Acunetix Vulnerability Scanner Valuable Features

Scheduling of testing cuts down on the manual, tedious activities that go into setting up a test site. One of the features that I feel is groundbreaking, that I would like to see expanded on, is the IAS feature: The Interactive Application Security Testing module that gets loaded onto an application on a server, for more in-depth, granular findings. I think that is really neat. I haven't seen a lot of competitors doing that. View full review »

The crawl only scan for trying to figure out at which points of the site that you'll actually be able to reach within the full scan. That's pretty useful. If you're just trying to test your login sequence, it is nice. It'll tell you which parts of your website it will initially scan, and you can actually go through and disable parts if you know you're not going to have to scan those parts. Then, later on, you go back and do a full scan for deep penetration of the site. View full review »

The ability to be on the website and test for different vulnerabilities. We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why. I can have a scan set up within five to ten minutes by double checking the login script works, so it doesn't take long at all. We have found a few cross-site scripting vulnerabilities. View full review »

The most important feature is that it's a web-based graphical user interface. That is a great addition. Also, the ability to schedule scans is great. The speed of Acunetix has been pretty good. It's been the same as most other tools that we use, but it's been good. View full review »

The most important feature is that we are able to parameterize all of the attacks so that our developers can run the attacks directly from their environments and desktops. They don't need any expertise or to know the difficulties of the attacker; they just run the tool and get the results. View full review »

This solution is easy and quick to set up and use. Most of the time, all it takes is entering a website's URL and clicking on the scan button. Obviously, this is not usually the recommended way to use it, but to get an initial picture of the target's possible vulnerabilities it is a very comfortable starting point. In fact, often a proper penetration test requires emulating a real user of the target application and logging in. The vulnerabilities that can be discovered when logged in normally outnumber the ones that can be discovered by a "simple" black-box approach. Acunetix allows recording a login session and replying it during its attack phase and this is quite convenient. View full review »

The scalability is more than good. It can operate both as a standalone and it can be integrated with other applications, which makes it a very versatile solution to have. This solution is simple enough, especially with the cloud. You can download the client onto your machines and then you start filtering your traffic from there. View full review »

For us, the most valuable aspect of the solution is the log-sequence feature. The main components covering most of the SQL injection findings are quite useful. We've never faced any maintenance issues. View full review »

The vulnerability scanning option for analyzing the security loopholes on the websites is the most valuable feature of this solution. View full review »

The scalability is good. The scalability is more than good because it can operate both as a standalone and it can be integrated as part of applications. So that really makes it a very, very versatile solution to have. View full review »

* Login Sequence Recorder * Scan throttling * Fantastic reporting output. View full review »