AcuSensor from Maltese company Acunetix is application security and testing software.
$4,500
GitLab
Score 8.7 out of 10
N/A
GitLab DevSecOps platform enables software innovation by aiming to empower development, security, and operations teams to build better software, faster. With GitLab, teams can create, deliver, and manage code quickly and continuously instead of managing disparate tools and scripts. GitLab helps teams across the complete DevSecOps lifecycle, from developing, securing, and deploying software. Differentiators, as described by Gitlab:
Simplicity: With GitLab, DevSecOps can…
Acunetix scales well from a small web development presence like ours to a full-scale enterprise focused on that. The various tools and sensors that provide assurance of the results and can give feedback down to the lines of code in the source are proof of this. Various integrations exist as well. The main thing for us is that it simplifies confirming and remediating potential issues in our code or proving that products we use have issues that we can then take to the vendor for correction.
It is well-suited for any project that needs VCS. It's an excellent choice for teams that might be remote or have to collaborate across teams. Plenty of features allow for async working. With its dashboards and reporting features, it is also suitable for nontechnical PMs or stakeholders. It allows for very bespoke customization and can most often do much more than you need it to.
Does not support multiple endpoints well (e.g. apps and services that do not reside at the same URL).
Has authentication problems with modern enterprise apps which involve a lot of redirects to unrelated endpoints, federated IDs, SSO, etc. This is related to the first point.
The vulnerability detection capability is not as robust as Burp Suite Pro + extensions, Metasploit + auxiliary modules, Nmap + scripts, etc.
I really feel the platform has matured quite faster than others, and it is always at the top of its game compared to the different vendors like GitHub, Azure pipelines, CircleCI, Travis, Jenkins. Since it provides, agents, CI/CD, repository hosting, Secrets management, user management, and Single Sign on; among other features
I find it easy to use, I haven't had to do the integration work, so that's why it is a 9/10, cause I can't speak to how easy that part was or the initial set up, but day to day use is great!
I've never had experienced outages from GItlab itself, but regarding the code I have deployed to Gitlab, the history helps a lot to trace the cause of the issue or performing a rollback to go back to a working version
GItlab reponsiveness is amazing, has never left me IDLE. I've never had issues even with complex projects. I have not experienced any issues when integrating it with agents for example or SSO
At this point, I do not have much experience with Gitlab support as I have never had to engage them. They have documentation that is helpful, not quite as extensive as other documentation, but helpful nonetheless. They also seem to be relatively responsive on social media platforms (twitter) and really thrived when GitHub was acquired by Microsoft
In my opinion Acunetix fares good in DevSecOps pipeline better than Appspider. In terms of vulnerabilities scanning of dynamic applications I liked Rapid7, however we have better ROI with Acunetix. During 6 months of usage I tried to look into cost benefit analysis and could easily pick Acunetix and in terms of dashboards also I am impressed
GitHub is an inferior product from most points of view. We had to use it and the teams finds no positives about it. Everything is a downgrade from our previous GitLab solution. GitLab CI\CD is vastly superior to workflows, for example doing a manual node is just "when : manual" in GitLab while you have to do clickops in GitHub to achieve the same. No overview of code in branches is a minus when we tried to figure out what our colleagues are trying to merge as it looked off.
Saved money compared to other commercial scanners, especially over the long run.
Scan speed seems to be pretty good compared to some of the bulkier commercial products out there. However, that largely has to do with proper configuration.
A downside is that is requires a bit of extra work just to get it set up to scan APIs, web services, etc.