What users are saying about
<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener'>Customer Verified: Read more.</a>
Top Rated
154 Ratings
16 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 7.6 out of 100

Veracode

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener'>Customer Verified: Read more.</a>
Top Rated
154 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 9 out of 100

Attribute Ratings

  • Acunetix by Invicti is rated higher in 1 area: Likelihood to Recommend

Likelihood to Recommend

9.0

Acunetix by Invicti

90%
1 Rating
8.9

Veracode

89%
103 Ratings

Likelihood to Renew

Acunetix by Invicti

N/A
0 Ratings
8.5

Veracode

85%
3 Ratings

Usability

Acunetix by Invicti

N/A
0 Ratings
7.3

Veracode

73%
25 Ratings

Support Rating

Acunetix by Invicti

N/A
0 Ratings
7.8

Veracode

78%
53 Ratings

Implementation Rating

Acunetix by Invicti

N/A
0 Ratings
7.3

Veracode

73%
1 Rating

Likelihood to Recommend

Acunetix by Invicti

It is suited well for ad-hoc and scheduled application vulnerability scans. You must review the results to manually filter out false-positives. You must always keep in mind that this is only a vulnerability scan. It can only find a certain class of vulnerabilities, and it can only do that so well. You should definitely not rely on this tool alone for identifying problems. That being said, I have used it along with every other major commercial vulnerability scanner and find it to the best overall ROI compared to more expensive commercial scanners that don't necessarily give you a better user experience or better vulnerability results. I rarely need support from the vendor, but when I do, they have been responsive and able to solve the issue quickly.
Aaron Bryson | TrustRadius Reviewer

Veracode

It just works and allows for a left shift, which has been shown as a vast reduction in dev work and cost. With policy and other outlines, your security team can help Devs program safer applications and protect your company's platforms from vulnerability...
Robert Hood | TrustRadius Reviewer

Pros

Acunetix by Invicti

  • Fast.
  • Easy-to-use.
  • Great customer support.
  • Reporting features.
  • Supports importing state files from other popular application testing tools.
  • Has other features built-in beyond just scanning for vulnerabilities.
Aaron Bryson | TrustRadius Reviewer

Veracode

  • The pipeline scan is a very fast way to scan code and inform developers if a new flaw is introduced by their pull requests.
  • Upload & Scan provides an in-depth analysis of the codebase, which features like reporting being made easy.
  • SCA Scans help us not only identify the vulnerabilities but also in helping fix them and in identifying if our application is using that part of the vulnerable library or not.
  • Veracode is very easy to integrate into the CI/CD pipelines (especially Jenkins)
Anonymous | TrustRadius Reviewer

Cons

Acunetix by Invicti

  • Does not support multiple endpoints well (e.g. apps and services that do not reside at the same URL).
  • Has authentication problems with modern enterprise apps which involve a lot of redirects to unrelated endpoints, federated IDs, SSO, etc. This is related to the first point.
  • The vulnerability detection capability is not as robust as Burp Suite Pro + extensions, Metasploit + auxiliary modules, Nmap + scripts, etc.
Aaron Bryson | TrustRadius Reviewer

Veracode

  • There is an initial overhead on generating the binary artefacts for scanning. The binaries need to be loaded with debug symbols for Veracode to be able to trace the defect back to the file and line number. This is relatively easy for modern programming languages (e.g. Java) with latest build tools (e.g. maven/gradle) but can be quite challenging for languages which are platform specific (C/C++) and have dated build systems (e.g. make).
  • Entry Point Selection. After the binaries are uploaded for scanning, the Veracode platform analyses them (pre-scan) and provides a list of 'modules' to be selected for scanning. Only the points of entry of program execution need to be selected here, based on the application architecture. The 3rd party modules on which your code is dependent on need to be uploaded but not selected as entry points for execution. This typically needs some fine-tuning and teams take some iterations to optimise. This would need the product architect inputs which teams generally do not understand, as they treat scanning in general as a DevSecOps responsibility and only after scanning, the developers/architects pitch in. For Veracode, their inputs are needed even during the scanning, for the first few scans at least.
  • This is a both a pro and con. Veracode does not give any option to customise the scanning rules or tweak what it is scanning for. This makes for a much simpler setup but also gives no scope for creating an application-specific scanning profile. For instance, if I do not want Veracode to look for SQL injection for whatever reason, or if I want Veracode to only look for OWASP Top 10 vulnerabilities, I cannot configure.
  • Long scan times, specifically for C/C++ based product/app scans. Some of the scans for enterprise scale product in C/C++ used to take quite many hours, and at times a couple of days. There have been improvements in this during the course of our 3 years of usage but in general, scans take a long time to complete.
Śrinivāsa Rao Kuruba | TrustRadius Reviewer

Pricing Details

Acunetix by Invicti

General

Free Trial
Yes
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

Starting Price

$0

Acunetix by Invicti Editions & Modules

Edition
Websites Scanned: 5$4,500
Websites Scanned: 6-10$7,200
Websites Scanned: 11-20$10,800
Websites Scanned: 21-35$22,540
Websites Scanned: 36-50$26,600
Websites Scanned: Over 50Contact for quote
  1. none
Additional Pricing Details

Veracode

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

Starting Price

Veracode Editions & Modules

Additional Pricing Details

Likelihood to Renew

Acunetix by Invicti

No score
No answers yet
No answers on this topic

Veracode

Veracode 8.5
Based on 3 answers
At this time, and we just renewed a month ago, I dont see any products out there overall that can offer what Veracode does. Yes, its not cheap by any means, but for the money its the best application security scanning tool out there.
Anonymous | TrustRadius Reviewer

Usability

Acunetix by Invicti

No score
No answers yet
No answers on this topic

Veracode

Veracode 7.3
Based on 25 answers
This used to be terrible. Had a difficult time figuring out where information was. Partly this was due to duplicative features, jargon labels, and user navigation. However, in the seven years I've been using the product, it has gotten better.Some of my issues were associated with trying to get scans to work unassisted. Now that scans, once set up, just run periodically, I don't have to deal with that as much. Part of this might also be that I've learned what I need to know about getting around. And still part of this assessment is in comparison to other tools out there that are even worse. Still, they could benefit from an investment in a full useability redesign from someone with an outside perspective, modernizing the UX but also studying and working through the bigger usability concerns. I would love to see better diagnostic tools around getting scans to work so I wouldn't need their tech support people to get scans to work. However, as long as the scheduler keeps going, my needs on this get ever rarer.
David Nelson-Gal | TrustRadius Reviewer

Support Rating

Acunetix by Invicti

No score
No answers yet
No answers on this topic

Veracode

Veracode 7.8
Based on 53 answers
Veracode Support has been great. Any time I have had a question, they have responded in a prompt manner. I'd say nine out of ten times they are able to resolve any issues that have come up with a short email exchange. For issues requiring a bit more investigation, their consultants are tops.
Teresa Kosinski | TrustRadius Reviewer

Implementation Rating

Acunetix by Invicti

No score
No answers yet
No answers on this topic

Veracode

Veracode 7.3
Based on 1 answer
We use it as a SAS service, so really just getting our teams to mold the use of Veracode into their SDLC has been a process of years in the making. It comes down to what your teams are ready and willing to accept and change. Management is key in getting their groups on board with using it regularly. If it doesnt have management backing, your security teams have little to no influence in getting this process off the ground fully.
Anonymous | TrustRadius Reviewer

Alternatives Considered

Acunetix by Invicti

Every year, we re-evaluate the tools we are using and licensing. We balance the ever-changing vendor licensing-models, costs, tool features/usability, etc. For the last few years, this has been the best overall commercial tool for our specific use case. However, this is only one of many tools that we use and need.
Aaron Bryson | TrustRadius Reviewer

Veracode

I have used SonarQube for code quality and security analysis in the past, but Veracode's Software Composition Analysis analysis makes a big difference in terms of identifying vulnerabilities in dependencies. It would make it a lot easier if the IDE plugin could show the transitive dependency the introduces the vulnerabilities. I'm very pleased [in] Veracode reporting so far.
Anonymous | TrustRadius Reviewer

Return on Investment

Acunetix by Invicti

  • Saved money compared to other commercial scanners, especially over the long run.
  • Scan speed seems to be pretty good compared to some of the bulkier commercial products out there. However, that largely has to do with proper configuration.
  • A downside is that is requires a bit of extra work just to get it set up to scan APIs, web services, etc.
Aaron Bryson | TrustRadius Reviewer

Veracode

  • As I already stated, the cost per application is very high which makes the use of Veracode too expensive for many of out applications.
  • The analysis report is accepted by our clients as a proper SSAT report.
  • Most of out competition does not perform any type of SSAT on the applications they create. This is something we offer and be the only one out there doing this type of testing.
Glenn Jones | TrustRadius Reviewer

Screenshots

Add comparison