AcuSensor from Maltese company Acunetix is application security and testing software.
$4,500
Black Duck Software Composition Analysis (SCA)
Score 10.0 out of 10
N/A
Black Duck is a software composition analysis tool acquired and now supported by Synopsys since 2017.
N/A
Pricing
Acunetix by Invicti
Black Duck Software Composition Analysis (SCA)
Editions & Modules
Websites Scanned: 5
4,500
Websites Scanned: 6-10
7,200
Websites Scanned: 11-20
10,800
Websites Scanned: 21-35
22,540
Websites Scanned: 36-50
26,600
Websites Scanned: Over 50
Contact for quote
No answers on this topic
Offerings
Pricing Offerings
Acunetix by Invicti
Black Duck Software Composition Analysis (SCA)
Free Trial
Yes
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
Optional
Additional Details
—
Contact the Synopsys Software Integrity Group (SIG) Sales team at https://www.synopsys.com/software-integrity/contact-sales.html for more detailed pricing information.
Acunetix scales well from a small web development presence like ours to a full-scale enterprise focused on that. The various tools and sensors that provide assurance of the results and can give feedback down to the lines of code in the source are proof of this. Various integrations exist as well. The main thing for us is that it simplifies confirming and remediating potential issues in our code or proving that products we use have issues that we can then take to the vendor for correction.
Does not support multiple endpoints well (e.g. apps and services that do not reside at the same URL).
Has authentication problems with modern enterprise apps which involve a lot of redirects to unrelated endpoints, federated IDs, SSO, etc. This is related to the first point.
The vulnerability detection capability is not as robust as Burp Suite Pro + extensions, Metasploit + auxiliary modules, Nmap + scripts, etc.
I have a very strong reason for the very best rating. Usually, Black Duck support is quick enough and they continuously keep me updated about the status if some issue is taking time for them to resolve. Overall, I am happy with the response I get from t customer care. I was planning an upgrade and I ran into an issue as the migrated Postgres database does not get identified by the new version of the hub. And all the projects, scans and the huge amount of work we put in comments under version are all lost. I immediately opened a case in the Black Duck customer portal. And in no time, I get a message back from the support for a quick WebEx session. And support was able to help me and my weekend was saved. Thank you for the quick support Black Duck. Appreciate it. I also have some questions on using Black Duck in an optimal way. I get helpful replies quick enough.
In my opinion Acunetix fares good in DevSecOps pipeline better than Appspider. In terms of vulnerabilities scanning of dynamic applications I liked Rapid7, however we have better ROI with Acunetix. During 6 months of usage I tried to look into cost benefit analysis and could easily pick Acunetix and in terms of dashboards also I am impressed
Black Duck is an obvious choice, with its versatility, integration, best enterprise support and on top of the list the knowledge base Black Duck has. Vega or Grabber also scans the application and tells about vulnerabilities. But it can never be compared with the feature set of Black Duck. Black Duck can also generate reports.
Saved money compared to other commercial scanners, especially over the long run.
Scan speed seems to be pretty good compared to some of the bulkier commercial products out there. However, that largely has to do with proper configuration.
A downside is that is requires a bit of extra work just to get it set up to scan APIs, web services, etc.