What users are saying about
16 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>Score 7.6 out of 100
Based on 16 reviews and ratings
2 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>Score 9 out of 100
Based on 2 reviews and ratings
Attribute Ratings
- CAST Highlight is rated higher in 1 area: Likelihood to Recommend
Likelihood to Recommend

9.0
Acunetix by Invicti
90%
1 Rating
10.0
CAST Highlight
100%
1 Rating
Support Rating

Acunetix by Invicti
N/A
0 Ratings
10.0
CAST Highlight
100%
2 Ratings
Likelihood to Recommend
Acunetix by Invicti
It is suited well for ad-hoc and scheduled application vulnerability scans. You must review the results to manually filter out false-positives. You must always keep in mind that this is only a vulnerability scan. It can only find a certain class of vulnerabilities, and it can only do that so well. You should definitely not rely on this tool alone for identifying problems. That being said, I have used it along with every other major commercial vulnerability scanner and find it to the best overall ROI compared to more expensive commercial scanners that don't necessarily give you a better user experience or better vulnerability results. I rarely need support from the vendor, but when I do, they have been responsive and able to solve the issue quickly.
Director - Red Team (Application, Mobile, Cloud, IoT security, etc.)
Cylance, Inc.Computer & Network Security, 1001-5000 employees
CAST Highlight
I think CAST is a great tool to give insight into your applications. The tool can be met with resistance from team members as the tool is going to expose defects that should be addressed. Out of the box, it may need some tailoring to focus on certain areas so that you are not overwhelmed with defects the first time you scan your code. But ultimately, you will want to eliminate all defects in the code and have all violations turned on.
Vice President, Chief Architect, Development Manager and Software Engineer
WySTAR Global Retirement Solutions, a Wells Fargo CompanyFinancial Services, 10,001+ employees
Pros
Acunetix by Invicti
- Fast.
- Easy-to-use.
- Great customer support.
- Reporting features.
- Supports importing state files from other popular application testing tools.
- Has other features built-in beyond just scanning for vulnerabilities.
Director - Red Team (Application, Mobile, Cloud, IoT security, etc.)
Cylance, Inc.Computer & Network Security, 1001-5000 employees
CAST Highlight
- Identifies common coding vulnerabilities.
- Compares code to industry best practices.
- Assesses the code for data privacy compliance.
Vice President, Chief Architect, Development Manager and Software Engineer
WySTAR Global Retirement Solutions, a Wells Fargo CompanyFinancial Services, 10,001+ employees
Cons
Acunetix by Invicti
- Does not support multiple endpoints well (e.g. apps and services that do not reside at the same URL).
- Has authentication problems with modern enterprise apps which involve a lot of redirects to unrelated endpoints, federated IDs, SSO, etc. This is related to the first point.
- The vulnerability detection capability is not as robust as Burp Suite Pro + extensions, Metasploit + auxiliary modules, Nmap + scripts, etc.
Director - Red Team (Application, Mobile, Cloud, IoT security, etc.)
Cylance, Inc.Computer & Network Security, 1001-5000 employees
CAST Highlight
- Code scans could be faster. A large application may need to be broken down into smaller sub-applications in order to facilitate faster code scans.
- We spent a lot of time trying to figure out how to best structure our code base in the application for ultimate performance.
Vice President, Chief Architect, Development Manager and Software Engineer
WySTAR Global Retirement Solutions, a Wells Fargo CompanyFinancial Services, 10,001+ employees
Pricing Details
Acunetix by Invicti
General
Free Trial
Yes
Free/Freemium Version
—Premium Consulting/Integration Services
—Entry-level set up fee?
No
Starting Price
$0
Acunetix by Invicti Editions & Modules
Edition
Websites Scanned: 5 | $4,500 |
---|---|
Websites Scanned: 6-10 | $7,200 |
Websites Scanned: 11-20 | $10,800 |
Websites Scanned: 21-35 | $22,540 |
Websites Scanned: 36-50 | $26,600 |
Websites Scanned: Over 50 | Contact for quote |
- none
Additional Pricing Details
—CAST Highlight
General
Free Trial
Yes
Free/Freemium Version
—Premium Consulting/Integration Services
Yes
Entry-level set up fee?
Optional
Included
Starting Price
$25,000 per year
CAST Highlight Editions & Modules
—
Additional Pricing Details
Pricing is based on the size of the application portfolio (number of applications) with unlimited users.Support Rating
Acunetix by Invicti
No score
No answers yet
No answers on this topic
CAST Highlight
CAST Highlight 10.0
Based on 2 answers
Tech support and pro services are top-notch.
Vice President, Chief Architect, Development Manager and Software Engineer
WySTAR Global Retirement Solutions, a Wells Fargo CompanyFinancial Services, 10,001+ employees
Alternatives Considered
Acunetix by Invicti
Every year, we re-evaluate the tools we are using and licensing. We balance the ever-changing vendor licensing-models, costs, tool features/usability, etc. For the last few years, this has been the best overall commercial tool for our specific use case. However, this is only one of many tools that we use and need.
Director - Red Team (Application, Mobile, Cloud, IoT security, etc.)
Cylance, Inc.Computer & Network Security, 1001-5000 employees
CAST Highlight
These other tools only do a part of what CAST does. CAST gives a comprehensive view into the code looking at all aspects, code quality, security, maintainability, vulnerability, privacy, reuse, etc. These other tools only focus on one or two dimensions.
Vice President, Chief Architect, Development Manager and Software Engineer
WySTAR Global Retirement Solutions, a Wells Fargo CompanyFinancial Services, 10,001+ employees
Return on Investment
Acunetix by Invicti
- Saved money compared to other commercial scanners, especially over the long run.
- Scan speed seems to be pretty good compared to some of the bulkier commercial products out there. However, that largely has to do with proper configuration.
- A downside is that is requires a bit of extra work just to get it set up to scan APIs, web services, etc.
Director - Red Team (Application, Mobile, Cloud, IoT security, etc.)
Cylance, Inc.Computer & Network Security, 1001-5000 employees
CAST Highlight
- I believe once we had the tool working for our code base, we immediately saw positive ROI.
- We spent some time getting to where our code code be scanned efficiently but some of that was trying to do things ourselves instead of fully utilizing Cast Professional Services. I highly recommend to do an engagement with CAST to have them help setup the tool in your environment or to run it in the cloud for you.
Vice President, Chief Architect, Development Manager and Software Engineer
WySTAR Global Retirement Solutions, a Wells Fargo CompanyFinancial Services, 10,001+ employees