Likelihood to Recommend
It is suited well for ad-hoc and scheduled application vulnerability scans. You must review the results to manually filter out false-positives. You must always keep in mind that this is only a vulnerability scan. It can only find a certain class of vulnerabilities, and it can only do that so well. You should definitely not rely on this tool alone for identifying problems. That being said, I have used it along with every other major commercial vulnerability scanner and find it to the best overall ROI compared to more expensive commercial scanners that don't necessarily give you a better user experience or better vulnerability results. I rarely need support from the vendor, but when I do, they have been responsive and able to solve the issue quickly.
If you are developing mobile apps, you should be doing regular vulnerability scans. Quixxi Scan does this quickly and easily from your working app code. Furthermore, if your company requires compliance with any of the major software development or industry-standard data security standards like SOC -2, the Quixxi scan reports are ideal and can be used "as is."
- Great customer support.
- Reporting features.
- Supports importing state files from other popular application testing tools.
- Has other features built-in beyond just scanning for vulnerabilities.
- Simple to understand but comprehensive PDF report. Ideal for compliance reporting.
- Provides recommendations to resolve vulnerabilities.
- Uses industry standard OWASP framework for vulnerability identification.
- Does not support multiple endpoints well (e.g. apps and services that do not reside at the same URL).
- Has authentication problems with modern enterprise apps which involve a lot of redirects to unrelated endpoints, federated IDs, SSO, etc. This is related to the first point.
- The vulnerability detection capability is not as robust as Burp Suite Pro + extensions, Metasploit + auxiliary modules, Nmap + scripts, etc.
No answers yet
No answers on this topic
Quixxi Security 9.0
Based on 1 answer
Very good. I only had one problem when implementing it and the Support team was online via chat and helped me straight away.
Every year, we re-evaluate the tools we are using and licensing. We balance the ever-changing vendor licensing-models, costs, tool features/usability, etc. For the last few years, this has been the best overall commercial tool for our specific use case. However, this is only one of many tools that we use and need.
Return on Investment
- Saved money compared to other commercial scanners, especially over the long run.
- Scan speed seems to be pretty good compared to some of the bulkier commercial products out there. However, that largely has to do with proper configuration.
- A downside is that is requires a bit of extra work just to get it set up to scan APIs, web services, etc.
- It's cheap and comprehensive.
- It's quick and easy to use.
- It can be integrated into X-Code or Android Studio to run as a part of Git code checking or app deployment in the testing stage.
Premium Consulting/Integration Services—
Entry-level set up fee?
Acunetix Editions & Modules
Additional Pricing Details—
Premium Consulting/Integration Services
Entry-level set up fee?
Quixxi Security Editions & Modules
|Scan / Shield Lite||$03|
- Per App
- 1-2 Apps
- Per App
- Unlimited Apps