AcuSensor from Maltese company Acunetix is application security and testing software.
$4,500
Armor
Score 6.0 out of 10
N/A
Armor is a cloud and mobile security solution. The vendor’s value proposition is that this solution was purpose-built to deliver the highest level of defense and control for an organization’s critical data, no matter where it’s hosted.
The vendor says they are so confident in the ability of their solution to protect an organization’s data that they back it with their Cyber Warranty Guarantee.
Acunetix scales well from a small web development presence like ours to a full-scale enterprise focused on that. The various tools and sensors that provide assurance of the results and can give feedback down to the lines of code in the source are proof of this. Various integrations exist as well. The main thing for us is that it simplifies confirming and remediating potential issues in our code or proving that products we use have issues that we can then take to the vendor for correction.
Armor gives you what you need to be successful regardless of technical ability. If you can maintain the systems yourself, you are definitely ahead of the game with their service. If you're not prepared to configure and maintain the systems, they do a pretty good job of getting it set up during the onboarding process so that you don't need to dig into the technical guts too much. If you find yourself in over your head, their support staff can handle it for you in most cases.
Does not support multiple endpoints well (e.g. apps and services that do not reside at the same URL).
Has authentication problems with modern enterprise apps which involve a lot of redirects to unrelated endpoints, federated IDs, SSO, etc. This is related to the first point.
The vulnerability detection capability is not as robust as Burp Suite Pro + extensions, Metasploit + auxiliary modules, Nmap + scripts, etc.
Authentication and access against the secure messaging portal is overkill when the response I'm logging in to see merely says, "yes, we have your message. An agent will respond shortly". There should be an option to receive updates like this through email.
The online portal that allows us to clone servers is very slow to respond. More than once I've spun up an additional server due to the lack of visual feedback on the initial request.
The web application firewall does not seem to be sophisticated enough to differentiate between logged in administrators and end users. We use a CMS system which allows admins to create scripts. These often get barred by the WAF even though they are not malicious.
Approximately 50% of all messages we receive are automated. Either that an agent will be assigned, has been assigned, or a ticket is closed. I'd like to see more 'real' interaction, and less box ticking, though I appreciate process has to be followed. That's the one point off. Everything else is very good.
In my opinion Acunetix fares good in DevSecOps pipeline better than Appspider. In terms of vulnerabilities scanning of dynamic applications I liked Rapid7, however we have better ROI with Acunetix. During 6 months of usage I tried to look into cost benefit analysis and could easily pick Acunetix and in terms of dashboards also I am impressed
Saved money compared to other commercial scanners, especially over the long run.
Scan speed seems to be pretty good compared to some of the bulkier commercial products out there. However, that largely has to do with proper configuration.
A downside is that is requires a bit of extra work just to get it set up to scan APIs, web services, etc.