Identifies vulnerabilities across bulk web applications but needs better support and cleaner reports
What is our primary use case?
I have been using Acunetix for more than five years, as I used it in both my previous company and my current company.
My day-to-day use of Acunetix involves scanning web applications, scanning multiple files, and conducting gray-box scanning of the applications to identify any automated issues related to outdated libraries.
I rely primarily on Acunetix for bulk scanning of multiple web applications, which includes gray-box and white-box assessments as well as black-box assessments of web applications in terms of security.
One specific example of a recent assessment I did with Acunetix involved a large customer-facing application with many modules and functionalities that cannot be done manually, so it was very efficient; we included active scanning of Acunetix through gray-box credentials and identified a few vulnerabilities that were not found manually.
What is most valuable?
The best feature Acunetix offers is the centralized dashboard and the quality of reports it generates, which includes various options for selecting reports and developer options for directly sharing the reports with developers.
The centralized dashboard of Acunetix gives visibility into the security aspects of mass applications; for instance, with more than 200 applications, it provides a valuable overview of findings and necessary fixes, along with a high-level summary that helps us achieve compliance through monthly and sometimes weekly scanning.
In terms of reporting, Acunetix is excellent because it can generate different types of reports, such as an executive summary report, detailed reports, and developer reports that can be shared directly with developers.
Acunetix positively impacts my organization by helping identify outdated libraries and applications, including legacy applications vulnerable to old attacks based on OWASP Top 10, thus aiding in compliance checks for PCI DSS and OWASP.
Acunetix provides a centralized report with compliance-related aspects and a vulnerability timeline, effectively helping reduce vulnerabilities and save time.
What needs improvement?
I believe Acunetix can improve customer support, as the dedicated support staff are often unfamiliar with problems and troubleshooting, leading to communication gaps that delay issue resolution.
Regarding the needed improvements, I find that there are too many duplicate findings in reports; for example, if there are numerous XSS vulnerabilities reported, they are shown individually instead of being grouped together.
For how long have I used the solution?
I have been working in my current field for more than eight years.
What do I think about the stability of the solution?
Acunetix is pretty stable in my experience.
What do I think about the scalability of the solution?
Acunetix can handle increasing workloads and more applications easily.
How are customer service and support?
Acunetix customer support responds on time, but resolution can take longer due to involving stakeholders who are not relevant and the support staff not being familiar with the problem.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
Before Acunetix, we used a different solution called ImmuniWeb, which did not provide good findings or customer support, prompting the switch.
What was our ROI?
I have seen a return on investment, as Acunetix helps reduce the man-days and effort needed for scanning bulk applications through automated assessments, allowing good dashboard visualization that can be reported easily to management, providing complete visibility on vulnerability metrics.
What's my experience with pricing, setup cost, and licensing?
In terms of pricing, setup cost, and licensing, I find it good and not overpriced, plus there are discounts offered.
Which other solutions did I evaluate?
We evaluated several options, including Checkmarx, Acunetix, Burp Suite, and ImmuniWeb before making our choice.
What other advice do I have?
My advice for those looking into using Acunetix is to utilize it effectively due to its good features, especially its APIs and other functionalities. My company does not have a business relationship with this vendor beyond being a customer. I would rate this review as a seven out of ten.
Comprehensive and Reliable Web Vulnerability Scanner
What do you like best about the product?
Acunetix delivers precise and rapid vulnerability scanning through an intuitive interface. The platform generates comprehensive reports and offers prompt remediation guidance, ensuring thorough coverage for both web applications and APIs. This makes the process of conducting security assessments efficient and dependable.
What do you dislike about the product?
At times, scans can be quite resource-intensive and may take longer to complete when working with large applications. Additionally, I feel that the pricing structure could be more accommodating, especially for smaller teams or projects with a limited scope.
What problems is the product solving and how is that benefiting you?
Acunetix assists in detecting and addressing security vulnerabilities such as SQL injection, XSS, and misconfigurations early in the development process. By automating routine web application scans, it enhances our overall security posture and helps us save time.
Powerful Scanning, But Setup Can Be Complex for Beginners
What do you like best about the product?
Acunetix by Invicti provides accurate and fast vulnerability scanning with minimal false positives. I like how easy it is to integrate into CI/CD pipelines for automated security testing.
What do you dislike about the product?
While Acunetix is a powerful tool, the initial setup and scan configuration can feel a bit complex for first-time users.
What problems is the product solving and how is that benefiting you?
Acunetix by Invicti helps us identify and remediate web application vulnerabilities early in the development cycle. It automates vulnerability scanning for issues like SQL injection
User-Friendly and Accurate, But Room for Further Impressions
What do you like best about the product?
This is a very good product that is also user-friendly. Its accuracy in finding vulnerabilities is impressive.
What do you dislike about the product?
Nothing as of now, no any issue on the product
What problems is the product solving and how is that benefiting you?
Need to work to reduce the false positives and need a integration or inbuilt Gen AI for latest threats
Effortless Vulnerability Detection That Fits Seamlessly into DevSecOps
What do you like best about the product?
What I like best about Acunetix by Invicti is how seamlessly it combines powerful vulnerability detection with ease of use. It’s not just another security scanner — it’s an intelligent, automated tool that feels built for both developers and security professionals. The way it quickly identifies and prioritizes critical vulnerabilities like SQL injection, XSS, and misconfigurations across websites and APIs saves a huge amount of manual effort. The clean, intuitive dashboard makes interpreting scan results straightforward, and the detailed remediation guidance helps teams actually fix issues rather than just list them. Plus, its integration with CI/CD pipelines and issue trackers like Jira fits perfectly into a modern DevSecOps workflow, making security testing feel like a natural part of development instead of a separate burden.
What do you dislike about the product?
What I dislike about Acunetix by Invicti is that, despite its powerful capabilities, it can sometimes feel resource-intensive and time-consuming, especially during deep scans of large or complex web applications. The scans can slow down systems or take longer than expected, which might interrupt normal workflows. Additionally, while the tool provides a lot of valuable data, the volume of findings can be overwhelming, and filtering out false positives requires manual effort and experience. The pricing can also be on the higher side for smaller organizations or startups, which limits accessibility. Lastly, although it integrates well with other tools, setting up and fine-tuning these integrations for the first time can take some technical know-how and patience.
What problems is the product solving and how is that benefiting you?
Acunetix by Invicti is solving the critical problem of identifying and mitigating web application vulnerabilities before attackers can exploit them. In today’s digital landscape, where websites and APIs are prime targets, Acunetix helps by automatically scanning for weaknesses like SQL injections, cross-site scripting (XSS), insecure server configurations, and outdated components. What makes it especially beneficial is how it provides accurate, actionable insights rather than just raw data — helping security teams and developers understand where the issues lie and how to fix them efficiently. For me, this translates to saved time, stronger security posture, and peace of mind, knowing that potential threats are caught early in the development cycle. Its integration with DevOps tools also ensures that security becomes part of the continuous delivery process, reducing the risk of vulnerabilities making it into production and helping maintain compliance with security standards.
Has enabled teams to improve security testing with smooth integration and high accuracy
What is our primary use case?
Most of the customers who use Acunetix are looking for security testing. The primary use case is performing penetration testing.
The main use cases include vulnerability scanning, security testing, penetration testing, PCI DSS reporting, and multi-user environment support, which excels in SQL injection and cross-site scripting detection.
What is most valuable?
Acunetix has a very good ratio of fewer false positives, so users don't need to retest everything.
Acunetix operates smoothly with no interruptions required, and it performs at 100% efficiency without issues in scanning anything.
The solution is excellent at detecting SQL injection and cross-site scripting vulnerabilities.
Acunetix integrates with every type of tool, including CI/CD tools, offering 100% integration in DevOps environments.
The main benefit of Acunetix is that at the first level, users can address security issues related to penetration testing, allowing them to expose vulnerabilities and ensure all required testing is completed with very few false positives.
What needs improvement?
Acunetix should improve by further reducing false positives and providing more customized reports, plus better integration with newer tools such as GitHub and Azure DevOps.
For how long have I used the solution?
I have been working with Acunetix for almost seven to eight years.
What was my experience with deployment of the solution?
The setup is straightforward, with nothing difficult in Acunetix.
What do I think about the stability of the solution?
Acunetix is a stable solution.
What do I think about the scalability of the solution?
For scalability, Acunetix easily scales for larger environments and larger systems.
How are customer service and support?
Invectis Support provides good service when contacted.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I have more experience with IBM products, specifically IBM QRadar.
How was the initial setup?
The deployment, installation, and training take approximately two to three days.
What was our ROI?
Every second customer sees ROI with Acunetix.
What other advice do I have?
Acunetix supports multi-user environments effectively.
Acunetix is targeted for small to mid-size teams in a DevSecOps environment, making it the best choice for small and mid-size companies, offering a friendly interface, support for CI/CD, and excellent vulnerability scanning capabilities.
On a scale of 1 to 10, I rate Acunetix 9 out of 10.
They won't back their support or product.
What do you like best about the product?
The platform itself is good and produces exhaustive reports. They've helped us navigate compliance and security initiatives adequately.
What do you dislike about the product?
I cannot recommend Acunetix due to several concerning issues with both their product and business practices.
The sales process has become increasingly intricate, characterized by significant annual price increases and constantly changing target definitions. Their licensing model has also become more restrictive - once you scan a website, its URL is permanently locked to your license, unlike the more flexible approach when we first became customers.
A major technical issue emerged recently when the programmable login sequence functionality stopped working entirely. The timing was particularly problematic as it coincided with our renewal. Despite this critical feature being broken, Acunetix expected us to commit to renewal without any assurance of a resolution. When we proposed a conditional renewal with the possibility of a refund if their support team couldn't resolve the login issues, management flatly rejected our request.
Their response - "reached out to management about your request and it's not something we would be able to offer" - demonstrates a concerning lack of customer support and flexibility in addressing legitimate technical concerns.
This combination of aggressive pricing strategies, inflexible licensing, technical failures, and poor customer service has significantly diminished the value proposition of their product.
What problems is the product solving and how is that benefiting you?
We use it to perform pen tests for our singular SaaS application between milestone releases.
Identifies vulnerabilities effectively while needing partner collaboration improvements
What is our primary use case?
I typically use
Acunetix to identify vulnerabilities for clients.
What is most valuable?
The features of
Acunetix have proved most effective in identifying vulnerabilities. I find the false positives to be a notable aspect. Additionally, with its impressive capabilities, Acunetix offers several options for deployment. I can use it both on the cloud and on-premises, which provides flexibility. Its most valuable role is in enhancing security by identifying potential vulnerabilities efficiently.
What needs improvement?
Acunetix should focus more on partners for improvement.
For how long have I used the solution?
I have used Acunetix for approximately 30 minutes.
What was my experience with deployment of the solution?
There were no major issues during deployment, and it takes about 30 minutes to deploy.
What do I think about the stability of the solution?
I rate its stability six out of ten.
What do I think about the scalability of the solution?
The scalability of Acunetix is rated seven out of 10.
How are customer service and support?
The technical support from Acunetix is quite good, and I rate it eight out of 10.
How would you rate customer service and support?
How was the initial setup?
The initial setup of Acunetix is quite straightforward.
What was our ROI?
There have been improvements in security posture since using Acunetix.
What's my experience with pricing, setup cost, and licensing?
The pricing of Acunetix is pretty expensive and could be improved.
What other advice do I have?
I would recommend Acunetix to others. Overall, I rate this solution seven out of ten.
Acunetix for API security
What do you like best about the product?
Integration into Development workflows, broad api vulnerability coverage, automated and proof based scans and ease of use and implementaion with good UI.
What do you dislike about the product?
Customer support issues with more detailed technical issues, cost involving the frequency of use.
What problems is the product solving and how is that benefiting you?
Help discover security vulnerabilities.
Help secure API's.
Help integration in pipelines.
Benifits: Increased efficiency, sacalability and security.
Comprehensive tool with manual intervention support for web applications
What is our primary use case?
I use Acunetix for penetration testing purposes. This is the primary use case.
What is most valuable?
I mainly configure the tool for web applications, and I evaluate all products on the market. I find it to be one of the most comprehensive tools, with support for manual intervention. It offers support for specific scenarios like CAPTCHA and supports the ability to manage actions and updates from the internet.
What needs improvement?
I have experienced some problems yet can't recall the details. There was an issue related to updates from the internet, however, the support program was helpful in addressing it.
For how long have I used the solution?
I am an ongoing customer.
What do I think about the stability of the solution?
The solution is generally stable, however, there might be room for improvement regarding glitches or bugs.
What do I think about the scalability of the solution?
I don't fully understand the scalability features. Overall, it is adequate for our use case.
How are customer service and support?
The technical support from Invicti is very good and fast. I am highly satisfied with the response time and quality of support.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I use Invicti for application security testing.
How was the initial setup?
One person is enough for the installation.
What was our ROI?
The tool is helpful for us. It saves a significant amount of time by covering attack surfaces.
What's my experience with pricing, setup cost, and licensing?
We secured a special licensing model for penetration testing companies, which is cost-effective.
Which other solutions did I evaluate?
I can see Burp Suite as an alternative.
What other advice do I have?
I rate the overall solution nine out of ten. I prefer Acunetix for its more precise and accurate results.
