We performed a comparison between Acunetix and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why."
"The most valuable feature of the solution is the speed at which it can scan multiple domains in just a few hours."
"The tool's most valuable feature is performance."
"The solution is highly stable."
"Our developers can run the attacks directly from their environments, desktops."
"It comes equipped with an internal applicator, which automatically identifies and addresses vulnerabilities within the program."
"The most valuable feature of Acunetix is the UI and the scan results are simple."
"The most important feature is that it's a web-based graphical user interface. That is a great addition. Also, the ability to schedule scans is great."
"The solution can scan old databases and old code written 20 years back."
"The user interface is quick, familiar, and user-friendly and makes navigation to other software very easy."
"Being able to scan our applications and identify all codes and defects is an extremely valuable feature."
"Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. If we have any outstanding issues, they get serviced and addressed."
"I have used this solution in multiple projects for vulnerability testing and finding security leaks within the code."
"The most valuable feature of Veracode Static Analysis is the scanning."
"Also, our customers benefited from the added security assurance of our applications, as they’ve been able to identify OWASP top-10 application vulnerabilities without a manual tester."
"Veracode Fix is a new feature that functions similarly to auto-remediation for low or medium flaw codes."
"It should be easier to recreate something manually, with the manual tool, because Acunetix is an automatic tool. If it finds something, it should be easier to manually replicate it. Sometimes you don't get the raw data from the input and output, so that could be improved."
"The solution's pricing could be better."
"There are some versions of the solution that are not as stable as others."
"When monitoring the traffic we always have issues with the bandwidth consumption and the throttling of traffic."
"The vulnerability identification speed should be improved."
"Acunetix needs to include agent analysis."
"I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection."
"There is room for improvement in website authentication because I've seen other products that can do it much better."
"The scanning could be improved, because some scans take a bit of time."
"While Veracode is way ahead of its competitors on Gartner Magic Quadrant, it's a bit more expensive than Fortify. It's a good solution for the cost, but if we had a high budget, we would go with Checkmarx, which is much better than Veracode."
"We use Ruby on Rails and we still don't have any support for that from Veracode."
"We tried to create an automatic scanning process for Veracode and integrate it into our billing process, but it was easier to adopt it to repositories based on GIT. Until now, our source control repository was Azure DevOps Server (Microsoft TFS) to managing our resources. This was not something that they supported. It took us some sessions together before we successfully implemented it."
"The static analysis is prone to a lot of false positives. But that's how it is with most static analysis tools... Also, the static analysis can sometimes take a little while. The time that it takes to do a scan should be improved."
"Sometimes Veracode gives us results about small glitches in the necessary packages. For example, we recently found issues with Veracode's native libraries for .NET 6 that were fixed in the next versions of those libraries. But sometimes you do not know which version of the library particular components are using. The downside of that is that one day, the solution found some issues in that library for the necessary package we spent. Another day, it found the same issues with another library. It will clearly state that this is the same stuff you've already analyzed. This creates some additional work, but it isn't significant. However, sometimes you see the same issue for two or three days in a row."
"One concern is that scans take a long time to run. We scan at the end of the day because we know it will take a lot of time. We leave it to run and the report will be generated by the next day when we arrive. The scanning time could be reduced."
"It's taking too much time to do a quality scan."
Acunetix is ranked 17th in Application Security Tools with 26 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Acunetix is rated 7.6, while Veracode is rated 8.2. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Acunetix is most compared with OWASP Zap, Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan and PortSwigger Burp Suite Enterprise Edition, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand and Snyk. See our Acunetix vs. Veracode report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.