We performed a comparison between Acunetix and Invicti based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."There is a lot of documentation on their website which makes setting it up and using it quite simple."
"One of the features that I feel is groundbreaking, that I would like to see expanded on, is the IAS feature: The Interactive Application Security Testing module that gets loaded onto an application on a server, for more in-depth, granular findings. I think that is really neat. I haven't seen a lot of competitors doing that."
"The scalability is good. The scalability is more than good because it can operate both as a standalone and it can be integrated as part of applications. So that really makes it a very, very versatile solution to have."
"It comes equipped with an internal applicator, which automatically identifies and addresses vulnerabilities within the program."
"Overall, it's a very good tool and a very good engine."
"We use the solution for the scanning of vulnerabilities like SQL injections."
"The usability and overall scan results are good."
"We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why."
"High level of accuracy and quick scanning."
"When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
"The scanner and the result generator are valuable features for us."
"The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support."
"The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."
"Scan, proxify the application, and then detailed report along with evidence and remediations to problems."
"Invicti's best feature is the ability to identify vulnerabilities and manually verify them."
"I like that it's stable and technical support is great."
"There is room for improvement in website authentication because I've seen other products that can do it much better."
"I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection."
"Acunetix needs to be dynamic with JavaScript code, unlike Netsparker which can scan complex agents."
"The solution limits the number of scans. It would be much better if we could have unlimited scans."
"Acunetix needs to include agent analysis."
"While we do have it integrated with other solutions, it could still offer more integrations."
"Integration into other tools is very limited for Acunetix. While we're trying to incorporate a CI/CD process where we're integrating with JIRA and we're integrating with Jenkins and Chef, it becomes problematic. Other tools give you a high integration capability to connect into different solutions that you may already have, like JIRA."
"In terms of what needs improvement, the way the licensing model is currently is not very convenient for us because initially, when we bought it, the licensing model was very flexible, but now it restricts us."
"The scanning time, complexity, and authentication features of Invicti could be improved."
"Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product."
"They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one."
"The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."
"The custom attack preparation screen might be improved."
"I think that it freezes without any specific reason at times. This needs to be looked into."
"The solution's false positive analysis and vulnerability analysis libraries could be improved."
"The scanner itself should be improved because it is a little bit slow."
Acunetix is ranked 17th in Application Security Tools with 26 reviews while Invicti is ranked 20th in Application Security Tools with 25 reviews. Acunetix is rated 7.6, while Invicti is rated 8.2. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". Acunetix is most compared with OWASP Zap, Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan and SonarQube, whereas Invicti is most compared with OWASP Zap, PortSwigger Burp Suite Professional, Qualys Web Application Scanning, Fortify WebInspect and Rapid7 AppSpider. See our Acunetix vs. Invicti report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
