We are a consultant company.
Invicti
Invicti SecurityExternal reviews
113 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Acunetix is an easy to use, cost-effective DAST solution
What do you like best about the product?
Acunetix has a user-friendly UI, is easy to configure and run and produces reliable results.
What do you dislike about the product?
The licensing model is not as granular as it could be which means that planning is needed for scaling up or down.
What problems is the product solving and how is that benefiting you?
The need to assess the security of new applications developed within the organisation.
Provides proof of exploit, gives the specific code affected and enables a shift-left approach in the development process
What is our primary use case?
How has it helped my organization?
Just by scanning, Acunetix provides proof of exploit and gives the specific code affected. You can also see a categorized list of vulnerabilities. From there, you can easily create a report.
It integrates with multiple tools in the CI/CD pipeline, like Jira and web application firewalls.
Acunetix automation improved our customer's security testing process. By integrating with CI/CD tools, it enables a shift-left approach in the development process. This helps find vulnerabilities earlier rather than after the application is published.
What is most valuable?
The interactive transaction feature is a winning point for us. It's a great selling point. Also, the ability to provide an inventory of currently used APIs is very helpful.
What needs improvement?
There is room for improvement in the pricing.
Tenable is better integrated and offers many tools in a bundle. I would like to see the same thing in Acunetix. Otherwise, I'm satisfied with Acunetix's performance.
For how long have I used the solution?
I have been using it for three years.
What do I think about the scalability of the solution?
We propose this product for smaller or bigger businesses.
But mostly to bigger enterprises. It's because of the reputation it has with bigger companies.
How are customer service and support?
Acunetix provides good support. No complaints.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Acunetix stands out with its metrics, features, and Proof of Exploit. Other solutions we've used don't have those.
There is also Tenable.io Web App Scanning. Tenable's advantage is how it handles vulnerability management. For example, if you have Ansible vulnerability management, you can see both sets of information in a single pane. The only other difference might be pricing, but I'm not entirely sure about that.
How was the initial setup?
The initial setup is straightforward. Considering everything is in place, it will take about two weeks.
What about the implementation team?
We usually help our customers implement the product.
What's my experience with pricing, setup cost, and licensing?
The price is reasonable. We don't have many complaints from customers.
What other advice do I have?
I would recommend Acunetix to others for their web vulnerability scanning needs.
Overall, I would rate it a nine out of ten.
Easy to use and helps scan for vulnerabilities, but the deployment process is difficult, and the support must be improved
What is most valuable?
The product is really easy to use. It is a useful product. If you are a security engineer and don't have experience in the tool, you can learn it quickly. We are using Acunetix on our XDR process. We use it to scan applications and create reports for the developers. We use the scheduler to schedule scans. We can use a scan simulation to see whether the connection is established correctly. We can see where the issue is. It is great because we can find the bugs. We can create authenticated scans.
What needs improvement?
The deployment process must be improved. It is difficult to create a proxy connection.
For how long have I used the solution?
I have been using the solution for five years.
How are customer service and support?
The support is not perfect. The support could be improved. I often have to write to managers to push things.
How would you rate customer service and support?
Neutral
How was the initial setup?
I work with on-premise and on-the-cloud products. I faced a huge problem when I tried to install cloud agents. We needed a proxy connection, but Acunetix had a problem creating the connection. I worked with the support for a month. It started working, but the agent caused the bug.
Which other solutions did I evaluate?
I have used Snyk, Qualys, and Tenable. I have worked with other tools that are more helpful and have more functionality than Acunetix. Acunetix is suitable for small companies.
What other advice do I have?
We use Acunetix via API with our bucket. When developers try to push some part of the code, Acunetix is used to analyze the vulnerabilities. The integration of Acunetix with Jira and other buckets is easy. Acunetix is not very different from the other vulnerability scanners. It is not the best solution. The connection is via API. We get the link and change the token between the connections. The integration is not easy, but it's not hard. Bigger companies with a lot of developers can get better tools. Overall, I rate the tool a six or seven out of ten.
Provides web application testing and identify security risks
What is our primary use case?
We use the solution for web application testing.
What is most valuable?
The solution identify security risks.
What needs improvement?
There could be extensions that help us perform test cases related to AI bots or element-based testing. Implementing such extensions internally could be beneficial for enhancing the testing capabilities.
Sometimes it takes too much time to complete, maybe because the application is huge or we have not properly configured the scan settings. Due to these challenges, the scan often stops in between.
For how long have I used the solution?
I have been using Acunetix for seven years.
What do I think about the stability of the solution?
The product is stable.
I rate the solution’s stability a ten out of ten.
What do I think about the scalability of the solution?
The scalability depends on the license that we avail. I rate the solution’s scalability a nine or ten out of ten.
How are customer service and support?
Customer support is helpful, but sometimes the response are a bit delayed. They respond within 24 hours.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup is straightforward and takes an hour to complete.
What's my experience with pricing, setup cost, and licensing?
The product pricing is average.
I rate the product’s pricing a five out of ten, where one is cheap and ten is expensive.
What other advice do I have?
I recommend the solution as we didn't have some specific extensions for any failure testing and SSO related testing.
Overall, I rate the solution an eight out of ten.
Great when it works but tool can be quite buggy
What do you like best about the product?
Reporting functionality options and results are great
What do you dislike about the product?
There always seem to be an issue with scans, 90% of scans have some sort of error. Mainly with the login sequence despite validating that credntials are correct.
What problems is the product solving and how is that benefiting you?
We rely on Acunetix to help identify vulnerabilities in our applications before releasing the apps to the public, thus trying to limit our threat landscape.
Good product for scans, "target" licensing model is terrible! - Buyer beware
What do you like best about the product?
Good OWASP scans and reports and automation and great product other than the licensing.
What do you dislike about the product?
Their licensing model is the worst I have ever used! They sell you target URLs committed by annual contract, but if a user deletes a target from the UI and tries to replace it with another because something changed in your business model, that target license is unusable until the next annual renewal. You can't even add back in the URL you removed. I can understand a hold period like a month to prevent license swapping, but mixing a consumption model, and a subscription model is ridiculous!!! And if you want to add licenses to cover the interim, you can't. You have to extend to your entire current term. And this little nugget is only buried in the help file about adding new scan target URLs. We use the 360 product.
What problems is the product solving and how is that benefiting you?
Regular OWASP scans for security compliance.
Helps to scan web applications but needs to include agent analysis
What is our primary use case?
We use the product for dynamic analysis. It also helps us to scan web applications.
What is most valuable?
The tool's most valuable feature is scan configurations. We use it for external physical applications. The scanning time depends on the application's code.
What needs improvement?
Acunetix needs to include agent analysis.
For how long have I used the solution?
I have been using the product for four years.
What do I think about the stability of the solution?
I rate the tool's stability a nine out of ten.
What do I think about the scalability of the solution?
I rate Acunetix's scalability a seven out of ten. My company has five to four users.
How was the initial setup?
I rate the tool's deployment a nine out of ten.
What was our ROI?
We have seen good ROI with the tool's use.
What other advice do I have?
Acunetix is good and helps to scan properly. I rate it a nine out of ten.
Comes with good performance but pricing is expensive
What is our primary use case?
We use the product for application security.
What is most valuable?
The tool's most valuable feature is performance.
What needs improvement?
Acunetix needs to improve its cost.
For how long have I used the solution?
I have been using the product for a year.
What do I think about the stability of the solution?
The tool is stable.
What do I think about the scalability of the solution?
Acunetix is scalable.
How are customer service and support?
The tool's support is good.
How would you rate customer service and support?
Positive
What other advice do I have?
I rate the product a nine out of ten.
Scalable and efficient web security and vulnerability management
What is our primary use case?
It is top-rated and widely employed for conducting security assessments on networks, websites, and applications. It is considered the gold standard for evaluating security measures and identifying vulnerabilities in websites, networks, and applications. The tool's extensive capabilities make it a go-to choice for ensuring security. It is renowned for its comprehensive scanning and assessment of networks and websites, but it is also known for its significant cost, particularly for deploying it on large clusters.
What is most valuable?
One of its primary features is its ability to offer automated solutions for application security. It comes equipped with an internal applicator, which automatically identifies and addresses vulnerabilities within the program. It then provides insights on how to rectify these issues, even showcasing the payloads and other relevant information in the report. Occasionally, it may generate some false positives, but for the most part, it delivers reports that are approximately 80% accurate. This allows users to manually test the function and ascertain its functionality. It also allows for communication with external entities, vendors, and servers used by the application. This information encompasses server hosting details, the status of open or closed ports, and insights into Indian Palantir, among others. These features make it an invaluable resource for those seeking to comprehensively understand their website's infrastructure and potential vulnerabilities.
What needs improvement?
The initial concern that comes to mind is the cost as the pricing structure is significantly high, especially for the average user. It amounts to approximately $2,000 per year, excluding additional expenses. There's a clear need for a reduction in pricing to make the service more accessible. Another critical enhancement should focus on the tool's ability to bypass Web Application Firewalls. Currently, it falls short in this aspect, which can be a significant limitation.
For how long have I used the solution?
I have been working with it for nine years now.
What do I think about the stability of the solution?
It provides good stability abilities.
What do I think about the scalability of the solution?
It offers excellent scalability capabilities. You have the flexibility to adjust your usage based on workload demands and it becomes a valuable and frequently used tool to accommodate the increased workload when multiple projects come in. I would rate it nine out of ten.
How are customer service and support?
I am not very satisfied with the customer support they provide. It tends to be quite time-consuming. When I raised a ticket seeking assistance with a simple issue, their response time was notably delayed. They mentioned having a backlog of inquiries, and it took a while for them to address my specific question. There seems to be a disconnect between the amount of money they charge for their support services and the level of support they provide.
How would you rate customer service and support?
Neutral
How was the initial setup?
The initial setup was straightforward. I would rate it nine out of ten.
What about the implementation team?
You can easily download the application and install it on your desktop. The setup algorithm simplifies the application installation on your computer, it automatically configures itself on your system, eliminating the need for any manual configuration. It's a quick and hassle-free installation, taking just about five minutes to set up and configure. The deployment management is quite efficient and it can be handled by a single individual.
What's my experience with pricing, setup cost, and licensing?
The price is exceptionally high. They offer various categories of services, but the problem lies in the lack of transparency. Before purchasing, they don't clearly outline the available versions or their limitations, and they don't display their pricing on the website. They should have a standardized pricing structure readily available on their website for all potential users to see. This lack of pricing information is a rarity and an issue that needs to be addressed.
What other advice do I have?
To effectively utilize this tool on a monthly basis, users must possess a certain level of expertise. It is crucial that individuals who wish to employ this tool have experience in both programming and networking to make the most of its functionalities. I would rate it eight out of ten.
Helps to scan vulnerabilities like SQL injunctions but not recommended for dynamic scanning
What is our primary use case?
We use the solution for the scanning of vulnerabilities like SQL injections.
What needs improvement?
Acunetix needs to be dynamic with JavaScript code, unlike Netsparker which can scan complex agents.
For how long have I used the solution?
I have been working with the solution for three years.
What do I think about the stability of the solution?
Acunetix is very stable.
What do I think about the scalability of the solution?
The solution is scalable if you use the cloud version. You will face limitations with RAM and processor on the desktop.
How are customer service and support?
We have not faced any issues to complain about.
Which solution did I use previously and why did I switch?
I have used Netsparker before.
How was the initial setup?
Acunetix is easy to install and took only two minutes to deploy. For desktop applications, you need to download an EXE file. Deployment over the cloud requires API.
What other advice do I have?
I would rate Acunetix an eight out of ten. I don't recommend it for dynamic websites. It is recommended for static pages.
showing 11 - 20