We performed a comparison between Acunetix and Contrast Security Assess based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most important feature is that it's a web-based graphical user interface. That is a great addition. Also, the ability to schedule scans is great."
"Our developers can run the attacks directly from their environments, desktops."
"The most valuable feature of Acunetix is the UI and the scan results are simple."
"The vulnerability scanning option for analyzing the security loopholes on the websites is the most valuable feature of this solution."
"One of the features that I feel is groundbreaking, that I would like to see expanded on, is the IAS feature: The Interactive Application Security Testing module that gets loaded onto an application on a server, for more in-depth, granular findings. I think that is really neat. I haven't seen a lot of competitors doing that."
"There is a lot of documentation on their website which makes setting it up and using it quite simple."
"It's very user-friendly for the testing teams. It's very easy for them to understand things and to fix vulnerabilities."
"The most valuable feature of the solution is the speed at which it can scan multiple domains in just a few hours."
"The most valuable feature is the continuous monitoring aspect: the fact that we don't have to wait for scans to complete for the tool to identify vulnerabilities. They're automatically identified through developers' business-as-usual processes."
"By far, the thing that was able to provide value was the immediate response while testing ahead of release, in real-time."
"It is a stable solution...Contrast Security Assess is one of the first players in this market, so they have experience and customers, especially abroad. Overall, it's a good product."
"Assess has an excellent API interface to pull APIs."
"We use the Contrast OSS feature that allows us to look at third-party, open-source software libraries, because it has a cool interface where you can look at all the different libraries. It has some really cool additional features where it gives us how many instances in which something has been used... It tells us it has been used 10 times out of 20 workloads, for example. Then we know for sure that OSS is being used."
"When we access the application, it continuously monitors and detects vulnerabilities."
"The accuracy of the solution in identifying vulnerabilities is better than any other product we've used, far and away. In our internal comparisons among different tools, Contrast consistently finds more impactful vulnerabilities, and also identifies vulnerabilities that are nearly guaranteed to be there, meaning that the chance of false positives is very low."
"In our most critical applications, we have a deep dive in the code evaluation, which was something we usually did with periodic vulnerability assessments, code reviews, etc. Now, we have real time access to it. It's something that has greatly enhanced our code's quality. We have actually embedded a KPI in regards to the improvement of our code shell. For example, Contrast provides a baseline where libraries and the usability of the code are evaluated, and they produce a score. We always aim to improve that score. On a quarterly basis, we have added this to our KPIs."
"The solution's pricing could be better."
"The jargon used makes it difficult for project managers to understand the issues, and the technical explanations used make it difficult for developers to understand issues. These things should be simplified much more. That would be very helpful for us when explaining to them what needs to be fixed. The report output needs to be simplified."
"You can't actually change your password after you've set it unless you go back into the administration account and you change it there. Thus, if you're locked out and don't remember your password, that's a thing."
"Acunetix needs to improve its cost."
"The solution can be improved by adding the ability to scan subdomains automatically, and by providing reports that can be exported to external databases to share with other solutions."
"Acunetix needs to be dynamic with JavaScript code, unlike Netsparker which can scan complex agents."
"There's a clear need for a reduction in pricing to make the service more accessible."
"While we do have it integrated with other solutions, it could still offer more integrations."
"Personalization of the board and how to make it appealing to an organization is something that could be done on their end. The reports could be adaptable to the customer's preferences."
"I would like to see them come up with more scanning rules."
"Contrast's ability to support upgrades on the actual agents that get deployed is limited. Our environment is pretty much entirely Java. There are no updates associated with that. You have to actually download a new version of the .jar file and push that out to your servers where your app is hosted. That can be quite cumbersome from a change-management perspective."
"The out-of-the-box reporting could be improved. We need to write our own APIs to make the reporting more robust."
"The setup of the solution is different for each application. That's the one thing that has been a challenge for us. The deployment itself is simple, but it's tough to automate because each application is different, so each installation process for Contrast is different."
"The product's retesting part needs improvement. The tool also needs improvement in the suggestions provided for fixing vulnerabilities. It relies more on documentation rather than on quick fixes."
"I think there was activity underway to support the centralized configuration control. There are ways to do it, but I think they were productizing more of that."
"The solution should provide more details in the section where it shows that third-party libraries have CVEs or some vulnerabilities."
Acunetix is ranked 16th in Application Security Tools with 26 reviews while Contrast Security Assess is ranked 30th in Application Security Tools with 11 reviews. Acunetix is rated 7.6, while Contrast Security Assess is rated 8.8. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of Contrast Security Assess writes "We're gathering vulnerability data from multiple environments in real time, fundamentally changing how we identify issues in applications". Acunetix is most compared with OWASP Zap, Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan and Fortify WebInspect, whereas Contrast Security Assess is most compared with Veracode, Seeker, Fortify WebInspect, Checkmarx One and HCL AppScan. See our Acunetix vs. Contrast Security Assess report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
