Acunetix

The unique thing about the program which makes it distinguish among the many other programs of this type is the security system. Overtime you add a document to your profile the program analyzes the risks of the document to be stolen and creates a kind of the special defense for this particular document.
This way, the program not only provides the user with the incredibly convenient service and saves his or her time, but also prevents from losing money and getting stressed. It is hard to imagine a scanner to be that universal. The Acunetix can easily cope with documents of any format and keeps everything you are working with really secure so that the really important documents or the catching fire ideas are totally under your control, there is no need to worry.

The only inconvenient thing about the Acunetix is something the people call «Overprotection». Once you are signed in the security system is on and covers not only the documents dowloaded to the program, but it also washes every activity you might possibly do in the Internet and regularly sends you the warning alerts about the unsecured websites.

* The number of checks that take place.

* The quality of the issues found.

* After years it is finally possible to pause a scan, hallelujah.

* As a pentester I absolutely miss a more flexible way to configure settings like it was possible in v10. The interface is built as "point a shoot", idiot proof. Currently, If I want to configure things I need to change xml config files on the server and reload acunetix...

* After the release of v12 we were called by a sales agent as we suddently couldn't add targets anymore. The license model suddenly changed completely. The entire business model is now based on scanning an applications continuously over the year. However, as a pentesting business for we mostly scan apps just 1 time for our security assessments. It absolutely makes no sense to apply the same costs! Just like Netsparker, acunetix should have plans for pentesters and consultants.

* Scanning an app that spans multiple domains always results in problems. Currently you have the "Allowed hosts" settings which is crappy in setting up. I need to set all (sub) domains to a different target. And ofcourse with the current business model you are charged per target, lol.

Ease of use, good customer support, very insightful reports (especially Developer raport), good vulnerability management. Also continous scanning option is an interesting thing for having continous security awareness of Your vulnerability level. Also login sequence recorder is an awesome tool.

Not a lot of scan options to configure - especially in comparison to Nessus - every check is done in default, You can't choose specifically which test is done in selected scan, only the type of scan (full, high-risk vulnerabilities, xss, sqli, weak passwords, crawl only ) or technology in which the scanned web app is written.