We performed a comparison between Acunetix and Invicti based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."There is a lot of documentation on their website which makes setting it up and using it quite simple."
"The automated approach to these repetitive discovery attempts would take days to do manually and therefore it helps reduce the time needed to do an assessment."
"We use the solution for the scanning of vulnerabilities like SQL injections."
"The usability and overall scan results are good."
"Acunetix is the best service in the world. It is easy to manage. It gives a lot of information to the users to see and identify problems in their site or applications. It works very well."
"Their technical support has been very active. If I have an issue, I can reach out to them and get an answer pretty quick."
"We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why."
"The vulnerability scanning option for analyzing the security loopholes on the websites is the most valuable feature of this solution."
"The best features of Invicti are its ability to confirm access vulnerabilities, SSL injection vulnerabilities, and its connectors to other security tools."
"The solution generates reports automatically and quickly."
"This tool is really fast and the information that they provide on vulnerabilities is pretty good."
"The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support."
"When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
"Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."
"The scanner is light on the network and does not impact the network when scans are running."
"It correctly parses DOM and JS and has really good support for URL Rewrite rules, which is important for today's websites."
"We have had issues during upgrades where their scans worked on some apps better with previous versions. Then, we had to work with their tech support, who were great, to get it fixed for the next version."
"Acunetix needs to include agent analysis."
"The solution limits the number of scans. It would be much better if we could have unlimited scans."
"I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection."
"Acunetix needs to be dynamic with JavaScript code, unlike Netsparker which can scan complex agents."
"There's a clear need for a reduction in pricing to make the service more accessible."
"Integration into other tools is very limited for Acunetix. While we're trying to incorporate a CI/CD process where we're integrating with JIRA and we're integrating with Jenkins and Chef, it becomes problematic. Other tools give you a high integration capability to connect into different solutions that you may already have, like JIRA."
"It would be nice to have a feature to "retest" only a single vulnerability that the customer reports as patched, and delete it from the next scans since it has already been patched."
"It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."
"The support's response time could be faster since we are in different time zones."
"They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one."
"The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."
"The scanning time, complexity, and authentication features of Invicti could be improved."
"Netsparker doesn't provide the source code of the static application security testing."
"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."
"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."
Acunetix is ranked 16th in Application Security Tools with 26 reviews while Invicti is ranked 20th in Application Security Tools with 25 reviews. Acunetix is rated 7.6, while Invicti is rated 8.2. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". Acunetix is most compared with OWASP Zap, Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan and SonarQube, whereas Invicti is most compared with OWASP Zap, PortSwigger Burp Suite Professional, Tenable.io Web Application Scanning, Fortify WebInspect and Qualys Web Application Scanning. See our Acunetix vs. Invicti report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.