Friday, September 30, 2022

Acunetix: Web Application Security Review

To launch a modern website requires a maze of proprietary programming, open-source libraries, and legacy features. Inspecting each component for vulnerabilities takes enormous time and labor resources unless the development or application security team can use automated tools.

Acunetix, an Invicti brand, delivers an easy-to-use web application security scanner with robust capabilities and high accuracy. For more about this product, see the following sections:

Acunetix and the Web Application Security Market

The web application security market is estimated to be over $6 billion dollars globally with a CAGR of more than 16%. As a division of a private company, Acunetix does not publicize full financials and external estimates vary wildly from $0.5 million to $10 million per year.

The hotly contested web application security market does not have any dominant products or solutions and is led by large competitors such as IBM Corporation, Oracle Corporation, Qualys Inc., Synopsis Inc., and Veracode.

Acunetix Features

Acunetix helps web application security teams to accelerate their hunt for vulnerabilities through the key features of their solution:

  • Automatically scan all websites, applications, and APIs for over 7,000 vulnerabilities
  • Schedule automatic scans to keep up to date 
  • In-depth scanning for a wide variety of web application components
    • Password-protected areas (using macros)
    • Multi-level forms
    • HTML5 & Javascript code
    • Single-page applications (SPA)
    • Blended dynamic (DAST) and interactive application security testing (IAST) scanning
  • Fast, accurate, and useful reports
    • Scan multiple environments simultaneously
    • Fast scans supply reports as soon as vulnerabilities are located
    • Vulnerability ratings and proof of exploit information help developers address issues quickly
  • Integrates with other tools
    • Web application firewalls (WAFs) to temporarily secure known vulnerabilities
    • Web application development workflow apps

Acunetix Benefits

Using any web application security tool should locate web code vulnerabilities and help teams eliminate them. Some of the specific benefits of using Acunetix include:

Asset Visibility

Acunetix automatically crawls the web URL and scans for potential web app components to test for vulnerabilities. The tool will scan multi-level forms, HTML5, JavaScript, password protected areas, and SPAs.

Developer Efficiency

Web security scanning tools accelerate development time by reducing the time needed to hunt for bugs and other vulnerabilities. Acunetix automatically detects and identifies a wide range of vulnerabilities which will be ranked by severity and then sent to developers. This process helps developer teams to spend more time on fixing issues instead of finding them.

Security Confidence

Using a web security scanner provides a record that can be used for internal and external reporting. Acunetix’s tool scans for a large number of vulnerabilities and can be set up for periodic automatic scans. These scans allow an application security team to continuously monitor for vulnerabilities and report on web application security status at any time.

Acunetix Use Cases

CaterTrax (Hospitality)

CaterTrax’s team of 100 employees provides catering management software solutions for managing orders, inventory, and web commerce for 2,500 clients. With credit card and financial transactions flowing through their applications, CaterTrax needs to show compliance with PCI DSS regulations and keep client data secure.

In selecting Acunetix, CaterTrax can produce PCI compliance reports and maintain regular scanning for vulnerabilities without going over their budget. Benjamin De Point, VP of software development & hosting for CaterTrax admits that “Acunetix has helped make our application stronger and given our clients the assurance that their data is safe.”

Miles Technologies (Consulting)

Miles Technologies provides IT, software, marketing, and technology consulting services and needs to maintain a high reputation for security. Their web security team used to use several different security tools for vulnerability scanning and reporting, which regularly took more than a week to complete.

“Acunetix is our vulnerability scanning tool of choice for situations where information security is a real concern and confidence in safety is key,” said JP Lessard, president of software services at Miles Technologies. “Setup is quick, and the different types of reports save time when it comes to delivering security assessments to different executive and non-executive roles.”

United States Air Force (Government)

As a component of the U.S. armed forces and a government agency, the U.S. Air Force (USAF) faces constant attacks and a limited budget. Their web security team needed to develop their own security checks and policies, scanning capabilities against a large range of technologies and vulnerabilities with accuracy. The solution also needed to be simple enough to be used by USAF trainees.

After testing against multiple competitors, Acutenix was selected because it met all of these requirements and also performed at a higher speed.

“Acunetix has played a very important role in the identification and mitigation of web application vulnerabilities. Acunetix has proven itself and is worth the cost,” said M. Rodgers of the USAF IT security team.

Acunetix Differentiators

Invicti purchased both Netsparker, now branded as Invicti, and Acunetix. While both products remain separate, the best features of each were added to the other which makes these solutions more difficult to differentiate from each other. However, there remain important distinctions for any web application security team’s evaluation of web app security tools.

Accuracy

Both Invicti and Acunetix share many of the same vulnerability detection tools and false positive evaluators that led Invicti to score highly in independent third-party testing. Both tools stand apart from their competition in ability to identify vulnerabilities without the false positives that waste developer time.

Automated Detection & Scanning

Acunetix automatically detects websites, applications, and APIs for a web domain with each scan to ensure no vulnerabilities may be overlooked. Acunetix can also be set up to automatically perform periodic vulnerability scans, so the web application continues to be tested against updated vulnerability lists.

Entry-Level Solution

Acunetix shares the advanced testing features of Invicti without the complexity. Designed for use by smaller businesses or enterprises new to web application security testing, Acunetix delivers simplicity.

Acunetix narrows the scope for integration options and the user interface, so teams can install the tool faster and get up to speed quickly—as little as five minutes. Should a team decide they need to graduate to the more sophisticated Invicti solution, migration between products is very easy.

Acunetix Ratings

Review site Rating
Gartner 4.5 out of 5
TrustRadius 7.0 out of 10
G2 4.2 out of 5
Capterra 4.5 out of 5
PeerSpot 3.6 out of 5

Acunetix Pricing

Acunetix provides quotes for pricing, but does not display prices on its websites. Free trials are available, and outside sources estimate the starting price to be $4,495 per year.

Conclusions

Acunetix delivers a robust web application security tool with powerful features, high accuracy, and quick speed for setup and scanning. Its simple integrations and user interfaces will be a blessing for smaller or less experienced teams looking to get started fast and deliver strong results.

Similar articles

Latest Articles