We performed a comparison between Acunetix and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Our developers can run the attacks directly from their environments, desktops."
"It comes equipped with an internal applicator, which automatically identifies and addresses vulnerabilities within the program."
"It can operate both as a standalone and it can be integrated with other applications, which makes it a very versatile solution to have."
"The automated approach to these repetitive discovery attempts would take days to do manually and therefore it helps reduce the time needed to do an assessment."
"Their technical support has been very active. If I have an issue, I can reach out to them and get an answer pretty quick."
"Picks up weaknesses in our app setups."
"We use the solution for the scanning of vulnerabilities like SQL injections."
"The solution is highly stable."
"I like its integration with GitHub. I like using it from GitHub. I can use the GitHub URL and find out the vulnerabilities."
"Stable and scalable, with good reporting features. Helps in detecting and managing vulnerabilities and risks."
"It's comprehensive from a feature standpoint."
"When those scans kick, Veracode integrates back into our JIRA and actually open tickets with the appropriate development teams. We can use that as a measurement of vulnerabilities opened, closed; we can tie them to releases. So, we get a whole lot more statistical information about security in our software products."
"Also, our customers benefited from the added security assurance of our applications, as they’ve been able to identify OWASP top-10 application vulnerabilities without a manual tester."
"The solution's ability to prevent vulnerable code from going into production is perfectly fine. It delivers, at least for the reports that we have been checking on Java and JavaScript. It has reported things that were helpful."
"Valuable features for us are the static scanning of the software, which is very important to us; the ability to set policy profiles that are specific to us; the software composition analysis, to give us reports on known vulnerabilities from our third-party components."
"The automation of Veracode is great because we no longer have to run manual testing."
"The vulnerability identification speed should be improved."
"Acunetix needs to include agent analysis."
"I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection."
"Acunetix needs to be dynamic with JavaScript code, unlike Netsparker which can scan complex agents."
"Currently only supports web scanning."
"The pricing is a bit on the higher side."
"Integration into other tools is very limited for Acunetix. While we're trying to incorporate a CI/CD process where we're integrating with JIRA and we're integrating with Jenkins and Chef, it becomes problematic. Other tools give you a high integration capability to connect into different solutions that you may already have, like JIRA."
"There is room for improvement in website authentication because I've seen other products that can do it much better."
"I would also like to see some improvement in the speed. That is really the only complaint, but in all reality we have a massive Java application that needs to be scanned. Our developers are saying, "It takes 72 hours to scan it." That is probably the nature of the beast, and I'm actually pretty accepting of that time frame, but since it's a complaint that I get, faster is always better. I don't necessarily think that the speed is bad as it is, just that faster would be better."
"Scheduling can be a little difficult. For instance, if you set up recurring scheduled scans and a developer comes in and says, "Hey, I have this critical release that happened outside of our normal release patterns and they want you to scan it," we actually have to change our schedule configuration and that means we lose the recurring scheduling settings we had."
"The overall reporting structure is complicated, and it's difficult to understand the report."
"I would like to see these features: entering comments for internal tracking; entering a priority; reports that show the above."
"The on-platform reporting needs to be opened up much more. We'd like to be able to look at the inspection data from a trending perspective in a much more open manner. I need to be able to sort and filter much more flexibly than I can today."
"I've found that Veracode is not particularly suitable for Dynamic Application Security Testing."
"It's very expensive for a small organization."
"When it comes to the speed of the pipeline scan, one of the things we have found with Veracode is that it's very fast with Java-based applications but a bit slow with C/C++ based applications. So we have implemented the pipeline scan only for Java-based applications not for the C/C++ applications."
Acunetix is ranked 17th in Application Security Tools with 26 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Acunetix is rated 7.6, while Veracode is rated 8.2. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Acunetix is most compared with OWASP Zap, Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan and PortSwigger Burp Suite Enterprise Edition, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand and Snyk. See our Acunetix vs. Veracode report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.