Anonymous UserChief Hacking Officer at a security firm
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"Our developers can run the attacks directly from their environments, desktops."
"It can operate both as a standalone and it can be integrated with other applications, which makes it a very versatile solution to have."
"For us, the most valuable aspect of the solution is the log-sequence feature."
"The scalability is good. The scalability is more than good because it can operate both as a standalone and it can be integrated as part of applications. So that really makes it a very, very versatile solution to have."
"Picks up weaknesses in our app setups."
"The usability and overall scan results are good."
"I haven't seen reporting of that level in any other tool."
"It's very user-friendly for the testing teams. It's very easy for them to understand things and to fix vulnerabilities."
"The most valuable feature is the breadth of vulnerabilities that it finds. It's able to find across a lot of different platforms and operating systems. It's also able to combine local testing with network-based testing."
"Nessus is good at finding out what nodes you have in place. It will then provide you a report, by node, of what the vulnerabilities are. It does it quickly and stealthfully."
"It also has an executive report where you don't have to provide the client all the detail for them to sift though. But if they wish to dig through the detail they can."
"Among the most valuable features are scanning for vulnerabilities and the reporting. The reporting templates are okay. I like that I can see all the hosts with different vulnerabilities."
"The most valuable feature is how it scanned and detected through its database to let us know exactly what fixes we needed to put in place for the vulnerabilities. It detects and it also gives you the way to fix it."
"Nessus gives me a good preview of vulnerabilities and good suggestions for remediation. It's easy to find a description of a given vulnerability and solutions for it."
"Scanners and reports using CIS templates ("de-facto" standard, easy to fix and to locate correction tips at documentation), tests against cloud providers, database profiles, several types of telecom devices, and others highly customizable scans."
"We have done code scanning for a long period because as a company, we do DevOps as part of our development life cycle."
"Tools that would allow us to work more efficiently with the mobile environment, with Android and iOS."
"When monitoring the traffic we always have issues with the bandwidth consumption and the throttling of traffic."
"The solution limits the number of scans. It would be much better if we could have unlimited scans."
"We want to see how much bandwidth usage it consumes. When we monitor traffic we have issues with the consumption and throttling of the traffic."
"Currently only supports web scanning."
"There is room for improvement in website authentication because I've seen other products that can do it much better."
"The vulnerability identification speed should be improved."
"The jargon used makes it difficult for project managers to understand the issues, and the technical explanations used make it difficult for developers to understand issues. These things should be simplified much more. That would be very helpful for us when explaining to them what needs to be fixed. The report output needs to be simplified."
"There is room for improvement in finishing the transition to the cloud. We'd like to see them keep on improving the Tenable.io product, so that we can migrate to it entirely, instead of having to keep the Tenable.sc on-prem product."
"One area with room for improvement is instead of there just being a PDF format for output, I'd like the option of an Excel spreadsheet, whereby I could better track remediation efforts and provide reporting off of that."
"We use credentialed scans. They need more permissions and more changes or settings on Windows and Linux."
"There is room, overall, for improvement in the way it groups the workstations and the way it detects, when the vulnerability is scanned. Even when we would run a new scan, if it was an already existing vulnerability, it wouldn't put a new date on it."
"One area that has room for improvement is the reporting. I'm preparing reports for Windows and Linux machines, etc. Currently, I'm collecting three or four reports and turning them into one report. I don't know if it is possible to combine all of them in one report, but that would be helpful."
"Model OS costs (and its segregation schema for individual modules)."
"We would like to have the option of using the solution for the cloud as well as on-premises with the same license at the same time. That would be very helpful."
"It wasn't very clear how the scripts are running the scans. There's information about the script but it's not straightforward. The script information for each of the plugins should be available, but it doesn't give us straightforward direct information about how it was executed. That needs to be more clear."
"I would say that Acunetix is expensive because there are products on the market with similar features that are equally or better-priced."
"The pricing is a little high, and moreover, it's kind of domain-based."
"When compared with other products, the pricing is a little bit high. But it gives value for the price. It serves the purpose and is worthwhile for the price we pay."
"Implementing Acunetix needs a medium or larger business agency, because you need some money to get Acunetix. It is costly, but if you care about your agency's security, then maybe it's a cost that might help you in the future."
"Nowadays, your vulnerability applications are going to be kind of pricey because lots of them, including Rapid7, are based upon a base price, but then they add in the nodes. That's where they get you. If you're a big network, obviously, you need to scan everything. Therefore, it's going to be costly. The risk and insurance money associated with having ransomware on my networks is going to cost me more money, time, and marketing than the price of the tool. That's why I'm speaking only as an information security officer to security operations. This is the tool that is there in my toolbox to say whether we vulnerable or not. At this point, I don't care about how much it costs my company to have it because if I wasn't able to report it and we got ransomware, then who cares? I'm probably going to be out of business because it happened. That's why I don't care about the price. I have it, and I could use it effectively and do my report. At the end of the day, even if we get ransomware, as long as I reported it, followed my protocol, and put in the change, irrespective of whether it was ignored or denied, I did my job."
"We pay approximately $2,500 on a yearly basis."
"We have a subscription, the licensing fees are paid yearly, and I am using the latest version."
"We incurred a single cost for a perpetual license, although I cannot comment on the price as this is above my management level."
"The price is reasonable."
"In general, it is extremely expensive."
"The price of the solution is reasonable."
Acunetix Web Vulnerability Scanner is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross site scripting, and other exploitable vulnerabilities.
Nessus Professional is the industry’s most widely deployed assessment solution for identifying the vulnerabilities, configuration issues, and malware that attackers use to penetrate your, or your customer's network. With the broadest coverage, the latest intelligence, rapid updates, and an easy-to-use interface, Nessus offers an effective and comprehensive vulnerability scanning package for one low cost.
Acunetix by Invicti is ranked 8th in Vulnerability Management with 11 reviews while Tenable Nessus is ranked 1st in Vulnerability Management with 23 reviews. Acunetix by Invicti is rated 7.2, while Tenable Nessus is rated 8.4. The top reviewer of Acunetix by Invicti writes "We are getting notably fewer false positives than previously, but reporting output needs to be simplified". On the other hand, the top reviewer of Tenable Nessus writes "Easy to use, good support, and gives full reports of what's vulnerable per device". Acunetix by Invicti is most compared with OWASP Zap, PortSwigger Burp Suite Professional, Fortify WebInspect, Veracode and ImmuniWeb, whereas Tenable Nessus is most compared with Tenable.io Vulnerability Management, Rapid7 InsightVM, Qualys VM, Tenable SC and PortSwigger Burp Suite Enterprise Edition. See our Acunetix by Invicti vs. Tenable Nessus report.
See our list of best Vulnerability Management vendors.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.