Acunetix by Invicti vs. BeyondTrust Network Security Scanner, powered by Retina (Legacy)

It is best suited for integrated security testing of applications which are hosted on web servers. The most important thing is the integration of DevSecOps which is crucial in today's fast paced environment of rapid development. The core of Acunetix is application scanning which is really great and I highly recommend this product to everyone

Retina Network Security Scanner is well suited for any environment and infrastructure that would like to expose security deficiencies across their network as well as visualize vulnerabilities as they pertain to assets in their environment. I cannot think of any scenario that would not be appropriate for this product. Since the product carries over to pretty much all assets in your environment, I don't know off the top of y head what it wouldn't be appropriate for.

• Fast.
• Easy-to-use.
• Great customer support.
• Reporting features.
• Supports importing state files from other popular application testing tools.
• Has other features built-in beyond just scanning for vulnerabilities.

• Scanning, network discovery.
• Does a good job at scanning without taking up network resources.
• Does not consume a lot of bandwidth.

• Configuration of DevSecOps can be improved for ease
• Dashboard can have API integration
• Broaden the scope of vulnerabilities

• I do not have any obvious cons to report at this time.

ZAP is a free tool, and adequate. But it is to that extent less friendly. I would not be as confident of the results and it definitely can't produce reports on par with Acunetix. There would be a lot of legwork on our end if we desired to switch to this tool.

I've evaluated Nessus and multiple other products. I'd say Retina is right there with Nessus. At a certain point, it's not about if the product "finds" more vulnerabilities, it's about how easy it is for the end user. All scanners right now find about the same amount of vulnerabilities, but some are harder for users to use. Retina has a pretty well-designed user interface.

• Saved money compared to other commercial scanners, especially over the long run.
• Scan speed seems to be pretty good compared to some of the bulkier commercial products out there. However, that largely has to do with proper configuration.
• A downside is that is requires a bit of extra work just to get it set up to scan APIs, web services, etc.

• The product is extremely easy to deploy, extremely positive.
• If you take full advantage of this product as I did, you will maximize your ROI quickly as we did.
• We were able to visualize our vulnerabilities efficiently and effectively and maintain scheduled scans that allowed us to maintain a continuous improvement atmosphere while securing our investments.
• The ability provide reporting allows our IT department to prioritize issues and remediate as required without chasing down low risk issues over high risk issues that need immediate attention.