Acunetix by Invicti

I had use case from one of our customers to establish security testing automation in DevSecOps pipeline. I was looking for such a tool and after lot of evaluations found Acunetix perfectly suited to the requirements. After initial PoC of few days with little configuration support from Invicti we decided to go for it and establish a platform for our end customers

• Vulnerabilities scanning
• DevSecOps interested testing
• Visibility and remedial action recommendation

• It helped improve ROI by 30%
• Helped reduced manpower by 15%
• Improved churn out of applications by 50%

Rapid7 AppSpider

Checkmarx, Rapid7 AppSpider, Coverity Static Analysis (SAST)

We are not a big web development shop but we occasionally do have new code that we need to test against OWASP type web application vulnerabilities. There are many tools that can do this. But most of them have a fairly decent rate of false positives. Also, they don't really help address the issues that they find. Acunetix has had a low false-positive rate for us. The developer reports provide a lot of contexts to help the people who need to fix the issues know what to fix.

• Low rate of false positives
• Detailed developer reports
• Support for a sufficient number of assets

• It has aided audit compliance
• It has allowed for deployment of secure code

• Saved money compared to other commercial scanners, especially over the long run.
• Scan speed seems to be pretty good compared to some of the bulkier commercial products out there. However, that largely has to do with proper configuration.
• A downside is that is requires a bit of extra work just to get it set up to scan APIs, web services, etc.

Nessus