We have had more success with this particular product being able to control our different applications better than some of the other applications that we have used in the past, as far as checking for vulnerabilities. We know our apps are more secure.

It takes a few weeks just to look at the entire process. We take the reports, send it to the business team, who give it the analysts, and then come up with the remediation plan. Afterwards, we scan it again unless there are critical issues, which are done in less time.

Where I worked was a big group where there were many agencies under it, and we did the security for all other agencies. With Acunetix, we cut the time to make infrastructures and web applications (for our colleagues) more secure.

For one application with two or three critical vulnerabilities and some other vulnerabilities, it took like a week to remediate issues because the scan and findings were really fast. 

It has been instrumental in supplementing services that we already have. 

It has been able to find some vulnerabilities, and we've been able to remediate our websites and vulnerabilities, thanks to Acunetix. We can go back in and have them retested, which is kind of nice, because we can click on the vulnerabilities which it has found. It will also give us quite a bit of information, along with responses, so we can go back and manually test it to make sure it's not a false positive. So, it has been especially useful in that way.

It has helped me to discover some vulnerabilities in the web applications (like Cross-site scripting or SQL injection) and it helps to reduce the time it takes to perform a vulnerability assessment or a penetration test against a customer's web application.

As a team, it's helped us to deliver better security assessments. There are only two of us here who do the penetration testing, and we've been providing better results from our testing.

The number of "high" and "medium" vulnerabilities found using this solution will depend on the development process. But when we started using Acunetix, and other testing tools as well, we had a lot of vulnerabilities. We had to invest a lot of time in fixing vulnerabilities in those days, about two years back. Now, we don't get that many vulnerabilities because the developers and the application testers have improved a lot. They code in a way that results in fewer vulnerabilities.

Most of the vulnerability standards we've used give a fair number of false positives. But with the latest version of Acunetix, we have seen a good standard of false positive rates. Sometimes, customers actually want to have a list of false positives, but the number of false positives we now get is much less than earlier.

Greater confidence in go-live for multiple application releases over their release cycles.