16 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 7.9 out of 100
10 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 9.1 out of 100

Attribute Ratings

  • Acunetix by Invicti and Black Duck Software Composition Analysis (SCA) are tied in 1 area: Likelihood to Recommend

Likelihood to Recommend

9.0

Acunetix by Invicti

90%
2 Ratings
9.0

Black Duck Software Composition Analysis (SCA)

90%
4 Ratings

Support Rating

Acunetix by Invicti

N/A
0 Ratings
8.2

Black Duck Software Composition Analysis (SCA)

82%
4 Ratings

Likelihood to Recommend

Invicti Security

Acunetix scales well from a small web development presence like ours to a full-scale enterprise focused on that. The various tools and sensors that provide assurance of the results and can give feedback down to the lines of code in the source are proof of this. Various integrations exist as well. The main thing for us is that it simplifies confirming and remediating potential issues in our code or proving that products we use have issues that we can then take to the vendor for correction.
Read full review

Synopsys

If you are using a lot of open-source libraries, which is most likely, this is a must-have to ensure no known vulnerabilities slip into production
Read full review

Pros

Invicti Security

  • Fast.
  • Easy-to-use.
  • Great customer support.
  • Reporting features.
  • Supports importing state files from other popular application testing tools.
  • Has other features built-in beyond just scanning for vulnerabilities.
Read full review

Synopsys

  • Quick inventory scan: Black Duck helps us scan the code repositories in no time. And quickly list the components and I now really know what is in my code.
  • Security and License risk management: Black Duck being rich in its knowledge base about the vulnerabilities and license issues of open source components, quickly compares the identified inventory to the Black Duck knowledge base and lists all the vulnerabilities and license issues in the code.
  • Integration for automatic scanning: Black Duck is part of devops which provides us automatic scanning. Black Duck is not just for devops but also SecOps.
Read full review

Cons

Invicti Security

  • Does not support multiple endpoints well (e.g. apps and services that do not reside at the same URL).
  • Has authentication problems with modern enterprise apps which involve a lot of redirects to unrelated endpoints, federated IDs, SSO, etc. This is related to the first point.
  • The vulnerability detection capability is not as robust as Burp Suite Pro + extensions, Metasploit + auxiliary modules, Nmap + scripts, etc.
Read full review

Synopsys

  • License model based on usage is costly.
  • Documentation is extensive, but often confusing.
  • Black Duck Hub could use some feature improvements for more robust governance capabilities
Read full review

Pricing Details

Acunetix by Invicti

Starting Price

$0

Editions & Modules

Acunetix by Invicti editions and modules pricing
EditionModules
Websites Scanned: 54,5001
Websites Scanned: 6-107,2002
Websites Scanned: 11-2010,8003
Websites Scanned: 21-3522,5404
Websites Scanned: 36-5026,6005
Websites Scanned: Over 50Contact for quote6

Offerings

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services

Entry-level set up fee?

No setup fee

Additional Details

Black Duck Software Composition Analysis (SCA)

Starting Price

Editions & Modules

Black Duck Software Composition Analysis (SCA) editions and modules pricing
EditionModules

Footnotes

    Offerings

    Free Trial
    Free/Freemium Version
    Premium Consulting/Integration Services

    Entry-level set up fee?

    Optional

    Additional Details

    Contact the Synopsys Software Integrity Group (SIG) Sales team at https://www.synopsys.com/software-integrity/contact-sales.html for more detailed pricing information.

    Support Rating

    Invicti Security

    No answers on this topic

    Synopsys

    Support seems very responsive.
    Read full review

    Alternatives Considered

    Invicti Security

    ZAP is a free tool, and adequate. But it is to that extent less friendly. I would not be as confident of the results and it definitely can't produce reports on par with Acunetix. There would be a lot of legwork on our end if we desired to switch to this tool.
    Read full review

    Synopsys

    Black Duck is an obvious choice, with its versatility, integration, best enterprise support and on top of the list the knowledge base Black Duck has. Vega or Grabber also scans the application and tells about vulnerabilities. But it can never be compared with the feature set of Black Duck. Black Duck can also generate reports.
    Read full review

    Return on Investment

    Invicti Security

    • Saved money compared to other commercial scanners, especially over the long run.
    • Scan speed seems to be pretty good compared to some of the bulkier commercial products out there. However, that largely has to do with proper configuration.
    • A downside is that is requires a bit of extra work just to get it set up to scan APIs, web services, etc.
    Read full review

    Synopsys

    • It is hard to measure ROI since Black Duck Hub saves us from costly legal battles that have thankfully never had to happen.
    Read full review

    Screenshots

    Add comparison