Most Helpful Review
The integration between Nmap, the database and Metasploit saves a lot of time. The initial setup was a bit tricky.
Find out what your peers are saying about Qualys Virtual Scanner Appliance vs. Rapid7 Metasploit and other solutions. Updated: March 2020.
407,845 professionals have used our research since 2012.
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
The scalability is good. The scalability is more than good because it can operate both as a standalone and it can be integrated as part of applications. So that really makes it a very, very versatile solution to have.
For us, the most valuable aspect of the solution is the log-sequence feature.
It can operate both as a standalone and it can be integrated with other applications, which makes it a very versatile solution to have.
Our developers can run the attacks directly from their environments, desktops.
The vulnerability scanning option for analyzing the security loopholes on the websites is the most valuable feature of this solution.
The automated approach to these repetitive discovery attempts would take days to do manually and therefore it helps reduce the time needed to do an assessment.
Their technical support has been very active. If I have an issue, I can reach out to them and get an answer pretty quick.
We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why.
The most valuable feature is the certificate management.
They also have threat detection which maps threats. There is a feed that comes from Qualys when a new vulnerability is found. It tells us which machines are infected with that vulnerability.
The option to generate phishing emails has proven to be very valuable in understanding the behavior of users.
It contains almost all the available exploits and payloads.
It's not possible to do penetration testing without being very proficient in Metasploit.
We want to see how much bandwidth usage it consumes. When we monitor traffic we have issues with the consumption and throttling of the traffic.
The solution limits the number of scans. It would be much better if we could have unlimited scans.
When monitoring the traffic we always have issues with the bandwidth consumption and the throttling of traffic.
Tools that would allow us to work more efficiently with the mobile environment, with Android and iOS.
In terms of what needs improvement, the way the licensing model is currently is not very convenient for us because initially, when we bought it, the licensing model was very flexible, but now it restricts us.
It would be nice to have a feature to "retest" only a single vulnerability that the customer reports as patched, and delete it from the next scans since it has already been patched.
You can't actually change your password after you've set it unless you go back into the administration account and you change it there. Thus, if you're locked out and don't remember your password, that's a thing.
We have had issues during upgrades where their scans worked on some apps better with previous versions. Then, we had to work with their tech support, who were great, to get it fixed for the next version.
The reporting in this solution can be improved.
What we have found is that the solution is not closely tied with the patch management. It is okay with newer ones, like Windows 10 machines; it gives the correct patch. But for Windows 7 or Windows Server 2008, it does not give us the correct patch so we have to manually identify the patches. This is a major problem.
Metasploit cannot be installed on a machine with an antivirus.
It is necessary to add some training materials and a tutorial for beginners.
The initial setup was a bit "tweaky" for the open-source version.
Pricing and Cost Advice
The costs aren't very expensive. It costs around $3000 or $4000.
All things considered, I think it has a good price/value ratio.
The pricing and licensing are reasonable to a point. In order to run multiple scans at a time, we are going to have to purchase a 100 count license, which is an overkill. Though, compared to what we were paying for, the cost seems reasonable.
When we looked at all other vendors and what they were asking for, to provide a third of what Acunetix was capable of doing, it was an easy decision... But now that it's coming to a cost where it's line with market value, it becomes more of a competition... Acunetix is raising the cost of licensing. It's 3.5 times what we were initially quoted.
Acunetix was around the same price as all the other vendors we looked at, nothing special.
Information Not Available
It is expensive. Our license expired, and our company is not thinking to renew because of our budget.
I use the open-source version of this product. Pricing is not relevant.
Compared 24% of the time.
Compared 13% of the time.
Compared 10% of the time.
Compared 30% of the time.
Compared 26% of the time.
Compared 14% of the time.
Compared 62% of the time.
Compared 12% of the time.
Compared 7% of the time.
Also Known As
Acunetix Web Vulnerability Scanner is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross site scripting, and other exploitable vulnerabilities.
Qualys Virtual Scanner Appliance supports the same global scanning capabilities as our physical scanner appliance. The virtual scanner appliance is a stateless, disposable resource which acts as an extension of the Qualys Cloud Platform and is not a separately managed entity. This user guide describes how to get started with using a virtual scanner with your virtualization or cloud platform.
Attackers are always developing new exploits and attack methods—Metasploit penetration testing software helps you use their own weapons against them. Utilizing an ever-growing database of exploits, you can safely simulate real-world attacks on your network to train your security team to spot and stop the real thing.
Learn more about Acunetix Vulnerability Scanner
Learn more about Qualys Virtual Scanner Appliance
Learn more about Rapid7 Metasploit
|Joomla!, Digicure, Team Random, Credit Suisse, Samsung, Air New Zealand|
Information Not Available
|City of Corpus Christi, Diebold, Lumenate, Nebraska Public Power District, Prairie North Regional Health, Apptio, Automation Direct, Bob's Stores, Cardinal Innovations Healthcare Solutions, Carnegie Mellon University|
Financial Services Firm38%
Comms Service Provider13%
Software R&D Company38%
Comms Service Provider11%
No Data Available
Software R&D Company37%
Comms Service Provider22%