection Response solution have been worked on.
The setup process for Acunetix is not that complicated, and Acunetix support can always be reached out to. Whenever Acunetix is onboarded in the environment, the Acunetix team assists with the installation, making the setup quite easy.
The pricing cost is affordable for small and mid-sized organizations, and when compared to Checkmarx, it is significantly affordable, as Checkmarx is quite expensive.
The cost-effectiveness is really good because it comes under the budget of organizations looking to use automated scanners, which really helps and saves time.
Currently, work is being done with AWS cloud security and application security tools such as Burp Suite, and various automated scanners such as Netsparker and Acunetix are also being used, along with vulnerability scanning tools such as Nessus Professional and Rapid7 Nexpose.
Acunetix is good, even though there have been some issues related to false positives. Whenever an automated scanner like Netsparker or Acunetix is used, it takes time to run the scan. Once the scan is completed, the false positives flagged by the scan need to be identified. Acunetix is a good tool because if there is less time and the team needs to perform the security assessment, a manual assessment will take almost a week to assess a large application. However, when an automated scanner like Acunetix is used, the same task can be done within three to four days. Authenticated scans are usually preferred with any automated scanner like Acunetix because it provides much visibility about the application on which the scan is initiated, and the results from authenticated scans are very good compared to unauthenticated scans.
Acunetix was used recently, about three months ago.
Acunetix was not used for AWS because various other AWS solutions are available to determine the vulnerabilities for cloud, primarily using AWS Inspector to scan the AWS cloud. Security Hub is also used to measure cloud security posture management, so when it comes to scanning the cloud, AWS Inspector is primarily used.
Acunetix was hosted on the AWS cloud because when the application was scanned, it was not an on-premises solution; the applications hosted in AWS cloud were scanned using Acunetix.
The integration part has not been explored much because other tools are available, but Acunetix supports YAML files that can be used to integrate those scans into the CI/CD pipeline. However, Acunetix scans have not been integrated into the CI/CD pipeline.
The Acunetix network security component has not been used.
If there is less time to perform manual security assessments, Acunetix is a good option because if a manual security assessment takes almost a week, the same task with Acunetix can be completed within three to four days, which really saves time for the entire team. The results are faster and interactive reports generated by the dashboard can be shared. This helps improve the overall security posture.
The features present in Acunetix are quite good and serve the purpose well.
Acunetix is definitely recommended for scanning, and if someone asks whether they should use Acunetix to mitigate the threats identified in their applications hosted in AWS cloud, it would definitely be recommended.
When the continuous scan approach is used for security compliance, it really helps because the scan is not paused for any reason, like if the application goes down. With the continuous scan operation, the application is continuously assessed by the scan engine of Acunetix, and the results from the continuous scan feature are quite good. The continuous scanning feature has been used.
If an organization has 100 plus applications and wants to use an automated scanner, they should definitely go ahead with Acunetix because it is very cost-effective and will save time compared to focusing on other solutions and performing manual security assessments.
The recommendation for other organizations considering Acunetix depends upon their requirements.
This review has been given a rating of 7 out of 10.
I have been using Acunetix for more than five years, as I used it in both my previous company and my current company.
My day-to-day use of Acunetix involves scanning web applications, scanning multiple files, and conducting gray-box scanning of the applications to identify any automated issues related to outdated libraries.
I rely primarily on Acunetix for bulk scanning of multiple web applications, which includes gray-box and white-box assessments as well as black-box assessments of web applications in terms of security.
One specific example of a recent assessment I did with Acunetix involved a large customer-facing application with many modules and functionalities that cannot be done manually, so it was very efficient; we included active scanning of Acunetix through gray-box credentials and identified a few vulnerabilities that were not found manually.
The best feature Acunetix offers is the centralized dashboard and the quality of reports it generates, which includes various options for selecting reports and developer options for directly sharing the reports with developers.
The centralized dashboard of Acunetix gives visibility into the security aspects of mass applications; for instance, with more than 200 applications, it provides a valuable overview of findings and necessary fixes, along with a high-level summary that helps us achieve compliance through monthly and sometimes weekly scanning.
In terms of reporting, Acunetix is excellent because it can generate different types of reports, such as an executive summary report, detailed reports, and developer reports that can be shared directly with developers.
Acunetix positively impacts my organization by helping identify outdated libraries and applications, including legacy applications vulnerable to old attacks based on OWASP Top 10, thus aiding in compliance checks for PCI DSS and OWASP.
Acunetix provides a centralized report with compliance-related aspects and a vulnerability timeline, effectively helping reduce vulnerabilities and save time.
I believe Acunetix can improve customer support, as the dedicated support staff are often unfamiliar with problems and troubleshooting, leading to communication gaps that delay issue resolution.
Regarding the needed improvements, I find that there are too many duplicate findings in reports; for example, if there are numerous XSS vulnerabilities reported, they are shown individually instead of being grouped together.
I have been working in my current field for more than eight years.
Acunetix is pretty stable in my experience.
Acunetix can handle increasing workloads and more applications easily.
Acunetix customer support responds on time, but resolution can take longer due to involving stakeholders who are not relevant and the support staff not being familiar with the problem.
Before Acunetix, we used a different solution called ImmuniWeb, which did not provide good findings or customer support, prompting the switch.
I have seen a return on investment, as Acunetix helps reduce the man-days and effort needed for scanning bulk applications through automated assessments, allowing good dashboard visualization that can be reported easily to management, providing complete visibility on vulnerability metrics.
In terms of pricing, setup cost, and licensing, I find it good and not overpriced, plus there are discounts offered.
My advice for those looking into using Acunetix is to utilize it effectively due to its good features, especially its APIs and other functionalities. My company does not have a business relationship with this vendor beyond being a customer. I would rate this review as a seven out of ten.