Acunetix by Invicti vs. AppTrana DDoS Protection

Acunetix scales well from a small web development presence like ours to a full-scale enterprise focused on that. The various tools and sensors that provide assurance of the results and can give feedback down to the lines of code in the source are proof of this. Various integrations exist as well. The main thing for us is that it simplifies confirming and remediating potential issues in our code or proving that products we use have issues that we can then take to the vendor for correction.

Incentivized

• Integration of tool with different IDE is great
• Easy to scan code and identify vulnerabilities
• Dashboard is easy to customise

Incentivized

• Does not support multiple endpoints well (e.g. apps and services that do not reside at the same URL).
• Has authentication problems with modern enterprise apps which involve a lot of redirects to unrelated endpoints, federated IDs, SSO, etc. This is related to the first point.
• The vulnerability detection capability is not as robust as Burp Suite Pro + extensions, Metasploit + auxiliary modules, Nmap + scripts, etc.

Incentivized

In my opinion Acunetix fares good in DevSecOps pipeline better than Appspider. In terms of vulnerabilities scanning of dynamic applications I liked Rapid7, however we have better ROI with Acunetix. During 6 months of usage I tried to look into cost benefit analysis and could easily pick Acunetix and in terms of dashboards also I am impressed

Incentivized

• Saved money compared to other commercial scanners, especially over the long run.
• Scan speed seems to be pretty good compared to some of the bulkier commercial products out there. However, that largely has to do with proper configuration.
• A downside is that is requires a bit of extra work just to get it set up to scan APIs, web services, etc.

Incentivized