We performed a comparison between Acunetix and Invicti based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I haven't seen reporting of that level in any other tool."
"The tool's most valuable feature is performance."
"It can operate both as a standalone and it can be integrated with other applications, which makes it a very versatile solution to have."
"The usability and overall scan results are good."
"Acunetix has an awesome crawler. It gives a referral site map of near targets and also goes really deep to find all the inputs without issues. This was valuable because it helped me find some files or directories, like web admin panels without authentication, which were hidden."
"The most important feature is that it's a web-based graphical user interface. That is a great addition. Also, the ability to schedule scans is great."
"We use the solution for the scanning of vulnerabilities like SQL injections."
"It comes equipped with an internal applicator, which automatically identifies and addresses vulnerabilities within the program."
"The scanner is light on the network and does not impact the network when scans are running."
"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."
"Attacking feature: Actually, attacking is not a solo feature. It contains many attack engines, Hawk, and many properties. But Netsparker's attacking mechanism is very flexible. This increases the vulnerability detection rate. Also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing. It's very valuable for a vulnerability scanner."
"The best features of Invicti are its ability to confirm access vulnerabilities, SSL injection vulnerabilities, and its connectors to other security tools."
"I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool. It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy."
"Its ability to crawl a web application is quite different than another similar scanner."
"I like that it's stable and technical support is great."
"It correctly parses DOM and JS and has really good support for URL Rewrite rules, which is important for today's websites."
"I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection."
"Currently only supports web scanning."
"Acunetix needs to be dynamic with JavaScript code, unlike Netsparker which can scan complex agents."
"The only problem that they have is the price. It is a bit expensive, and you cannot change the number of applications for the whole year."
"We want to see how much bandwidth usage it consumes. When we monitor traffic we have issues with the consumption and throttling of the traffic."
"It should be easier to recreate something manually, with the manual tool, because Acunetix is an automatic tool. If it finds something, it should be easier to manually replicate it. Sometimes you don't get the raw data from the input and output, so that could be improved."
"We have had issues during upgrades where their scans worked on some apps better with previous versions. Then, we had to work with their tech support, who were great, to get it fixed for the next version."
"The pricing is a bit on the higher side."
"The scannings are not sufficiently updated."
"They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one."
"Netsparker doesn't provide the source code of the static application security testing."
"I think that it freezes without any specific reason at times. This needs to be looked into."
"The custom attack preparation screen might be improved."
"Right now, they are missing the static application security part, especially web application security."
"The support's response time could be faster since we are in different time zones."
"The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."
Acunetix is ranked 17th in Application Security Tools with 26 reviews while Invicti is ranked 20th in Application Security Tools with 25 reviews. Acunetix is rated 7.6, while Invicti is rated 8.2. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". Acunetix is most compared with OWASP Zap, Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan and SonarQube, whereas Invicti is most compared with OWASP Zap, PortSwigger Burp Suite Professional, Qualys Web Application Scanning, Veracode and Fortify WebInspect. See our Acunetix vs. Invicti report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.