Acunetix

Acunetix is a Dynamic Application Security Testing (DAST) scanner built around a proprietary C++ scanning engine paired with a DeepScan JavaScript rendering subsystem. Unlike legacy crawlers that fail on JavaScript-heavy applications, DeepScan launches a real browser context, intercepts all XHR and fetch calls, triggers DOM events, and maps the full attack surface of Single Page Applications built on frameworks like React, Angular, or Vue. The scanner checks more than 7,000 vulnerability signatures covering the OWASP Top 10, out-of-band vulnerabilities (SSRF, blind SQLi via DNS callback), REST, SOAP, and GraphQL API endpoints, and web server misconfigurations.

What distinguishes Acunetix from pure black-box scanners is its optional AcuSensor IAST agent. When deployed alongside a running application — supporting .NET, Java, PHP, and Node.js without source-code modification — AcuSensor instruments the runtime to observe actual code paths exercised during a DAST scan. This hybrid DAST+IAST mode enables the scanner to report the exact vulnerable file and line number, trace SQL queries to their origin, and flag vulnerability classes like code injection with high certainty. Proof-based scanning goes further by safely completing an exploit and attaching evidence to the finding, reducing false-positive rates and cutting triage time significantly.

Acunetix is available as a cloud SaaS product and as an on-premise installation for Windows, Linux, and macOS. Positioned by Invicti Security for SMBs and mid-market teams that want professional-grade DAST with minimal configuration overhead, it integrates into CI/CD pipelines via Jenkins, GitLab CI, and Azure DevOps plugins, and synchronises findings bidirectionally with Jira, GitHub Issues, and Azure DevOps Boards.