TrustRadius

Acunetix by Invicti vs. Black Duck Software Composition Analysis (SCA) vs. Mobile Security Framework (MobSF)

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Acunetix by Invicti
Score 8.0 out of 10
N/A
AcuSensor from Maltese company Acunetix is application security and testing software.
$4,500
Black Duck Software Composition Analysis (SCA)
Score 10.0 out of 10
N/A
Black Duck is a software composition analysis tool acquired and now supported by Synopsys since 2017.N/A
Mobile Security Framework (MobSF)
Score 8.0 out of 10
N/A
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for integration with CI/CD or DevSecOps pipeline. The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.N/A
Pricing
Acunetix by InvictiBlack Duck Software Composition Analysis (SCA)Mobile Security Framework (MobSF)
Editions & Modules
Websites Scanned: 5
4,500
Websites Scanned: 6-10
7,200
Websites Scanned: 11-20
10,800
Websites Scanned: 21-35
22,540
Websites Scanned: 36-50
26,600
Websites Scanned: Over 50
Contact for quote
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Acunetix by InvictiBlack Duck Software Composition Analysis (SCA)Mobile Security Framework (MobSF)
Free Trial
YesNoNo
Free/Freemium Version
NoNoNo
Premium Consulting/Integration Services
NoYesNo
Entry-level Setup FeeNo setup feeOptionalNo setup fee
Additional DetailsContact the Synopsys Software Integrity Group (SIG) Sales team at https://www.synopsys.com/software-integrity/contact-sales.html for more detailed pricing information.
More Pricing Information
Community Pulse
Acunetix by InvictiBlack Duck Software Composition Analysis (SCA)Mobile Security Framework (MobSF)
Best Alternatives
Acunetix by InvictiBlack Duck Software Composition Analysis (SCA)Mobile Security Framework (MobSF)
Small Businesses
GitLab
GitLab
Score 8.7 out of 10

No answers on this topic

No answers on this topic

Medium-sized Companies
Veracode
Veracode
Score 8.7 out of 10
Veracode
Veracode
Score 8.7 out of 10
Veracode
Veracode
Score 8.7 out of 10
Enterprises
Veracode
Veracode
Score 8.7 out of 10
Veracode
Veracode
Score 8.7 out of 10
Veracode
Veracode
Score 8.7 out of 10
All AlternativesView all alternativesView all alternativesView all alternatives
User Ratings
Acunetix by InvictiBlack Duck Software Composition Analysis (SCA)Mobile Security Framework (MobSF)
Likelihood to Recommend
9.0
(3 ratings)
10.0
(5 ratings)
8.0
(1 ratings)
Usability
-
(0 ratings)
8.0
(1 ratings)
-
(0 ratings)
Support Rating
-
(0 ratings)
8.2
(2 ratings)
-
(0 ratings)
User Testimonials
Acunetix by InvictiBlack Duck Software Composition Analysis (SCA)Mobile Security Framework (MobSF)
Likelihood to Recommend
Invicti Security
It is best suited for integrated security testing of applications which are hosted on web servers. The most important thing is the integration of DevSecOps which is crucial in today's fast paced environment of rapid development. The core of Acunetix is application scanning which is really great and I highly recommend this product to everyone
Rahul Deshmukh | TrustRadius Reviewer
Rahul Deshmukh
Security Solutions Architect
Read full review
Synopsys
If you are using a lot of open-source libraries, which is most likely, this is a must-have to ensure no known vulnerabilities slip into production
Verified User
Anonymous
Read full review
Open Source
MobSF is good for checking for vulnerabilities in your app. It will also give suggestions on how to address them. Another thing is can do is find code that may be incorrect. It is not, however, a substitute for a system that actually checks your code for proper use. It really is concentrated on security.
FD
Francis de Castro
Business User Engagement Manager
Read full review
Pros
Invicti Security
  • Fast.
  • Easy-to-use.
  • Great customer support.
  • Reporting features.
  • Supports importing state files from other popular application testing tools.
  • Has other features built-in beyond just scanning for vulnerabilities.
Aaron Bryson | TrustRadius Reviewer
Aaron Bryson
Director - Red Team (Application, Mobile, Cloud, IoT security, etc.)
Read full review
Synopsys
  • Quick inventory scan: Black Duck helps us scan the code repositories in no time. And quickly list the components and I now really know what is in my code.
  • Security and License risk management: Black Duck being rich in its knowledge base about the vulnerabilities and license issues of open source components, quickly compares the identified inventory to the Black Duck knowledge base and lists all the vulnerabilities and license issues in the code.
  • Integration for automatic scanning: Black Duck is part of devops which provides us automatic scanning. Black Duck is not just for devops but also SecOps.
Rajiv Aradhyula | TrustRadius Reviewer
Rajiv Aradhyula
Sr. Specialist Cloud Architect
Read full review
Open Source
  • Scan for vulnerabilities
  • Scan for bad coding
  • Give suggestions on fixes for security issues
FD
Francis de Castro
Business User Engagement Manager
Read full review
Cons
Invicti Security
  • Configuration of DevSecOps can be improved for ease
  • Dashboard can have API integration
  • Broaden the scope of vulnerabilities
Rahul Deshmukh | TrustRadius Reviewer
Rahul Deshmukh
Security Solutions Architect
Read full review
Synopsys
  • License model based on usage is costly.
  • Documentation is extensive, but often confusing.
  • Black Duck Hub could use some feature improvements for more robust governance capabilities
Emmanuel Canaan | TrustRadius Reviewer
Emmanuel Canaan
Project Manager, Technology Operations
Read full review
Open Source
  • The UI is not that user friendly
  • The documentation could be easier to understand
  • An easier method of deploying MobSF would be appreciated
FD
Francis de Castro
Business User Engagement Manager
Read full review
Usability
Invicti Security
No answers on this topic
Synopsys
If you don’t know how to scan for the language, it isn’t entirely user friendly
Suzanne Desmond | TrustRadius Reviewer
Suzanne Desmond
Cloud DevOps Engineer
Read full review
Open Source
No answers on this topic
Support Rating
Invicti Security
No answers on this topic
Synopsys
Support seems very responsive.
Verified User
Anonymous
Read full review
Open Source
No answers on this topic
Alternatives Considered
Invicti Security
ZAP is a free tool, and adequate. But it is to that extent less friendly. I would not be as confident of the results and it definitely can't produce reports on par with Acunetix. There would be a lot of legwork on our end if we desired to switch to this tool.
AE
Allan Crittenden Edwards
Security Analyst
Read full review
Synopsys
Black Duck is an obvious choice, with its versatility, integration, best enterprise support and on top of the list the knowledge base Black Duck has. Vega or Grabber also scans the application and tells about vulnerabilities. But it can never be compared with the feature set of Black Duck. Black Duck can also generate reports.
Rajiv Aradhyula | TrustRadius Reviewer
Rajiv Aradhyula
Sr. Specialist Cloud Architect
Read full review
Open Source
In my opinion, MobSF is not as comprehensive as SonarQube. Both, however, do a very good job in scanning your code for vulnerabilities. Both do roughly the same things. The reports of SonarQube are more detailed though. The advantage that MobSF has over SonarQube is the price. One is free while the other is a paid solution (with several tiers). However, we use them together to get a more comprehensive scan.
FD
Francis de Castro
Business User Engagement Manager
Read full review
Return on Investment
Invicti Security
  • Saved money compared to other commercial scanners, especially over the long run.
  • Scan speed seems to be pretty good compared to some of the bulkier commercial products out there. However, that largely has to do with proper configuration.
  • A downside is that is requires a bit of extra work just to get it set up to scan APIs, web services, etc.
Aaron Bryson | TrustRadius Reviewer
Aaron Bryson
Director - Red Team (Application, Mobile, Cloud, IoT security, etc.)
Read full review
Synopsys
  • It is hard to measure ROI since Black Duck Hub saves us from costly legal battles that have thankfully never had to happen.
Emmanuel Canaan | TrustRadius Reviewer
Emmanuel Canaan
Project Manager, Technology Operations
Read full review
Open Source
  • It has allowed our apps to pass a security vetting requirement of a third party to deploy our app
  • We can see where we can improve on the development of our app
  • The deployment can take a while, especially with teams not familiar with the software
FD
Francis de Castro
Business User Engagement Manager
Read full review
ScreenShots

Acunetix by Invicti Screenshots

Screenshot of DashboardScreenshot of FilteringScreenshot of scan results

Black Duck Software Composition Analysis (SCA) Screenshots

Screenshot of Black Duck helps you find and fix your highest-priority vulnerabilitiesScreenshot of Use Black Duck to comply with open source license obligations and to verify compliance with all open source license termsScreenshot of Black Duck automatically creates tickets in your activity tracking applications like Jira for both policy violations and vulnerabilitiesScreenshot of Black Duck's vulnerability ImpactAnalysis indicates whether a vulnerability is actually being called by your applicationScreenshot of The Black Duck security advisory gives the information you need to address security risks and make the fixScreenshot of Black Duck generates a Bill of Materials which gives you a complete and detailed inventory of all open source identified in your codebase