We performed a comparison between Acunetix and Invicti based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's very user-friendly for the testing teams. It's very easy for them to understand things and to fix vulnerabilities."
"Overall, it's a very good tool and a very good engine."
"The vulnerability scanning option for analyzing the security loopholes on the websites is the most valuable feature of this solution."
"It comes equipped with an internal applicator, which automatically identifies and addresses vulnerabilities within the program."
"We use the solution for the scanning of vulnerabilities like SQL injections."
"Acunetix has an awesome crawler. It gives a referral site map of near targets and also goes really deep to find all the inputs without issues. This was valuable because it helped me find some files or directories, like web admin panels without authentication, which were hidden."
"The scalability is good. The scalability is more than good because it can operate both as a standalone and it can be integrated as part of applications. So that really makes it a very, very versatile solution to have."
"The automated approach to these repetitive discovery attempts would take days to do manually and therefore it helps reduce the time needed to do an assessment."
"This tool is really fast and the information that they provide on vulnerabilities is pretty good."
"Attacking feature: Actually, attacking is not a solo feature. It contains many attack engines, Hawk, and many properties. But Netsparker's attacking mechanism is very flexible. This increases the vulnerability detection rate. Also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing. It's very valuable for a vulnerability scanner."
"The scanner and the result generator are valuable features for us."
"When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
"Invicti is a good product, and its API testing is also good."
"High level of accuracy and quick scanning."
"Its ability to crawl a web application is quite different than another similar scanner."
"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."
"While we do have it integrated with other solutions, it could still offer more integrations."
"Acunetix needs to improve its cost."
"Acunetix needs to be dynamic with JavaScript code, unlike Netsparker which can scan complex agents."
"When monitoring the traffic we always have issues with the bandwidth consumption and the throttling of traffic."
"There are some versions of the solution that are not as stable as others."
"Acunetix needs to include agent analysis."
"You can't actually change your password after you've set it unless you go back into the administration account and you change it there. Thus, if you're locked out and don't remember your password, that's a thing."
"It should be easier to recreate something manually, with the manual tool, because Acunetix is an automatic tool. If it finds something, it should be easier to manually replicate it. Sometimes you don't get the raw data from the input and output, so that could be improved."
"The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."
"I think that it freezes without any specific reason at times. This needs to be looked into."
"Right now, they are missing the static application security part, especially web application security."
"They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one."
"The scanner itself should be improved because it is a little bit slow."
"The solution needs to make a more specific report."
"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
"Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product."
Acunetix is ranked 17th in Application Security Tools with 26 reviews while Invicti is ranked 20th in Application Security Tools with 25 reviews. Acunetix is rated 7.6, while Invicti is rated 8.2. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". Acunetix is most compared with OWASP Zap, Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan and SonarQube, whereas Invicti is most compared with OWASP Zap, PortSwigger Burp Suite Professional, Qualys Web Application Scanning, Fortify WebInspect and HCL AppScan. See our Acunetix vs. Invicti report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.