Acunetix

Facilidade de configuração das targets, execução dos scans e análise dos dados gerados pelas vulnerabilidades, que mostram o retorno do código de erro, como ajustar ou referências de como solucionar as vulnerabilidades, além de dividi-las em informativas, baixa, média e alta.Os relatórios disponibilizados são muito bons: técnicos e gerenciais.

O custo é alto, mas é uma ferramenta muito respeitada no mercado e muito confiável.O suporte é bom, mas já aconteceu de existir vulnerabilidade que ora ocorre, ora não e o suporte demora a concluir a investigação. Mas é algo que pode acontecer em outros softwares ou ser um falso positivo.

Ease of use, good customer support, very insightful reports (especially Developer raport), good vulnerability management. Also continous scanning option is an interesting thing for having continous security awareness of Your vulnerability level. Also login sequence recorder is an awesome tool.

Not a lot of scan options to configure - especially in comparison to Nessus - every check is done in default, You can't choose specifically which test is done in selected scan, only the type of scan (full, high-risk vulnerabilities, xss, sqli, weak passwords, crawl only ) or technology in which the scanned web app is written.

* The number of checks that take place.

* The quality of the issues found.

* After years it is finally possible to pause a scan, hallelujah.

* As a pentester I absolutely miss a more flexible way to configure settings like it was possible in v10. The interface is built as "point a shoot", idiot proof. Currently, If I want to configure things I need to change xml config files on the server and reload acunetix...

* After the release of v12 we were called by a sales agent as we suddently couldn't add targets anymore. The license model suddenly changed completely. The entire business model is now based on scanning an applications continuously over the year. However, as a pentesting business for we mostly scan apps just 1 time for our security assessments. It absolutely makes no sense to apply the same costs! Just like Netsparker, acunetix should have plans for pentesters and consultants.

* Scanning an app that spans multiple domains always results in problems. Currently you have the "Allowed hosts" settings which is crappy in setting up. I need to set all (sub) domains to a different target. And ofcourse with the current business model you are charged per target, lol.

Very easy to setup initially, running scans quite fast, good crawler, very nice and understandable results.

The license model changed somehow in the middle of the three years, so it became impossible to continue to use it as planned without paying much more. Tools were removed.