One of the biggest advantages of Acunetix is the false-positive rate – less than other tools that we have analyzed.
Our customer, who has asked to remain anonymous due to security reasons, is a group of companies that has more than 80,000 staff worldwide in diverse organizational units. Their Information Systems Security Audit Team faces a very difficult task. These units manage websites and web applications independently of one another using different approaches and different tools. This team is tasked with continuously verifying the security of these diverse resources and reacting in case of emergencies.
The businesses that are part of the group often deal with matters of national security and highly sensitive data. Therefore, security is of top importance. To find the right tools, the internal audit team conducted a lot of research and selected a portfolio of solutions. This portfolio includes manual and automated tools, and Acunetix is the clear headliner.
There are several reasons why the IS Security Audit Team prefers to use Acunetix whenever possible. First of all, they found the number of false positives much lower than in the case of other products. Second of all, they feel that the reporting capabilities are excellent, both for executives and developers. Third of all, their experiences show that Acunetix can find more vulnerabilities than other software that they tried.
Acunetix is a very good tool that finds lots of vulnerabilities and is more accurate than all other solutions that we tested. The way that vulnerabilities are explained in the console is also good.
The reports are well-organized – both executive and developer reports. We can easily summarize vulnerabilities and present the information to the committee.
Acunetix is not only used for regular scanning when test environments are available but also in the case of security incidents. In such cases, the audit team uses Acunetix to help with forensics and remediation.
We use Acunetix in the case of an emergency, for example, a security incident. If we know that attackers entered via a website, we test it using Acunetix in a production environment.
The audit team also supports internal initiatives to use DAST tools alongside with SAST in SDLC pipelines. The team believes that DAST should be the starting point in such scenarios and Acunetix is the tool of choice as DAST in such cases.