About Acunetix

Acunetix is a cyber security and web vulnerability scanner solution offering automatic web security testing technology that enables organizations to scan and audit complex, authenticated, HTML5 and JavaScript-heavy websites. Acunetix provides the ability to detect over 6,500 web vulnerabilities such as XSS, XXE, SSRF, SQL Injection, host header injection, and more, which can compromise the company’s website and data.

Acunetix’s vulnerability scanner helps accurately detect critical web application vulnerabilities, including open-source software and custom-built applications. The solution’s innovative technologies include DeepScan, which enables the crawling of AJAX-heavy client-side SPAs (single page applications), AcuSensor, which combines black box scanning techniques with feedback from sensors placed in the source code, as well as SQL injection and cross-site scripting testing. Acunetix also has the ability to scan WordPress installations for over 1000 known vulnerabilities in the platform’s core, plugins, and themes, while the login sequence recorder tool automates the scanning of complex password protected areas.

A combination of black-box and white-box testing helps enhance a scan’s detection rate, and helps reduce false positive rates, along with the automatic verification of several high-severity vulnerabilities. Line of code visibility indicates which is the vulnerable line of code, pinpointing what needs to be fixed, and where. Acunetix also scans perimeter network services to help avoid any data breaches, and tests networks for vulnerabilities and misconfigurations. Advanced features include manual penetration testing tools, automatic web application firewall (WAF) configuration, and a REST API to integrate Acunetix into other custom workflows and processes.

Key benefits of Acunetix

  • Acunetix can scan HTML5 websites, SPAs & executes JavaScript, with the ability to detect over 6,500 web vulnerabilities.

  • Prioritize and control threats with integrated tools for vulnerability management and collaborate with the team to build and maintain an effective security program.

  • Acunetix offers a high detection rate of SQLi and XSS vulnerabilities including Blind XSS and DOM-based XSS with low false positives.

  • Detect malware URLs on websites or web applications and identify links to URLs which are being used for phishing and fraud using Acunetix's malware detection service.

  • Test for weak passwords, badly configured proxy servers, and other network vulnerabilities and view results or create security reports via the Acunetix online dashboard.

  • Devices

    Business size

    S M L

    Markets

    Australia, Brazil, Canada, Germany, India and 3 others, Japan, Mexico, United States

    Supported Languages

    English

    Images

    View 7 more
    Acunetix video
    Acunetix video
    Acunetix screenshot: Acunetix screenshot: Acunetix screenshot: Acunetix screenshot: Acunetix screenshot: Acunetix screenshot:

    Features

    Total features of Acunetix: 34

    • API
    • Access Control
    • Access Controls/Permissions
    • Activity Dashboard
    • Alerts/Notifications
    • Application Security
    • Assessment Management
    • Asset Discovery
    • Asset Tagging
    • Audit Management
    • Audit Trail
    • Automated Scheduling
    • Compliance Management
    • Data Security
    • Endpoint Protection Software
    • IOC Verification
    • Issue Management
    • Issue Tracking
    • Multiple User Accounts
    • Network Scanning
    • Prioritisation
    • Progress Tracking
    • Risk Alerts
    • Risk Analytics
    • Risk Assessment
    • Risk Management
    • Role-Based Permissions
    • Status Tracking
    • Third Party Integrations
    • Trend Analysis
    • Vulnerability Assessment
    • Vulnerability Protection
    • Vulnerability Scanning
    • Web Scanning

    Alternatives

    Syxsense

    4.7
    #1 Alternative to Acunetix
    Syxsense is an endpoint security software designed to help SecOps departments, managed service providers (MSPs), and IT...

    Orca Security

    4.8
    #2 Alternative to Acunetix
    Got more than 100 cloud assets? Orca Security provides workload-level security for Amazon Web Services (AWS), Azure,...

    LastPass

    4.7
    #3 Alternative to Acunetix
    LastPass provides secure password management. LastPass is the most convenient way for businesses to improve their...

    Netsparker

    4.7
    #4 Alternative to Acunetix
    Netsparker web application security scanning solution automatically identifies XSS, SQL Injection and other...

    Reviews

    Overall rating

    4.5 /5
    (32)
    Value for Money
    4/5
    Features
    4.3/5
    Ease of Use
    4.5/5
    Customer Support
    4.3/5

    Already have Acunetix?

    Software buyers need your help! Product reviews help the rest of us make great decisions.

    Write a Review!
    Showing 5 reviews of 32
    Will E.
    Overall rating
    • Industry: Internet
    • Company size: 11-50 Employees
    • Used Weekly for 2+ years
    • Review Source

    Overall rating

    • Value for Money
    • Ease of Use
    • Customer Support
    • Likelihood to recommend 8.0 /10

    A well priced, cloud based vulnerability scanner

    Reviewed on 21/1/2018

    Pros

    I can schedule daily, weekly or monthly scans of targets which checks for vulnerabilities in our cloud infrastructure from one control panel. The ability to send different types of reports to various parties, for example a 'Board level' report or 'Developer' report is handy for tailoring content to the audience.

    Cons

    It perhaps could be improved by adding a section for commenting on how a vulnerability was fixed and a link to a relevant URL to confirm this. Pricing is good for a small amount of targets, but quickly becomes expensive for multiple target locations.

    Response from Acunetix

    Thank you for your feedback

    Juho W.
    Overall rating
    • Industry: Information Services
    • Company size: 5,001-10,000 Employees
    • Used Daily for 1+ year
    • Review Source

    Overall rating

    • Value for Money
    • Ease of Use
    • Customer Support
    • Likelihood to recommend 8.0 /10

    The guarantee of safety

    Reviewed on 11/3/2019

    The only thing about using the Acunetix is takin it seriously and really use the instructions it...

    The only thing about using the Acunetix is takin it seriously and really use the instructions it gives you. The reporting system sends the instructions of providing complete security to your documents and all you have to do is to follow those instructions.

    Pros

    The unique thing about the program which makes it distinguish among the many other programs of this type is the security system. Overtime you add a document to your profile the program analyzes the risks of the document to be stolen and creates a kind of the special defense for this particular document.
    This way, the program not only provides the user with the incredibly convenient service and saves his or her time, but also prevents from losing money and getting stressed. It is hard to imagine a scanner to be that universal. The Acunetix can easily cope with documents of any format and keeps everything you are working with really secure so that the really important documents or the catching fire ideas are totally under your control, there is no need to worry.

    Cons

    The only inconvenient thing about the Acunetix is something the people call «Overprotection». Once you are signed in the security system is on and covers not only the documents dowloaded to the program, but it also washes every activity you might possibly do in the Internet and regularly sends you the warning alerts about the unsecured websites.

    Response from Acunetix

    Thank you for your review. Your feedback is very important to us.

    Verified Reviewer
    Overall rating
    • Industry: Computer & Network Security
    • Company size: 11-50 Employees
    • Used Daily for 2+ years
    • Review Source

    Overall rating

    • Value for Money
    • Ease of Use
    • Customer Support
    • Likelihood to recommend 7.0 /10

    Ok tool, but fix your business model and add more settings to the interface

    Reviewed on 17/8/2018

    Continuation of the cons section (number of chars was limited).

    * Settings are sometimes unclear,...

    Continuation of the cons section (number of chars was limited).

    * Settings are sometimes unclear, an info icon with a popup would be nice.

    Example 1: In the "Site Structure" of a scan it is possible to press "exclude", does it exlude the path from futre scans? If so why don't I see anything in the target settings? Or does "exlude" exclude vulnerabilities from the report? BTW after pressing exlude I'm not able to "include" it again.

    Example 2: "scan speed", how many threads per setting are we talking about?

    * Would definitly like to get some more feedback from scans directly in the interface, what is it doing, why did it fail, did all the "allowed hosts" got scanned etc. I know you can debug a target, but this is not what I mean.

    Pros

    * The number of checks that take place.

    * The quality of the issues found.

    * After years it is finally possible to pause a scan, hallelujah.

    Cons

    * As a pentester I absolutely miss a more flexible way to configure settings like it was possible in v10. The interface is built as "point a shoot", idiot proof. Currently, If I want to configure things I need to change xml config files on the server and reload acunetix...

    * After the release of v12 we were called by a sales agent as we suddently couldn't add targets anymore. The license model suddenly changed completely. The entire business model is now based on scanning an applications continuously over the year. However, as a pentesting business for we mostly scan apps just 1 time for our security assessments. It absolutely makes no sense to apply the same costs! Just like Netsparker, acunetix should have plans for pentesters and consultants.

    * Scanning an app that spans multiple domains always results in problems. Currently you have the "Allowed hosts" settings which is crappy in setting up. I need to set all (sub) domains to a different target. And ofcourse with the current business model you are charged per target, lol.

    Response from Acunetix

    Thank you for your honest feedback:

    As you rightly say, we try to keep an easy to use interface, with the intention of automatically detecting the best way to scan the site. There are some settings which are not used by most of our customers, and which can be manually tweaked from the settings file.

    I think you might have missed the little help icon at the top right corner of the Acunetix interface. When clicked, this provides help on the settings loaded in the current page. But to answer your queries:

    Example 1 - When you Exclude a path from the Site Structure, the exclusion will be stored with the Target, and will affect subsequent scans. You can delete the exclusion from the Target settings.

    Example 2: this is explained on our website at https://www.acunetix.com/blog/docs/configure-scan-speed-acunetix/. I have forwarded your comment about the scan feedback to the product team.

    Regarding licensing, I would suggest that you get in touch with our sales team, who can work

    Verified Reviewer
    Overall rating
    • Industry: Information Technology & Services
    • Company size: 201-500 Employees
    • Used Weekly for 6-12 months
    • Review Source

    Overall rating

    • Value for Money
    • Ease of Use
    • Customer Support
    • Likelihood to recommend 8.0 /10

    Simple, but very powerful web vunlerability scanner

    Reviewed on 13/8/2018

    Good thing for a web application pentesting, can give You insight of a present vulnerabilities....

    Good thing for a web application pentesting, can give You insight of a present vulnerabilities. Would recommend using in tandem with infrastructure scanner (like Nessus) to create a complete testing solution. Also presence of continous scanning and scheduler could be used for a regular security assesment of Your web applications.

    Pros

    Ease of use, good customer support, very insightful reports (especially Developer raport), good vulnerability management. Also continous scanning option is an interesting thing for having continous security awareness of Your vulnerability level. Also login sequence recorder is an awesome tool.

    Cons

    Not a lot of scan options to configure - especially in comparison to Nessus - every check is done in default, You can't choose specifically which test is done in selected scan, only the type of scan (full, high-risk vulnerabilities, xss, sqli, weak passwords, crawl only ) or technology in which the scanned web app is written.

    Response from Acunetix

    Thank you for your feedback ¿ we¿re glad that Acuneix is working for you.

    Regarding your comment about choosing what to scan for ¿ you can already do this in Acunetix, although the feature is slightly hidden away in Settings > Scan Types. Here you can create your own custom Scan Types, and you will be able to choose which vulnerabilities to check for. When creating a new custom Scan Type, you can filter the vulnerability checks from the top right hand corner of the page.

    Remember that you can also easily retest for a specific vulnerability identified in a previous scan.

    Kai M.
    Overall rating
    • Industry: Information Technology & Services
    • Company size: 51-200 Employees
    • Used Weekly for 2+ years
    • Review Source

    Overall rating

    • Value for Money
    • Ease of Use
    • Customer Support
    • Likelihood to recommend 9.0 /10

    Acunetix always gives me a very good first impression

    Reviewed on 10/8/2018

    Pros

    We are using Acunetix now for more than 5 years. It is very easy to create new targets and quickly start automatic scans. The AcuSensor often gives me a good hint where I should take a closer look manually.
    Our management likes the well structured reports.

    Cons

    If a web application is very complex, the scanner sometimes does not really manage to find its path through the process.
    Since the application changed to the web gui, it is more complicated to specify pre-recorded login sequence. The user has to log into the server, where Acunetix is hostet and start a different application to record the sequence.

    Response from Acunetix

    Thank you for your feedback.

    We are planning on integrating the Acunetix Login Sequence Recorder in the Acunetix web UI. This will make it easier to record login sequences moving forward. If all goes well, we will have this feature in place by the end of Q3 / beginning Q4 this year.

    Showing 5 reviews of 32 Read all reviews

    Acunetix FAQs

    Below are some frequently asked questions for Acunetix.

    Acunetix offers the following pricing plans:

    • Starting from:
    • Pricing model: Subscription
    • Free Trial: Available

    For 3 targets (websites)

    We do not have any information about Acunetix features

    Acunetix has the following typical customers:

    2-10, 11-50, 51-200, 201-500, 501-1,000, 1,001+

    Acunetix supports the following languages:

    English

    Acunetix supports the following devices:

    Acunetix integrates with the following applications:

    GitHub, Jira

    Acunetix offers the following support options:

    Email/Help Desk, FAQs/Forum, Phone Support

    Related categories

    See all software categories found for Acunetix.