Acunetix by Invicti

Acunetix by Invicti

About TrustRadius Scoring
Score 7.9 out of 100
Acunetix by Invicti


What is Acunetix by Invicti?

AcuSensor from Maltese company Acunetix is application security and testing software.
Read more

Recent Reviews

Read all reviews

Reviewer Pros & Cons

View all pros & cons
Return to navigation


View all pricing

Websites Scanned: 5


On Premise

Websites Scanned: 6-10


On Premise

Websites Scanned: 11-20


On Premise

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visit


  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services
Return to navigation

Product Details

What is Acunetix by Invicti?

Acunetix is an automated web application security testing tool. The vendor says it is used by many Fortune 500 customers. Acunetix detects and reports on an array of web application vulnerabilities. The Acunetix crawler supports HTML5 and JavaScript and Single-page applications, allowing auditing of complex, authenticated applications. Acunetix can automatically detect out-of-band vulnerabilities and is available both as an online and on premise solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritise and control vulnerability threats – ordered by business criticality.

Acunetix by Invicti Features

  • Supported: Discovers and scans all web applications
  • Supported: Identifies web vulnerabilities including SQLi and XSS
  • Supported: Delievers compliance reports

Acunetix by Invicti Screenshots

Screenshot of DashboardScreenshot of FilteringScreenshot of scan results

Acunetix by Invicti Video

Acunetix by Invicti Downloadables

Acunetix by Invicti Integrations

Acunetix by Invicti Competitors

Acunetix by Invicti Technical Details

Deployment TypesOn-premise
Operating SystemsWindows, Linux
Mobile ApplicationNo
Supported CountriesAll
Supported LanguagesEnglish
Return to navigation


View all alternatives
Return to navigation

Reviews and Ratings



(1-2 of 2)
Companies can't remove reviews or game the system. Here's why
Score 9 out of 10
Vetted Review
Verified User
We are not a big web development shop but we occasionally do have new code that we need to test against OWASP type web application vulnerabilities. There are many tools that can do this. But most of them have a fairly decent rate of false positives. Also, they don't really help address the issues that they find. Acunetix has had a low false-positive rate for us. The developer reports provide a lot of contexts to help the people who need to fix the issues know what to fix.
  • Low rate of false positives
  • Good reporting options
  • Authenticated scans
  • User management
Acunetix scales well from a small web development presence like ours to a full-scale enterprise focused on that. The various tools and sensors that provide assurance of the results and can give feedback down to the lines of code in the source are proof of this. Various integrations exist as well. The main thing for us is that it simplifies confirming and remediating potential issues in our code or proving that products we use have issues that we can then take to the vendor for correction.
Aaron Bryson | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Acunetix is used to support our customer's vulnerability management and application security programs.
  • Fast.
  • Easy-to-use.
  • Great customer support.
  • Reporting features.
  • Supports importing state files from other popular application testing tools.
  • Has other features built-in beyond just scanning for vulnerabilities.
  • Does not support multiple endpoints well (e.g. apps and services that do not reside at the same URL).
  • Has authentication problems with modern enterprise apps which involve a lot of redirects to unrelated endpoints, federated IDs, SSO, etc. This is related to the first point.
  • The vulnerability detection capability is not as robust as Burp Suite Pro + extensions, Metasploit + auxiliary modules, Nmap + scripts, etc.
It is suited well for ad-hoc and scheduled application vulnerability scans. You must review the results to manually filter out false-positives. You must always keep in mind that this is only a vulnerability scan. It can only find a certain class of vulnerabilities, and it can only do that so well. You should definitely not rely on this tool alone for identifying problems. That being said, I have used it along with every other major commercial vulnerability scanner and find it to the best overall ROI compared to more expensive commercial scanners that don't necessarily give you a better user experience or better vulnerability results.
I rarely need support from the vendor, but when I do, they have been responsive and able to solve the issue quickly.
Return to navigation