We performed a comparison between Acunetix and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Their technical support has been very active. If I have an issue, I can reach out to them and get an answer pretty quick."
"It can operate both as a standalone and it can be integrated with other applications, which makes it a very versatile solution to have."
"The vulnerability scanning option for analyzing the security loopholes on the websites is the most valuable feature of this solution."
"It's very user-friendly for the testing teams. It's very easy for them to understand things and to fix vulnerabilities."
"We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why."
"The usability and overall scan results are good."
"Our developers can run the attacks directly from their environments, desktops."
"The automated approach to these repetitive discovery attempts would take days to do manually and therefore it helps reduce the time needed to do an assessment."
"When we expanded our definition of critical systems to include an internal application to be scanned by Veracode, we had initial scans that produced hundreds of vulnerabilities. We expected this, based on how the code was treated previously, but the Veracode platform allowed us to streamline our identification of these items and develop a game plan to quickly address them."
"The integration with DevOps pipelines is seamless."
"The integration of static testing with our Azure DevOps CI pipeline was easy."
"It is a cloud-based platform, so every organization or every security team in the organization is concerned about uploading their code because ultimately the code is intellectual property. The most useful thing about Veracode is that if you want to upload the code, they accept only byte code. They do not accept the plain source code as an input. The code is converted into binary code, and it is uploaded to Veracode. So, it is quite secure. It also has the automation feature where you can integrate security during the initial stages of your software development life cycle. It is pretty much easy with Veracode. Veracode provides integration with multiple tools and platforms, such as Visual Studio, Java, and Eclipse. Developers can integrate with those tools by using Jenkins. The security consultation or the support that they provide is also really good. Its user management is also good. You can restrict the users for a particular application so that only certain developers will be able to see the code that has been scanned. Their reporting model is really good. For each customer, they provide a program manager. Every quarter, they have their reviews about how much it has scanned. They also ensure that the tool has been used efficiently."
"I don't have much experience with the solution yet. We're looking at integrating Manual Penetration Testing with JIRA and Bamboo and then building that into a CICD model, so the integration is the most valuable feature so far."
"The user interface is excellent, the code review process is quick and provides great analytics to understand our code better, and the SAST scan is high-speed."
"The capability to identify vulnerable code is the most valuable feature of Veracode."
"Veracode supports a broad range of code technologies, and it can analyze large applications. Fortify takes a long time and may not be able to generate the report for larger applications. We don't have these constraints with Veracode."
"I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection."
"The pricing is a bit on the higher side."
"We want to see how much bandwidth usage it consumes. When we monitor traffic we have issues with the consumption and throttling of the traffic."
"The solution can be improved by adding the ability to scan subdomains automatically, and by providing reports that can be exported to external databases to share with other solutions."
"Acunetix needs to include agent analysis."
"Tools that would allow us to work more efficiently with the mobile environment, with Android and iOS."
"Currently only supports web scanning."
"It would be nice to have a feature to "retest" only a single vulnerability that the customer reports as patched, and delete it from the next scans since it has already been patched."
"I would like to see expanded coverage for supporting more platforms, frameworks, and languages."
"Veracode's SAST, DAST, and SCA are pretty good with respect to industry standards, but with regard to container security, they are in either beta or alpha testing. They need to get that particular feature up and running so that they take care of the container security part."
"In some cases we use their APIs; they're not as rich as I would like."
"I would like to see improvement on the analytics side, and in integrations with different tools. Also, the dynamic scanning takes time."
"The pricing for qualified startups such as Neo4j could be improved."
"Veracode doesn't really help you so much when it comes to fixing things. It is able to find our vulnerabilities but the remediation activities it does provide are not a straight out-of-the-box kind of model. We need to work on remediation and not completely rely on Veracode."
"Straightforward to set up, but the configuration of the rules engine is difficult and complicated."
"Veracode can be slow at times and has room for improvement, which may cause delays in our products and prolonged static scans."
Acunetix is ranked 16th in Application Security Tools with 26 reviews while Veracode is ranked 2nd in Application Security Tools with 193 reviews. Acunetix is rated 7.6, while Veracode is rated 8.2. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Acunetix is most compared with OWASP Zap, Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan and PortSwigger Burp Suite Enterprise Edition, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk and Fortify on Demand. See our Acunetix vs. Veracode report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.