Acunetix

Acunetix

All-in-one automated web application security solution

4.5/5 (33 reviews)

Acunetix Overview

What is Acunetix?

Acunetix is a cyber security and web vulnerability scanner solution offering automatic web security testing technology that enables organizations to scan and audit complex, authenticated, HTML5 and JavaScript-heavy websites. Acunetix provides the ability to detect over 6,500 web vulnerabilities such as XSS, XXE, SSRF, SQL Injection, host header injection, and more, which can compromise the company’s website and data.

Acunetix’s vulnerability scanner helps accurately detect critical web application vulnerabilities, including open-source software and custom-built applications. The solution’s innovative technologies include DeepScan, which enables the crawling of AJAX-heavy client-side SPAs (single page applications), AcuSensor, which combines black box scanning techniques with feedback from sensors placed in the source code, as well as SQL injection and cross-site scripting testing. Acunetix also has the ability to scan WordPress installations for over 1000 known vulnerabilities in the platform’s core, plugins, and themes, while the login sequence recorder tool automates the scanning of complex password protected areas.

A combination of black-box and white-box testing helps enhance a scan’s detection rate, and helps reduce false positive rates, along with the automatic verification of several high-severity vulnerabilities. Line of code visibility indicates which is the vulnerable line of code, pinpointing what needs to be fixed, and where. Acunetix also scans perimeter network services to help avoid any data breaches, and tests networks for vulnerabilities and misconfigurations. Advanced features include manual penetration testing tools, automatic web application firewall (WAF) configuration, and a REST API to integrate Acunetix into other custom workflows and processes.

Acunetix Overview

Pricing

Starting from
US$6,995.00

Pricing options

Free Trial
Subscription
Value for money

Enterprise Online: starting at $6,995

Standard On Premise: starting at $6,995

Enterprise On Premise: starting at $4,495

Enterprise Plus: contact Acunetix. (20+ website targets)


Acunetix Features

Devices
Business size
S M L
Markets
Asia, Australia, Brazil, Canada, Europe and 5 others, Germany, India, Japan, Latin America, Mexico
Supported Languages
English

Screenshots

Acunetix screenshot: Detect web application vulnerabilities with accuracy
Acunetix screenshot: Detect web application vulnerabilities with accuracy Acunetix screenshot: Acunetix provides a fast, multi-threaded crawler and scanner that can crawl hundreds of thousands of pages without interruptions Acunetix screenshot: AcuSensor Technology for .NET, PHP and JAVA enhances a regular dynamic scan through the deployment of sensors inside the source code Acunetix screenshot: AcuSensor indicates the vulnerable line of code for several high-severity vulnerabilities and reports additional debug information Acunetix screenshot: Reports allow users to share security findings internally with management and with regulatory bodies Acunetix screenshot: Acunetix checks for a number of possible WordPress configurations, username enumerations, and more Acunetix screenshot: Acunetix scans the network for vulnerabilities and presents results inside the online dashboard, from where a network security report can be easily generated Acunetix screenshot: Manually test web applications for logical flaws using manual penetration testing tools

Acunetix Reviews

Acunetix Reviews

Overall rating
4.5
/
5 33 reviews
Excellent
20

Very good
10

Average
3

Poor
0

Terrible
0

Value for Money
4.1
Features
4.3
Ease of Use
4.5
Customer Support
4.3
91% recommended this app
Zuzana B.

Full analysis of possible vulnerabilities to our website.

It is one of the tools widely used in the detection of vulnerabilities, one of the reasons why it applies for speed in terms of the analysis as well as the report presented which allows taking the necessary actions to correct these vulnerabilities.


Juho W.

The guarantee of safety

The only thing about using the Acunetix is takin it seriously and really use the instructions it gives you. The reporting system sends the instructions of providing complete security to your documents and all you have to do is to follow those instructions.


Verified Reviewer

Simple, but very powerful web vunlerability scanner

Good thing for a web application pentesting, can give You insight of a present vulnerabilities. Would recommend using in tandem with infrastructure scanner (like Nessus) to create a complete testing solution. Also presence of continous scanning and scheduler could be used for a regular security assesment of Your web applications.


Verified Reviewer

Ok tool, but fix your business model and add more settings to the interface

Continuation of the cons section (number of chars was limited).

* Settings are sometimes unclear, an info icon with a popup would be nice.

Example 1: In the "Site Structure" of a scan it is possible to press "exclude", does it exlude the path from futre scans? If so why don't I see anything in the target settings? Or does "exlude" exclude vulnerabilities from the report? BTW after pressing exlude I'm not able to "include" it again.

Example 2: "scan speed", how many threads per setting are we talking about?

* Would definitly like to get some more feedback from scans directly in the interface, what is it doing, why did it fail, did all the "allowed hosts" got scanned etc. I know you can debug a target, but this is not what I mean.


Verified Reviewer

Easy to setup, nice results

As a scanner it is quite good, relevant and well described findings, so far no false positives. Following an initial trial and PoC with couple of competitors, Acunetix had the best features, most suitable licensing model, good support, so we purchased a three year license. However, at some point, it all changed. The license became based on other criteria, the testing and verification tools were removed, there is no support or way of reverting to a previous version, after you realise that the changes introduced and making the software unusable or insufficient. Overall, unless there are guarantees that it won't happen again, I will be very reluctant to renew.


Zuzana B.
Industry: Information Technology & Services
Company size: 501-1,000 Employees

Full analysis of possible vulnerabilities to our website.

Used Weekly for 1+ year
Reviewed on 21/11/2019
Review Source: Capterra

It is one of the tools widely used in the detection of vulnerabilities, one of the reasons why it applies for speed in terms of the analysis as well as the report presented which allows taking the necessary actions to correct these vulnerabilities.

Pros

This program performs a complete scan of the entire website in such a way that it inspects the possible vulnerabilities that our website may have, basically tracks the entire infrastructure of the website and after this provides a detailed report so it also avoids false positives. and gives the possible indications that should be applied to avoid the vulnerabilities that arise.

Cons

It is one of the best options that should not be implemented, since website security is a very important aspect for the client.

Response from Acunetix

Thank you for your review of the Acunetix product, we appreciate your time and are delighted to be of service to your company!
We would be grateful if you would agree to a case study write up, please let me know.

Kind Regards

Rating breakdown

Value for Money
Ease of Use
Customer Support

Likelihood to recommend: 9.0/10

Juho W.
Industry: Information Services
Company size: 5,001-10,000 Employees

The guarantee of safety

Used Daily for 1+ year
Reviewed on 11/03/2019
Review Source: Capterra

The only thing about using the Acunetix is takin it seriously and really use the instructions it gives you. The reporting system sends the instructions of providing complete security to your documents and all you have to do is to follow those instructions.

Pros

The unique thing about the program which makes it distinguish among the many other programs of this type is the security system. Overtime you add a document to your profile the program analyzes the risks of the document to be stolen and creates a kind of the special defense for this particular document.
This way, the program not only provides the user with the incredibly convenient service and saves his or her time, but also prevents from losing money and getting stressed. It is hard to imagine a scanner to be that universal. The Acunetix can easily cope with documents of any format and keeps everything you are working with really secure so that the really important documents or the catching fire ideas are totally under your control, there is no need to worry.

Cons

The only inconvenient thing about the Acunetix is something the people call «Overprotection». Once you are signed in the security system is on and covers not only the documents dowloaded to the program, but it also washes every activity you might possibly do in the Internet and regularly sends you the warning alerts about the unsecured websites.

Response from Acunetix

Thank you for your review. Your feedback is very important to us.

Rating breakdown

Value for Money
Ease of Use
Customer Support

Likelihood to recommend: 8.0/10

Verified Reviewer
Industry: Information Technology & Services
Company size: 201-500 Employees

Simple, but very powerful web vunlerability scanner

Used Weekly for 6-12 months
Reviewed on 13/08/2018
Review Source: Capterra

Good thing for a web application pentesting, can give You insight of a present vulnerabilities. Would recommend using in tandem with infrastructure scanner (like Nessus) to create a complete testing solution. Also presence of continous scanning and scheduler could be used for a regular security assesment of Your web applications.

Pros

Ease of use, good customer support, very insightful reports (especially Developer raport), good vulnerability management. Also continous scanning option is an interesting thing for having continous security awareness of Your vulnerability level. Also login sequence recorder is an awesome tool.

Cons

Not a lot of scan options to configure - especially in comparison to Nessus - every check is done in default, You can't choose specifically which test is done in selected scan, only the type of scan (full, high-risk vulnerabilities, xss, sqli, weak passwords, crawl only ) or technology in which the scanned web app is written.

Response from Acunetix

Thank you for your feedback ¿ we¿re glad that Acuneix is working for you.

Regarding your comment about choosing what to scan for ¿ you can already do this in Acunetix, although the feature is slightly hidden away in Settings > Scan Types. Here you can create your own custom Scan Types, and you will be able to choose which vulnerabilities to check for. When creating a new custom Scan Type, you can filter the vulnerability checks from the top right hand corner of the page.

Remember that you can also easily retest for a specific vulnerability identified in a previous scan.

Rating breakdown

Value for Money
Ease of Use
Customer Support

Likelihood to recommend: 8.0/10

Verified Reviewer
Industry: Computer & Network Security
Company size: 13-50 Employees

Ok tool, but fix your business model and add more settings to the interface

Used Daily for 2+ years
Reviewed on 17/08/2018
Review Source: Capterra

Continuation of the cons section (number of chars was limited).

* Settings are sometimes unclear, an info icon with a popup would be nice.

Example 1: In the "Site Structure" of a scan it is possible to press "exclude", does it exlude the path from futre scans? If so why don't I see anything in the target settings? Or does "exlude" exclude vulnerabilities from the report? BTW after pressing exlude I'm not able to "include" it again.

Example 2: "scan speed", how many threads per setting are we talking about?

* Would definitly like to get some more feedback from scans directly in the interface, what is it doing, why did it fail, did all the "allowed hosts" got scanned etc. I know you can debug a target, but this is not what I mean.

Pros

* The number of checks that take place.

* The quality of the issues found.

* After years it is finally possible to pause a scan, hallelujah.

Cons

* As a pentester I absolutely miss a more flexible way to configure settings like it was possible in v10. The interface is built as "point a shoot", idiot proof. Currently, If I want to configure things I need to change xml config files on the server and reload acunetix...

* After the release of v12 we were called by a sales agent as we suddently couldn't add targets anymore. The license model suddenly changed completely. The entire business model is now based on scanning an applications continuously over the year. However, as a pentesting business for we mostly scan apps just 1 time for our security assessments. It absolutely makes no sense to apply the same costs! Just like Netsparker, acunetix should have plans for pentesters and consultants.

* Scanning an app that spans multiple domains always results in problems. Currently you have the "Allowed hosts" settings which is crappy in setting up. I need to set all (sub) domains to a different target. And ofcourse with the current business model you are charged per target, lol.

Response from Acunetix

Thank you for your honest feedback:

As you rightly say, we try to keep an easy to use interface, with the intention of automatically detecting the best way to scan the site. There are some settings which are not used by most of our customers, and which can be manually tweaked from the settings file.

I think you might have missed the little help icon at the top right corner of the Acunetix interface. When clicked, this provides help on the settings loaded in the current page. But to answer your queries:

Example 1 - When you Exclude a path from the Site Structure, the exclusion will be stored with the Target, and will affect subsequent scans. You can delete the exclusion from the Target settings.

Example 2: this is explained on our website at https://www.acunetix.com/blog/docs/configure-scan-speed-acunetix/. I have forwarded your comment about the scan feedback to the product team.

Regarding licensing, I would suggest that you get in touch with our sales team, who can work

Rating breakdown

Value for Money
Ease of Use
Customer Support

Likelihood to recommend: 7.0/10

Verified Reviewer
Industry: Financial Services
Company size: 51-200 Employees

Easy to setup, nice results

Used Weekly for 2+ years
Reviewed on 13/08/2018
Review Source: Capterra

As a scanner it is quite good, relevant and well described findings, so far no false positives. Following an initial trial and PoC with couple of competitors, Acunetix had the best features, most suitable licensing model, good support, so we purchased a three year license. However, at some point, it all changed. The license became based on other criteria, the testing and verification tools were removed, there is no support or way of reverting to a previous version, after you realise that the changes introduced and making the software unusable or insufficient. Overall, unless there are guarantees that it won't happen again, I will be very reluctant to renew.

Pros

Very easy to setup initially, running scans quite fast, good crawler, very nice and understandable results.

Cons

The license model changed somehow in the middle of the three years, so it became impossible to continue to use it as planned without paying much more. Tools were removed.

Response from Acunetix

Thank you for your feedback.

You can download the free Acunetix Manual Pentesting Tools from https://www.acunetix.com/vulnerability-scanner/free-manual-pen-testing-tools/. You can copy the Request done by Acunetix from the Vulnerability details, and use this in the Acuneix Manual Tools

Rating breakdown

Value for Money
Ease of Use
Customer Support

Likelihood to recommend: 8.0/10

User recommendation
8.3/10
Based on 33 user ratings
Compare user recommendation rating with alternatives
Compare with alternatives

Acunetix Pricing

Acunetix Pricing

Starting from
US$6,995.00
Free Trial
Subscription
Value for money

Enterprise Online: starting at $6,995

Standard On Premise: starting at $6,995

Enterprise On Premise: starting at $4,495

Enterprise Plus: contact Acunetix. (20+ website targets)

Enterprise Online: starting at $6,995

Standard On Premise: starting at $6,995

Enterprise On Premise: starting at $4,495

Enterprise Plus: contact Acunetix. (20+ website targets)

Value for Money
4.1/5
Based on 33 user ratings
Compare value for money rating with alternatives
Compare with alternatives

Acunetix Features

Acunetix Features

API
Access Control
Activity Dashboard
Alerts / Escalation
Audit Trail
Auditing
Authentication
Automatic Notifications
Compliance Management
Monitoring
Password Management
Policy Management
Real Time Monitoring
Reporting & Statistics
SSL Security
Secure Data Storage
Single Sign On
Third Party Integration
Two-Factor Authentication
User Management
Features
4.3/5
Based on 33 user ratings
Compare features rating with alternatives
Compare with alternatives

Categories

Videos and Tutorials

Videos and Tutorials

Additional information for Acunetix

Additional information for Acunetix

Key features of Acunetix

  • Assign target business criticality
  • Assign target management to users
  • Automated security testing
  • Compliance reports (HIPAA, PCI-DSS, ISO/IEC 27001 and more
  • Continuous scanning
  • Crawl and scan HTML5 websites
  • Dashboard
  • Email notifications
  • Gray-box vulnerability testing
  • Indepth crawl & analysis
  • Integration APIs
  • Issue trackers
  • Issue tracking systems integration
  • Line of code visibility
  • Login sequence recorder (LSR)
  • Manual intervention during scan
  • Manual pen-testing tool suite
  • Multi-user
  • Network scanning
  • Network security
  • Out-of-band vulnerability testing
  • Prioritize & control threats
  • Prioritize by business criticality
  • Regulatory compliance reports
  • Risk management
  • Scans for vulnerable WordPress Plugins & misconfigurations
  • Scheduled scanning
  • Target groups
  • Testing for network vulnerabilities
  • Track progress of new features and manage deadlines
  • Trend graphs
  • URL detection
  • User roles and privileges
  • Vulnerability assessment
  • Web scanning
  • WordPress checks

Benefits

  • Acunetix can scan HTML5 websites, SPAs & executes JavaScript, with the ability to detect over 6,500 web vulnerabilities.

  • Prioritize and control threats with integrated tools for vulnerability management and collaborate with the team to build and maintain an effective security program.

  • Acunetix offers a high detection rate of SQLi and XSS vulnerabilities including Blind XSS and DOM-based XSS with low false positives.

  • Detect malware URLs on websites or web applications and identify links to URLs which are being used for phishing and fraud using Acunetix's malware detection service.

  • Test for weak passwords, badly configured proxy servers, and other network vulnerabilities and view results or create security reports via the Acunetix online dashboard.

  • Acunetix FAQs

    Acunetix FAQs

    Below are some frequently asked questions for Acunetix.

    Q. What type of pricing plans does Acunetix offer?

    Acunetix offers the following pricing plans:

    Starting from: US$6,995.00

    Pricing model: Subscription

    Free Trial: Available

    Enterprise Online: starting at $6,995 Standard On Premise: starting at $6,995 Enterprise On Premise: starting at $4,495 Enterprise Plus: contact Acunetix. (20+ website targets)

    Q. What are the main features of Acunetix?

    Acunetix offers the following features:

    • Assign target business criticality
    • Assign target management to users
    • Automated security testing
    • Compliance reports (HIPAA, PCI-DSS, ISO/IEC 27001 and more
    • Continuous scanning
    • Crawl and scan HTML5 websites
    • Dashboard
    • Email notifications
    • Gray-box vulnerability testing
    • Indepth crawl & analysis
    • Integration APIs
    • Issue trackers
    • Issue tracking systems integration
    • Line of code visibility
    • Login sequence recorder (LSR)
    • Manual intervention during scan
    • Manual pen-testing tool suite
    • Multi-user
    • Network scanning
    • Network security
    • Out-of-band vulnerability testing
    • Prioritize & control threats
    • Prioritize by business criticality
    • Regulatory compliance reports
    • Risk management
    • Scans for vulnerable WordPress Plugins & misconfigurations
    • Scheduled scanning
    • Target groups
    • Testing for network vulnerabilities
    • Track progress of new features and manage deadlines
    • Trend graphs
    • URL detection
    • User roles and privileges
    • Vulnerability assessment
    • Web scanning
    • WordPress checks

    Q. Who are the typical users of Acunetix?

    Acunetix has the following typical customers:

    Large Enterprises, Mid Size Business, Small Business

    Q. What languages does Acunetix support?

    Acunetix supports the following languages:

    English

    Q. What type of pricing plans does Acunetix offer?

    Acunetix has the following pricing plans:

    Subscription

    Q. Does Acunetix support mobile devices?

    We do not have any information about what devices Acunetix supports

    Q. What other apps does Acunetix integrate with?

    Acunetix integrates with the following applications:

    Centraleyezer, GitHub, JIRA Software, Keylight Platform, ThreadFix, Wordpress

    Q. What level of support does Acunetix offer?

    Acunetix offers the following support options:

    FAQs, Online Support, Phone Support