Skip to main content
Acunetix by Invicti

Acunetix by Invicti


What is Acunetix by Invicti?

AcuSensor from Maltese company Acunetix is application security and testing software.

Read more
Recent Reviews
Read all reviews
Return to navigation


View all pricing

Websites Scanned: 5


On Premise

Websites Scanned: 6-10


On Premise

Websites Scanned: 11-20


On Premise

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visit


  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services
Return to navigation

Product Details

What is Acunetix by Invicti?

Acunetix is an automated web application security testing tool. The vendor says it is used by many Fortune 500 customers. Acunetix detects and reports on an array of web application vulnerabilities. The Acunetix crawler supports HTML5 and JavaScript and Single-page applications, allowing auditing of complex, authenticated applications. Acunetix can automatically detect out-of-band vulnerabilities and is available both as an online and on premise solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritise and control vulnerability threats – ordered by business criticality.

Acunetix by Invicti Features

  • Supported: Discovers and scans all web applications
  • Supported: Identifies web vulnerabilities including SQLi and XSS
  • Supported: Delievers compliance reports

Acunetix by Invicti Screenshots

Screenshot of DashboardScreenshot of FilteringScreenshot of scan results

Acunetix by Invicti Video

Acunetix by Invicti Integrations

Acunetix by Invicti Competitors

Acunetix by Invicti Technical Details

Deployment TypesOn-premise
Operating SystemsWindows, Linux
Mobile ApplicationNo
Supported CountriesAll
Supported LanguagesEnglish

Acunetix by Invicti Downloadables

Return to navigation


View all alternatives
Return to navigation

Reviews and Ratings



(1-3 of 3)
Companies can't remove reviews or game the system. Here's why
Rahul Deshmukh | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
I had use case from one of our customers to establish security testing automation in DevSecOps pipeline. I was looking for such a tool and after lot of evaluations found Acunetix perfectly suited to the requirements. After initial PoC of few days with little configuration support from Invicti we decided to go for it and establish a platform for our end customers
  • Integration of tool with different IDE is great
  • Easy to scan code and identify vulnerabilities
  • Dashboard is easy to customise
  • Configuration of DevSecOps can be improved for ease
  • Dashboard can have API integration
  • Broaden the scope of vulnerabilities
It is best suited for integrated security testing of applications which are hosted on web servers. The most important thing is the integration of DevSecOps which is crucial in today's fast paced environment of rapid development. The core of Acunetix is application scanning which is really great and I highly recommend this product to everyone
  • Vulnerabilities scanning
  • DevSecOps interested testing
  • Visibility and remedial action recommendation
  • It helped improve ROI by 30%
  • Helped reduced manpower by 15%
  • Improved churn out of applications by 50%
In my opinion Acunetix fares good in DevSecOps pipeline better than Appspider. In terms of vulnerabilities scanning of dynamic applications I liked Rapid7, however we have better ROI with Acunetix. During 6 months of usage I tried to look into cost benefit analysis and could easily pick Acunetix and in terms of dashboards also I am impressed
Checkmarx, Rapid7 AppSpider, Coverity Static Analysis (SAST)
Score 9 out of 10
Vetted Review
Verified User
We are not a big web development shop but we occasionally do have new code that we need to test against OWASP type web application vulnerabilities. There are many tools that can do this. But most of them have a fairly decent rate of false positives. Also, they don't really help address the issues that they find. Acunetix has had a low false-positive rate for us. The developer reports provide a lot of contexts to help the people who need to fix the issues know what to fix.
  • Low rate of false positives
  • Good reporting options
  • Authenticated scans
  • User management
Acunetix scales well from a small web development presence like ours to a full-scale enterprise focused on that. The various tools and sensors that provide assurance of the results and can give feedback down to the lines of code in the source are proof of this. Various integrations exist as well. The main thing for us is that it simplifies confirming and remediating potential issues in our code or proving that products we use have issues that we can then take to the vendor for correction.
  • Low rate of false positives
  • Detailed developer reports
  • Support for a sufficient number of assets
  • It has aided audit compliance
  • It has allowed for deployment of secure code
ZAP is a free tool, and adequate. But it is to that extent less friendly. I would not be as confident of the results and it definitely can't produce reports on par with Acunetix. There would be a lot of legwork on our end if we desired to switch to this tool.
Aaron Bryson | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Acunetix is used to support our customer's vulnerability management and application security programs.
  • Fast.
  • Easy-to-use.
  • Great customer support.
  • Reporting features.
  • Supports importing state files from other popular application testing tools.
  • Has other features built-in beyond just scanning for vulnerabilities.
  • Does not support multiple endpoints well (e.g. apps and services that do not reside at the same URL).
  • Has authentication problems with modern enterprise apps which involve a lot of redirects to unrelated endpoints, federated IDs, SSO, etc. This is related to the first point.
  • The vulnerability detection capability is not as robust as Burp Suite Pro + extensions, Metasploit + auxiliary modules, Nmap + scripts, etc.
It is suited well for ad-hoc and scheduled application vulnerability scans. You must review the results to manually filter out false-positives. You must always keep in mind that this is only a vulnerability scan. It can only find a certain class of vulnerabilities, and it can only do that so well. You should definitely not rely on this tool alone for identifying problems. That being said, I have used it along with every other major commercial vulnerability scanner and find it to the best overall ROI compared to more expensive commercial scanners that don't necessarily give you a better user experience or better vulnerability results.
I rarely need support from the vendor, but when I do, they have been responsive and able to solve the issue quickly.
  • Saved money compared to other commercial scanners, especially over the long run.
  • Scan speed seems to be pretty good compared to some of the bulkier commercial products out there. However, that largely has to do with proper configuration.
  • A downside is that is requires a bit of extra work just to get it set up to scan APIs, web services, etc.
Every year, we re-evaluate the tools we are using and licensing. We balance the ever-changing vendor licensing-models, costs, tool features/usability, etc. For the last few years, this has been the best overall commercial tool for our specific use case. However, this is only one of many tools that we use and need.
Return to navigation