We performed a comparison between Tenable Nessus and Acunetix based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison results: Based on the parameters we compared, Tenable Nessus comes out ahead of Acunetix. Even though both solutions offer beneficial vulnerability scanning and a proactive approach, Acunetix’s two-year licensing plan is less flexible than that of its competitor, and its need for manual resolution of false positives leaves room for improvement.
"Acunetix has an awesome crawler. It gives a referral site map of near targets and also goes really deep to find all the inputs without issues. This was valuable because it helped me find some files or directories, like web admin panels without authentication, which were hidden."
"We use the solution for the scanning of vulnerabilities like SQL injections."
"There is a lot of documentation on their website which makes setting it up and using it quite simple."
"We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why."
"One of the features that I feel is groundbreaking, that I would like to see expanded on, is the IAS feature: The Interactive Application Security Testing module that gets loaded onto an application on a server, for more in-depth, granular findings. I think that is really neat. I haven't seen a lot of competitors doing that."
"The vulnerability scanning option for analyzing the security loopholes on the websites is the most valuable feature of this solution."
"Our developers can run the attacks directly from their environments, desktops."
"Their technical support has been very active. If I have an issue, I can reach out to them and get an answer pretty quick."
"Security is the key number because it can start to scan with a few clicks instead of credits, which is a bit complicated. So simplicity is the first advantage. Then the generated reports are well done and easy to present to management. The quality of the scan is quite good in detecting the severity. The solution has simplicity. Also, it has frequent updates so that is also a valuable feature."
"The most valuable aspect of this solution is that you receive the entire report, which details the breakdown, especially in terms of critical, high, low, and mediums."
"Among the most valuable features are scanning for vulnerabilities and the reporting. The reporting templates are okay. I like that I can see all the hosts with different vulnerabilities."
"The most valuable features of Tenable Nessus are the scanning option. Advanced scanning is highly useful. The offline config audits and application assessments are useful."
"Scanners and reports using CIS templates ("de-facto" standard, easy to fix and to locate correction tips at documentation), tests against cloud providers, database profiles, several types of telecom devices, and others highly customizable scans."
"Once you get past the initial implementation, the solution is very stable."
"Nessus is good at finding out what nodes you have in place. It will then provide you a report, by node, of what the vulnerabilities are. It does it quickly and stealthfully."
"The most valuable feature of Tenable Nessus is vulnerability detection."
"The only problem that they have is the price. It is a bit expensive, and you cannot change the number of applications for the whole year."
"We want to see how much bandwidth usage it consumes. When we monitor traffic we have issues with the consumption and throttling of the traffic."
"The pricing is a bit on the higher side."
"It should be easier to recreate something manually, with the manual tool, because Acunetix is an automatic tool. If it finds something, it should be easier to manually replicate it. Sometimes you don't get the raw data from the input and output, so that could be improved."
"The solution can be improved by adding the ability to scan subdomains automatically, and by providing reports that can be exported to external databases to share with other solutions."
"The solution's pricing could be better."
"Acunetix needs to be dynamic with JavaScript code, unlike Netsparker which can scan complex agents."
"There are some versions of the solution that are not as stable as others."
"This is still a maturing product. Tenable is only a scanner for one ability, while other solutions like Rapid7 have more tools for verification. We still have to manually verify to see if the vulnerability is a false positive or not."
"Lacks some penetration testing-related services."
"Vulnerability recommendations are outdated and not in line with industry standards."
"The solution should be able to support more devices."
"The reports are okay, but the interface is a bit difficult to navigate in some cases."
"Tenable Nessus is not feasible for a large company."
"They should improve the I/O reporting and the customized spreadsheet export feature."
"The problems I faced with Tenable Nessus were related to its dashboard's customization capabilities and its ability to provide data to third-party sources."
Acunetix is ranked 15th in Vulnerability Management with 26 reviews while Tenable Nessus is ranked 3rd in Vulnerability Management with 75 reviews. Acunetix is rated 7.6, while Tenable Nessus is rated 8.4. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of Tenable Nessus writes "Unlimited assets for one price and quick, agentless results". Acunetix is most compared with OWASP Zap, Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan and Qualys Web Application Scanning, whereas Tenable Nessus is most compared with Qualys VMDR, Rapid7 InsightVM, Tenable Security Center, Tenable Vulnerability Management and Snyk. See our Acunetix vs. Tenable Nessus report.
See our list of best Vulnerability Management vendors.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.